Re: [MarkLogic Dev General] Simple way to decide if a user has a role

Tue, 06 Sep 2011 13:59:10 -0700 

Dear Geert,

Thanks for your tip. It works! My function now looks like this:

declare function s:user-has-role(
  $role as xs:string
) as xs:boolean {
  xdmp:role($role) = xdmp:get-current-roles()
};

This works with the lowly "nobody" user when testing for the "app-user"
role.

Best,

Tim Finney


On Tue, 2011-09-06 at 22:41 +0200, Geert Josten wrote:
> Hi Tim,
> 
> I think the basic idea of your function is alright. But since you are only 
> interested in the current-user's roles, you might want to use 
> xdmp:get-current-roles in your comparison instead. I haven't checked, but I 
> would expect this function not to depend on privileges..
> 
> Kind regards,
> Geert
> 
> -----Oorspronkelijk bericht-----
> Van: [email protected] 
> [mailto:[email protected]] Namens Tim Finney
> Verzonden: dinsdag 6 september 2011 22:19
> Aan: [email protected]
> Onderwerp: [MarkLogic Dev General] Simple way to decide if a user has a role
> 
> Hi Everyone,
> 
> Is there a simple way to determine whether a user has a particular role
> name? I would like to have a function that I give a role name and which
> returns true if the current user has the role and false otherwise. I
> want this function so that I can make a user interface change available
> options depending on the current user's roles.
> 
> I would like the function to work even if the current user doesn't have
> the xdmp-user-roles privilege. I would prefer not to have to create an
> amped function to do this.
> 
> My current hack looks like this:
> 
> declare function s:user-has-role(
>   $role as xs:string
> ) as xs:boolean {
>   try {
>     xdmp:role($role) = xdmp:user-roles(xdmp:get-current-user())
>   }
>   catch ($e) {
>     fn:false()
>   }
> };
> 
> This works fine if the current user has the xdmp-user-roles privilege.
> However, if the user doesn't have this privilege then the function
> always returns false regardless of whether the user has the specified
> role name.
> 
> Best,
> 
> Tim Finney
> 
> 
> 
> _______________________________________________
> General mailing list
> [email protected]
> http://developer.marklogic.com/mailman/listinfo/general
> _______________________________________________
> General mailing list
> [email protected]
> http://developer.marklogic.com/mailman/listinfo/general


_______________________________________________
General mailing list
[email protected]
http://developer.marklogic.com/mailman/listinfo/general

Reply via email to