comparison mod_http_oauth2/mod_http_oauth2.lua @ 5428:07e166b34c4c

mod_http_oauth2: Simplify code with the power of first class functions Selected / primary role is the first assumable role
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 20:24:18 +0200
parents d69c10327d6d
children 0bbeee8ba8b5
comparison
equal deleted inserted replaced
5427:d69c10327d6d 5428:07e166b34c4c
124 124
125 local function user_assumable_roles(username, requested_roles) 125 local function user_assumable_roles(username, requested_roles)
126 return array.filter(requested_roles, role_assumable_by(username)); 126 return array.filter(requested_roles, role_assumable_by(username));
127 end 127 end
128 128
129 local function select_role(username, requested_roles)
130 if requested_roles then
131 for _, requested_role in ipairs(requested_roles) do
132 if can_assume_role(username, requested_role) then
133 return requested_role;
134 end
135 end
136 end
137 -- otherwise no role
138 end
139
140 local function filter_scopes(username, requested_scope_string) 129 local function filter_scopes(username, requested_scope_string)
141 local granted_scopes, requested_roles; 130 local requested_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string or ""));
142 131
143 if requested_scope_string then -- Specific role(s) requested 132 local granted_roles = user_assumable_roles(username, requested_roles);
144 granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string)); 133 local granted_scopes = requested_scopes + granted_roles;
145 else 134
146 granted_scopes = array(); 135 local selected_role = granted_roles[1];
147 end
148
149 if requested_roles then
150 granted_scopes:append(array.filter(requested_roles, function(role)
151 return can_assume_role(username, role)
152 end));
153 end
154
155 local selected_role = select_role(username, requested_roles);
156 136
157 return granted_scopes:concat(" "), selected_role; 137 return granted_scopes:concat(" "), selected_role;
158 end 138 end
159 139
160 local function code_expires_in(code) --> number, seconds until code expires 140 local function code_expires_in(code) --> number, seconds until code expires