diff mod_http_oauth2/mod_http_oauth2.lua @ 5428:07e166b34c4c

mod_http_oauth2: Simplify code with the power of first class functions Selected / primary role is the first assumable role
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 20:24:18 +0200
parents d69c10327d6d
children 0bbeee8ba8b5
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sun May 07 19:11:20 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sun May 07 20:24:18 2023 +0200
@@ -126,33 +126,13 @@
 	return array.filter(requested_roles, role_assumable_by(username));
 end
 
-local function select_role(username, requested_roles)
-	if requested_roles then
-		for _, requested_role in ipairs(requested_roles) do
-			if can_assume_role(username, requested_role) then
-				return requested_role;
-			end
-		end
-	end
-	-- otherwise no role
-end
-
 local function filter_scopes(username, requested_scope_string)
-	local granted_scopes, requested_roles;
+	local requested_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string or ""));
 
-	if requested_scope_string then -- Specific role(s) requested
-		granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string));
-	else
-		granted_scopes = array();
-	end
+	local granted_roles = user_assumable_roles(username, requested_roles);
+	local granted_scopes = requested_scopes + granted_roles;
 
-	if requested_roles then
-		granted_scopes:append(array.filter(requested_roles, function(role)
-			return can_assume_role(username, role)
-		end));
-	end
-
-	local selected_role = select_role(username, requested_roles);
+	local selected_role = granted_roles[1];
 
 	return granted_scopes:concat(" "), selected_role;
 end