# HG changeset patch
# User bsw
# Date 1611683548 -3600
# Node ID 2874a199c72749337deb4b7b07b2ddb6c5c86227
# Parent  202876945a6c25842d553aa37538d3874f938031
Removed include_role from token endpoint and added it to validate endpoint

diff -r 202876945a6c -r 2874a199c727 app/main/oauth2/token.lua
--- a/app/main/oauth2/token.lua	Tue Jan 26 18:19:13 2021 +0100
+++ b/app/main/oauth2/token.lua	Tue Jan 26 18:52:28 2021 +0100
@@ -273,14 +273,6 @@
         r.real_member.identification = token.session.real_member.identification
       end
     end
-    if unit.attr.role and param.get("include_roles") then
-      r.roles = json.object()
-      if not unit.attr.only_visible_for_role 
-        or member:has_role(unit.attr.only_visible_for_role)
-      then
-        r.roles[unit.attr.role] = true
-      end
-    end
   end
 end
 
diff -r 202876945a6c -r 2874a199c727 app/main/oauth2/validate.lua
--- a/app/main/oauth2/validate.lua	Tue Jan 26 18:19:13 2021 +0100
+++ b/app/main/oauth2/validate.lua	Tue Jan 26 18:52:28 2021 +0100
@@ -57,8 +57,8 @@
   r.real_member_id = token.session.real_member_id
 end
 
-if param.get("include_member", atom.boolean) then
-  if scopes.identification or scopes.authentication then
+if scopes.identification or scopes.authentication then
+  if param.get("include_member", atom.boolean) then
     local member = token.member
     r.member = json.object{
       id = member.id,
@@ -79,6 +79,18 @@
     if param.get("include_member_notify_email", atom.boolean) then
       r.member.notify_email = member.notify_email
     end
+    if param.get("include_roles") then
+      for i, unit in ipairs(member.units) do
+        if unit.attr.role then
+          r.roles = json.object()
+          if not unit.attr.only_visible_for_role 
+            or member:has_role(unit.attr.only_visible_for_role)
+          then
+            r.roles[unit.attr.role] = true
+          end
+        end
+      end
+    end
   end
 end