# HG changeset patch
# User bsw
# Date 1611679356 -3600
# Node ID b4a377306a34af08549cb3c21f0dc59622b52e8e
# Parent  2373160319dce8a3244a2f84b0c0a50c122cf76a
Allow fetching roles during token exchange

diff -r 2373160319dc -r b4a377306a34 app/main/oauth2/token.lua
--- a/app/main/oauth2/token.lua	Tue Jan 26 14:45:20 2021 +0100
+++ b/app/main/oauth2/token.lua	Tue Jan 26 17:42:36 2021 +0100
@@ -254,8 +254,8 @@
   r.real_member_id = token.real_member_id  
 end
 
-if param.get("include_member", atom.boolean) then
-  if allowed_scopes.identification or allowed_scopes.authentication then
+if allowed_scopes.identification or allowed_scopes.authentication then
+  if param.get("include_member", atom.boolean) then
     local member = token.member
     r.member = json.object{
       id = member.id,
@@ -273,6 +273,14 @@
         r.real_member.identification = token.session.real_member.identification
       end
     end
+    if unit.attr.role and param.get("include_roles") then
+      r.roles = json.object()
+      if not unit.attr.only_visible_for_role 
+        or member:has_role(unit.attr.only_visible_for_role)
+      then
+        r.roles[unit.attr.role] = true
+      end
+    end
   end
 end