1.1 --- a/app/main/api/member.lua	Fri Jul 31 12:14:20 2020 +0200
     1.2 +++ b/app/main/api/member.lua	Fri Jul 31 12:26:37 2020 +0200
     1.3 @@ -12,6 +12,37 @@
     1.4    selector:add_where{ "id = ?", param.get("id") }
     1.5  end
     1.6  
     1.7 +local role = param.get("role")
     1.8 +if role then
     1.9 +  local units = Unit:new_selector()
    1.10 +    :add_where{ "attr->>'role' = ?", role }
    1.11 +    :exec()
    1.12 +  if #units ~= 1 then
    1.13 +    request.set_status("400 Bad Request")
    1.14 +    slot.put_into("data", json.export{ 
    1.15 +      error = "invalid_role",
    1.16 +      error_description = "role not available"
    1.17 +    })
    1.18 +    return
    1.19 +  end
    1.20 +  local unit = units[1]
    1.21 +  if unit.attr.only_visible_for_role 
    1.22 +    and (
    1.23 +      not app.access_token 
    1.24 +      or not app.access_token.member:has_role(unit.attr.only_visible_for_role)
    1.25 +    )
    1.26 +  then
    1.27 +    request.set_status("400 Bad Request")
    1.28 +    slot.put_into("data", json.export{ 
    1.29 +      error = "no_priv",
    1.30 +      error_description = "no privileges to access this role"
    1.31 +    })
    1.32 +    return
    1.33 +  end
    1.34 +  selector:join("privilege", nil, "privilege.member_id = member.id")
    1.35 +  selector:join("unit", nil, { "unit.id = privilege.unit_id AND unit.attr->>'role' = ?", role })
    1.36 +end
    1.37 +
    1.38  local members = selector:exec()
    1.39  local r = json.object()
    1.40  r.result = execute.chunk{ module = "api", chunk = "_member", params = {