username => { type => 'string' },
ticket => { type => 'string', optional => 1},
CSRFPreventionToken => { type => 'string', optional => 1 },
+ role => { type => 'string', optional => 1},
}
},
code => sub {
my $res;
eval {
- PMG::AccessControl::check_user_enabled($username);
+ my $role = PMG::AccessControl::check_user_enabled($username);
$res = &$create_ticket($rpcenv, $username, $param->{password}, $param->{otp});
+ $res->{role} = $role;
};
if (my $err = $@) {
my $clientip = $rpcenv->get_client_ip() || '';
}
# test if user exists and is enabled
+# returns: role
sub check_user_enabled {
my ($username, $noerr) = @_;
if ($realm && $ruid) {
if ($realm eq 'pam') {
- return 1 if $ruid eq 'root';
+ return 'root' if $ruid eq 'root';
} elsif ($realm eq 'pmg') {
my $usercfg = PMG::UserConfig->new();
my $data = $usercfg->lookup_user_data($username, $noerr);
- return 1 if $data && $data->{enable};
+ return $data->{role} if $data && $data->{enable};
}
}