Open ExchangeRecently I got into a situation where a user had some roles, which granted additional roles, and so on.
As I did not understand where a particular permission came from, I wrote this code which gets an initial set of roles and unwraps them recursively, accounting for any repeats.
/// Recursively unwraps roleset.
/// Accounts for circular dependencies and repeats.
Class Utils.Roles
{
/// roles: comma-separated string of roles
/// showResources: show resources in addition to roles.
/// do ##class(Utils.Roles).Display
ClassMethod Display(roles As %String, showResources As %Boolean = {$$$NO})
{
new $namespace
set $namespace = "%SYS"
set roles = $lfs(roles)
set i=0
while i<$ll(roles) {
do $i(i)
set role = $lg(roles, i)
continue:$d(processed(role))=1
write "Current role: ", role,!
write "Grants roles: "
set sc = ##class(Security.Roles).Get(role, .p)
for j=1:1:$l($g(p("GrantedRoles")),",") {
set grantedrole = $p(p("GrantedRoles"),",", j)
continue:grantedrole=""
continue:$lf(roles, grantedrole)
write grantedrole, ", "
set roles = roles _ $lb(grantedrole)
}
write:showResources !, "Grants resources: ", p("Resources")
write !
}
}
}
ObjectScriptObjectScript
Spoiler
Code.
Great story, @Eduard Lebedyuk ! Could you please release your app on OEX so that IPM users could benefit from this addon as well?
Done