--- a/plugins/mod_authz_internal.lua	Wed Aug 17 16:38:53 2022 +0100
+++ b/plugins/mod_authz_internal.lua	Thu Aug 18 10:37:59 2022 +0100
@@ -181,6 +181,18 @@
 	return stored_roles;
 end
 
+function user_can_assume_role(user, role_name)
+	local primary_role = get_user_role(user);
+	if primary_role and primary_role.role_name == role_name then
+		return true;
+	end
+	local secondary_roles = get_user_secondary_roles(user);
+	if secondary_roles and secondary_roles[role_name] then
+		return true;
+	end
+	return false;
+end
+
 -- This function is *expensive*
 function get_users_with_role(role_name)
 	local function role_filter(username, default_role) --luacheck: ignore 212/username
changeset 12667	cf88f6b03942
parent 12666	07424992d7fc
child 12734	427dd01f0864