ether · d-led · Dec 15, 2023 · Jan 25, 2024 · Jan 25, 2024 · Jan 25, 2024
diff --git a/README.md b/README.md
@@ -183,13 +183,16 @@ provides suitable claims:
   "ep_openid_connect": {
     "scope": ["openid", "etherpad"],
     "user_properties": {
-      "is_admin": {"claim": "etherpad_is_admin"},
+      "is_admin": {"role": "etherpad_is_admin"},
       "readOnly": {"claim": "etherpad_readOnly"},
       "canCreate": {"claim": "etherpad_canCreate"}
     }
   },
 ```
 
+The `role` config sets the property to `true` if the role is found in the `roles`
+claim array.
+
 To avoid breaking assumptions made by Etherpad, the `username` property cannot
 be altered via the `user_properties` setting.
 

diff --git a/index.js b/index.js
@@ -30,6 +30,7 @@ const validSettings = new Ajv().compile({
     user_properties: {values: {
       optionalProperties: {
         claim: {type: 'string'},
+        role: {type: 'string'},
         default: {type: 'string'},
       },
       nullable: true,
@@ -215,6 +216,8 @@ exports.authenticate = (hookName, {req, res, users}) => {
       delete req.session.user[propName];
     } else if (descriptor.claim != null && descriptor.claim in userinfo) {
       req.session.user[propName] = userinfo[descriptor.claim];
+    } else if (descriptor.role != null && userinfo.roles.indexOf(descriptor.role) !== -1) {
+      req.session.user[propName] = 'true';
     } else if ('default' in descriptor && !(propName in req.session.user)) {
       req.session.user[propName] = descriptor.default;
     }