diff --git a/ghost/core/core/server/api/endpoints/identities.js b/ghost/core/core/server/api/endpoints/identities.js index ad0c3a15ca..165674f491 100644 --- a/ghost/core/core/server/api/endpoints/identities.js +++ b/ghost/core/core/server/api/endpoints/identities.js @@ -1,3 +1,4 @@ +const logging = require('@tryghost/logging'); const settings = require('../../../shared/settings-cache'); const urlUtils = require('../../../shared/url-utils'); const jwt = require('jsonwebtoken'); @@ -13,7 +14,7 @@ const getKeyID = async () => { return key.kid; }; -const sign = async (claims, options) => { +const sign = async (claims, options = {}) => { const kid = await getKeyID(); return jwt.sign(claims, dangerousPrivateKey, Object.assign({ issuer, @@ -32,7 +33,20 @@ const controller = { }, permissions: true, async query(frame) { - const token = await sign({sub: frame.user.get('email')}); + let role = null; + try { + await frame.user.load(['roles']); + role = frame.user.relations.roles.toJSON()[0].name; + } catch (err) { + logging.warn('Could not load role for identity'); + } + const claims = { + sub: frame.user.get('email') + }; + if (typeof role === 'string') { + claims.role = role; + } + const token = await sign(claims); return {token}; } } diff --git a/ghost/core/test/regression/api/admin/identities.test.js b/ghost/core/test/regression/api/admin/identities.test.js index c338fb1ea6..6fc5429203 100644 --- a/ghost/core/test/regression/api/admin/identities.test.js +++ b/ghost/core/test/regression/api/admin/identities.test.js @@ -60,6 +60,7 @@ describe('Identities API', function () { }) .then((decoded) => { decoded.sub.should.equal('jbloggs@example.com'); + decoded.role.should.equal('Owner'); }); }); });