resources.rb in conjur-cli-2.6.0

- old
+ new

@@ -68,21 +68,33 @@
       privilege = require_arg(args, "privilege")
       api.resource([ conjur_account, kind, id ].join(':')).deny privilege, role
       puts "Permission revoked"
     end
   end
-  
-  desc "Check whether a role has a privilege on a resource"
-  arg_name "kind resource-id role privilege"
+
+  desc "Check for a privilege on a resource"
+  long_desc """
+  By default, the privilege is checked for the logged-in user.
+  Permission checks may be performed for other roles using the optional role argument.
+  When the role argument is used, either the logged-in user must either own the specified
+  resource or be an admin of the specified role (i.e. be granted the specified role with grant option).
+  """
+  arg_name "kind resource-id privilege"
   command :check do |c|
+    c.desc "Role to check. By default, the current logged-in role is used"
+    c.flag [:r,:role]
+
     c.action do |global_options,options,args|
       kind = args.shift or raise "Missing parameter: resource-kind"
       resource_id = args.shift or raise "Missing parameter: resource-id"
-      role = args.shift or raise "Missing parameter: role"
       privilege = args.shift or raise "Missing parameter: privilege"
-      role = api.role(role)
-      puts role.permitted? kind, resource_id, privilege
+      if role = options[:role]
+        role = api.role(role)
+        puts role.permitted? kind, resource_id, privilege
+      else
+        puts api.resource([ conjur_account, kind, resource_id ].join(':')).permitted? privilege
+      end
     end
   end
 
   desc "Grant ownership on a resource to a new owner"
   arg_name "kind resource-id owner"
@@ -90,14 +102,14 @@
     c.action do |global_options,options,args|
       kind = require_arg(args, "kind")
       id = require_arg(args, "resource-id")
       owner = require_arg(args, "owner")
       api.resource([ conjur_account, kind, id ].join(':')).give_to owner
-      puts "Role granted"
+      puts "Ownership granted"
     end
   end
 
-  desc "List roles with a specified permission on the resource"
+  desc "List roles with a specified permission on a resource"
   arg_name "kind resource-id permission"
   command :permitted_roles do |c|
     c.action do |global_options,options,args|
       kind = require_arg(args, "kind")
       id = require_arg(args, "resource-id")