From fc81d9664f87865e4d7c898ec9d65e05f92d7180 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Fri, 31 Jan 2025 10:49:16 +0000
Subject: [PATCH] Test if user is sudoer

* This will enable us to gracefully exit when self-service admin is unavailable for users
---
 lib/bash-functions/is_sudoer.sh | 36 +++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 lib/bash-functions/is_sudoer.sh

diff --git a/lib/bash-functions/is_sudoer.sh b/lib/bash-functions/is_sudoer.sh
new file mode 100644
index 0000000..59c8510
--- /dev/null
+++ b/lib/bash-functions/is_sudoer.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+set -e
+set -o pipefail
+
+# Check to see if the currently logged in user is a sudoer
+function is_sudoer {
+  # Check admin group membership (fastest, but not definitive)
+  if groups "$USER" | grep -q "admin";
+  then
+    GROUP_CHECK_RESULT=$?
+  else
+    GROUP_CHECK_RESULT=1
+  fi
+
+  # Check sudo privileges using sudo -l (requires sudo, but avoids direct /etc/sudoers access)
+  if sudo -l 2>/dev/null | grep -q "ALL";
+  then
+    SUDO_CHECK_RESULT=0
+  else
+    SUDO_CHECK_RESULT=1
+  fi
+
+  # Return 0 only if BOTH group check (if applicable) AND sudo check pass
+  if [[ $GROUP_CHECK_RESULT -eq 0 && $SUDO_CHECK_RESULT -eq 0 ]];
+  then
+    echo "[i] $USER is a sudoer"
+    return 0
+  elif [[ $GROUP_CHECK_RESULT -eq 1 && $SUDO_CHECK_RESULT -eq 0 ]];
+  then
+    echo "[i] $USER is a sudoer, but is not in 'admin' group"
+    return 0
+  else
+    echo "[!] $USER is not a sudoer" >&2
+    return 1
+  fi
+}