Examples with Resource org.keycloak.authorization.model.Resource used on opensource projects

Example 1 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class UMAPolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    ResourcePermission permission = evaluation.getPermission();
    Resource resource = permission.getResource();
    if (resource != null) {
        Identity identity = evaluation.getContext().getIdentity();
        // no need to evaluate UMA permissions to resource owner resources
        if (resource.getOwner().equals(identity.getId())) {
            evaluation.grant();
            return;
        }
    }
    super.evaluate(evaluation);
}

Example 2 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class GroupPermissions method hasPermission.

private boolean hasPermission(GroupModel group, EvaluationContext context, String... scopes) {
    ResourceServer server = root.realmResourceServer();
    if (server == null) {
        return false;
    }
    Resource resource = resourceStore.findByName(getGroupResourceName(group), server.getId());
    if (resource == null) {
        return false;
    }
    return hasPermission(resource, context, scopes);
}

Example 3 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class UserPermissions method initialize.

private void initialize() {
    root.initializeRealmResourceServer();
    root.initializeRealmDefaultScopes();
    ResourceServer server = root.realmResourceServer();
    Scope manageScope = root.realmManageScope();
    Scope viewScope = root.realmViewScope();
    Scope mapRolesScope = root.initializeRealmScope(MAP_ROLES_SCOPE);
    Scope impersonateScope = root.initializeRealmScope(IMPERSONATE_SCOPE);
    Scope userImpersonatedScope = root.initializeRealmScope(USER_IMPERSONATED_SCOPE);
    Scope manageGroupMembershipScope = root.initializeRealmScope(MANAGE_GROUP_MEMBERSHIP_SCOPE);
    Resource usersResource = resourceStore.findByName(USERS_RESOURCE, server.getId());
    if (usersResource == null) {
        usersResource = resourceStore.create(USERS_RESOURCE, server, server.getId());
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(manageScope);
        scopeset.add(viewScope);
        scopeset.add(mapRolesScope);
        scopeset.add(impersonateScope);
        scopeset.add(manageGroupMembershipScope);
        scopeset.add(userImpersonatedScope);
        usersResource.updateScopes(scopeset);
    }
    Policy managePermission = policyStore.findByName(MANAGE_PERMISSION_USERS, server.getId());
    if (managePermission == null) {
        Helper.addEmptyScopePermission(authz, server, MANAGE_PERMISSION_USERS, usersResource, manageScope);
    }
    Policy viewPermission = policyStore.findByName(VIEW_PERMISSION_USERS, server.getId());
    if (viewPermission == null) {
        Helper.addEmptyScopePermission(authz, server, VIEW_PERMISSION_USERS, usersResource, viewScope);
    }
    Policy mapRolesPermission = policyStore.findByName(MAP_ROLES_PERMISSION_USERS, server.getId());
    if (mapRolesPermission == null) {
        Helper.addEmptyScopePermission(authz, server, MAP_ROLES_PERMISSION_USERS, usersResource, mapRolesScope);
    }
    Policy membershipPermission = policyStore.findByName(MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS, server.getId());
    if (membershipPermission == null) {
        Helper.addEmptyScopePermission(authz, server, MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS, usersResource, manageGroupMembershipScope);
    }
    Policy impersonatePermission = policyStore.findByName(ADMIN_IMPERSONATING_PERMISSION, server.getId());
    if (impersonatePermission == null) {
        Helper.addEmptyScopePermission(authz, server, ADMIN_IMPERSONATING_PERMISSION, usersResource, impersonateScope);
    }
    impersonatePermission = policyStore.findByName(USER_IMPERSONATED_PERMISSION, server.getId());
    if (impersonatePermission == null) {
        Helper.addEmptyScopePermission(authz, server, USER_IMPERSONATED_PERMISSION, usersResource, userImpersonatedScope);
    }
}

Example 4 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class UserPermissions method isPermissionsEnabled.

@Override
public boolean isPermissionsEnabled() {
    ResourceServer server = root.realmResourceServer();
    if (server == null)
        return false;
    Resource resource = resourceStore.findByName(USERS_RESOURCE, server.getId());
    if (resource == null)
        return false;
    Policy policy = managePermission();
    return policy != null;
}

Example 5 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class UserPermissions method hasPermission.

private boolean hasPermission(EvaluationContext context, String... scopes) {
    ResourceServer server = root.realmResourceServer();
    if (server == null) {
        return false;
    }
    Resource resource = resourceStore.findByName(USERS_RESOURCE, server.getId());
    List<String> expectedScopes = Arrays.asList(scopes);
    if (resource == null) {
        return grantIfNoPermission && expectedScopes.contains(MgmtPermissions.MANAGE_SCOPE) && expectedScopes.contains(MgmtPermissions.VIEW_SCOPE);
    }
    Collection<Permission> permissions;
    if (context == null) {
        permissions = root.evaluatePermission(new ResourcePermission(resource, resource.getScopes(), server), server);
    } else {
        permissions = root.evaluatePermission(new ResourcePermission(resource, resource.getScopes(), server), server, context);
    }
    for (Permission permission : permissions) {
        for (String scope : permission.getScopes()) {
            if (expectedScopes.contains(scope)) {
                return true;
            }
        }
    }
    return false;
}