Example 1 with UserModelIdentity
use of org.keycloak.authorization.common.UserModelIdentity in project keycloak by keycloak.
the class UserPermissions method isImpersonatable.
@Override
public boolean isImpersonatable(UserModel user) {
ResourceServer server = root.realmResourceServer();
if (server == null) {
return true;
}
Resource resource = resourceStore.findByName(USERS_RESOURCE, server.getId());
if (resource == null) {
return true;
}
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(USER_IMPERSONATED_PERMISSION, server.getId());
if (policy == null) {
return true;
}
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
// if no policies attached to permission then just do default behavior
if (associatedPolicies == null || associatedPolicies.isEmpty()) {
return true;
}
return hasPermission(new DefaultEvaluationContext(new UserModelIdentity(root.realm, user), session), USER_IMPERSONATED_SCOPE);
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
DefaultEvaluationContext(org.keycloak.authorization.common.DefaultEvaluationContext)
Resource(org.keycloak.authorization.model.Resource)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
UserModelIdentity(org.keycloak.authorization.common.UserModelIdentity)
Aggregations
DefaultEvaluationContext (org.keycloak.authorization.common.DefaultEvaluationContext)1
UserModelIdentity (org.keycloak.authorization.common.UserModelIdentity)1
Policy (org.keycloak.authorization.model.Policy)1
Resource (org.keycloak.authorization.model.Resource)1
ResourceServer (org.keycloak.authorization.model.ResourceServer)1
