use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class RolePermissions method canMapComposite.
@Override
public boolean canMapComposite(RoleModel role) {
if (canManageDefault(role))
return checkAdminRoles(role);
if (!root.isAdminSameRealm()) {
return false;
}
if (role.getContainer() instanceof ClientModel) {
if (root.clients().canMapCompositeRoles((ClientModel) role.getContainer()))
return true;
}
if (!isPermissionsEnabled(role)) {
return false;
}
ResourceServer resourceServer = resourceServer(role);
if (resourceServer == null)
return false;
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapCompositePermissionName(role), resourceServer.getId());
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
return false;
}
Resource roleResource = resource(role);
Scope scope = mapCompositeScope(resourceServer);
if (root.evaluatePermission(roleResource, resourceServer, scope)) {
return checkAdminRoles(role);
} else {
return false;
}
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class MgmtPermissions method initializeRealmScope.
public Scope initializeRealmScope(String name) {
ResourceServer server = initializeRealmResourceServer();
Scope scope = authz.getStoreFactory().getScopeStore().findByName(name, server.getId());
if (scope == null) {
scope = authz.getStoreFactory().getScopeStore().create(name, server);
}
return scope;
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class RepresentationToModel method updateScopes.
private static void updateScopes(Set<String> scopeIds, Policy policy, StoreFactory storeFactory) {
if (scopeIds != null) {
if (scopeIds.isEmpty()) {
for (Scope scope : new HashSet<Scope>(policy.getScopes())) {
policy.removeScope(scope);
}
return;
}
for (String scopeId : scopeIds) {
boolean hasScope = false;
for (Scope scopeModel : new HashSet<Scope>(policy.getScopes())) {
if (scopeModel.getId().equals(scopeId) || scopeModel.getName().equals(scopeId)) {
hasScope = true;
}
}
if (!hasScope) {
ResourceServer resourceServer = policy.getResourceServer();
Scope scope = storeFactory.getScopeStore().findById(scopeId, resourceServer.getId());
if (scope == null) {
scope = storeFactory.getScopeStore().findByName(scopeId, resourceServer.getId());
if (scope == null) {
throw new RuntimeException("Scope with id or name [" + scopeId + "] does not exist");
}
}
policy.addScope(scope);
}
}
for (Scope scopeModel : new HashSet<Scope>(policy.getScopes())) {
boolean hasScope = false;
for (String scopeId : scopeIds) {
if (scopeModel.getId().equals(scopeId) || scopeModel.getName().equals(scopeId)) {
hasScope = true;
}
}
if (!hasScope) {
policy.removeScope(scopeModel);
}
}
}
policy.removeConfig("scopes");
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class RepresentationToModel method toModel.
public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization, boolean updateIfExists) {
StoreFactory storeFactory = authorization.getStoreFactory();
ScopeStore scopeStore = storeFactory.getScopeStore();
Scope existing;
if (scope.getId() != null) {
existing = scopeStore.findById(scope.getId(), resourceServer.getId());
} else {
existing = scopeStore.findByName(scope.getName(), resourceServer.getId());
}
if (existing != null) {
if (updateIfExists) {
existing.setName(scope.getName());
existing.setDisplayName(scope.getDisplayName());
existing.setIconUri(scope.getIconUri());
}
return existing;
}
Scope model = scopeStore.create(scope.getId(), scope.getName(), resourceServer);
model.setDisplayName(scope.getDisplayName());
model.setIconUri(scope.getIconUri());
scope.setId(model.getId());
return model;
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class ModelToRepresentation method toRepresentation.
public static PermissionTicketRepresentation toRepresentation(PermissionTicket ticket, AuthorizationProvider authorization, boolean returnNames) {
PermissionTicketRepresentation representation = new PermissionTicketRepresentation();
representation.setId(ticket.getId());
representation.setGranted(ticket.isGranted());
representation.setOwner(ticket.getOwner());
representation.setRequester(ticket.getRequester());
Resource resource = ticket.getResource();
representation.setResource(resource.getId());
if (returnNames) {
representation.setResourceName(resource.getName());
KeycloakSession keycloakSession = authorization.getKeycloakSession();
RealmModel realm = authorization.getRealm();
UserModel userOwner = keycloakSession.users().getUserById(realm, ticket.getOwner());
UserModel requester = keycloakSession.users().getUserById(realm, ticket.getRequester());
representation.setRequesterName(requester.getUsername());
if (userOwner != null) {
representation.setOwnerName(userOwner.getUsername());
} else {
ClientModel clientOwner = realm.getClientById(ticket.getOwner());
representation.setOwnerName(clientOwner.getClientId());
}
}
Scope scope = ticket.getScope();
if (scope != null) {
representation.setScope(scope.getId());
if (returnNames) {
representation.setScopeName(scope.getName());
}
}
return representation;
}
Aggregations