use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class HardcodedRoleMapper method grantUserRole.
private void grantUserRole(RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel) {
String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE);
RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName);
if (role == null)
throw new IdentityBrokerException("Unable to find role: " + roleName);
user.grantRole(role);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class AbstractAttributeToRoleMapper method updateBrokeredUser.
@Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
RoleModel role = this.getRole(realm, mapperModel);
String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE);
// KEYCLOAK-8730 if a previous mapper has already granted the same role, skip the checks so we don't accidentally remove a valid role.
if (!context.hasMapperGrantedRole(roleName)) {
if (this.applies(mapperModel, context)) {
context.addMapperGrantedRole(roleName);
user.grantRole(role);
} else {
user.deleteRoleMapping(role);
}
}
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleContainerResource method addComposites.
/**
* Add a composite to the role
*
* @param roleName role's name (not id!)
* @param roles
*/
@Path("{role-name}/composites")
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addComposites(@PathParam("role-name") final String roleName, List<RoleRepresentation> roles) {
auth.roles().requireManage(roleContainer);
RoleModel role = roleContainer.getRole(roleName);
if (role == null) {
throw new NotFoundException("Could not find role");
}
addComposites(auth, adminEvent, uriInfo, roles, role);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleContainerResource method setManagementPermissionsEnabled.
/**
* Return object stating whether role Authorization permissions have been initialized or not and a reference
*
* @param roleName
* @return initialized manage permissions reference
*/
@Path("{role-name}/management/permissions")
@PUT
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference setManagementPermissionsEnabled(@PathParam("role-name") final String roleName, ManagementPermissionReference ref) {
auth.roles().requireManage(roleContainer);
RoleModel role = roleContainer.getRole(roleName);
if (role == null) {
throw new NotFoundException("Could not find role");
}
AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
permissions.roles().setPermissionsEnabled(role, ref.isEnabled());
if (ref.isEnabled()) {
return RoleByIdResource.toMgmtRef(role, permissions);
} else {
return new ManagementPermissionReference();
}
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleResource method addComposites.
protected void addComposites(AdminPermissionEvaluator auth, AdminEventBuilder adminEvent, UriInfo uriInfo, List<RoleRepresentation> roles, RoleModel role) {
for (RoleRepresentation rep : roles) {
if (rep.getId() == null)
throw new NotFoundException("Could not find composite role");
RoleModel composite = realm.getRoleById(rep.getId());
if (composite == null) {
throw new NotFoundException("Could not find composite role");
}
auth.roles().requireMapComposite(composite);
role.addCompositeRole(composite);
}
if (role.isClientRole()) {
adminEvent.resource(ResourceType.CLIENT_ROLE);
} else {
adminEvent.resource(ResourceType.REALM_ROLE);
}
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
}
Aggregations