Examples with RoleModel org.keycloak.models.RoleModel used on opensource projects

Example 61 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleResource method deleteComposites.

protected void deleteComposites(AdminEventBuilder adminEvent, UriInfo uriInfo, List<RoleRepresentation> roles, RoleModel role) {
    for (RoleRepresentation rep : roles) {
        RoleModel composite = realm.getRoleById(rep.getId());
        if (composite == null) {
            throw new NotFoundException("Could not find composite role");
        }
        role.removeCompositeRole(composite);
    }
    if (role.isClientRole()) {
        adminEvent.resource(ResourceType.CLIENT_ROLE);
    } else {
        adminEvent.resource(ResourceType.REALM_ROLE);
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
}

Example 62 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientRoleMappingsResource method addClientRoleMapping.

/**
 * Add client-level roles to the user role mapping
 *
 * @param roles
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addClientRoleMapping(List<RoleRepresentation> roles) {
    managePermission.require();
    try {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = client.getRole(role.getName());
            if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                throw new NotFoundException("Role not found");
            }
            auth.roles().requireMapRole(roleModel);
            user.grantRole(roleModel);
        }
    } catch (ModelException | ReadOnlyException me) {
        logger.warn(me.getMessage(), me);
        throw new ErrorResponseException("invalid_request", "Could not add user role mappings!", Response.Status.BAD_REQUEST);
    }
    adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
}

Example 63 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientRoleMappingsResource method deleteClientRoleMapping.

/**
 * Delete client-level roles from user role mapping
 *
 * @param roles
 */
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteClientRoleMapping(List<RoleRepresentation> roles) {
    managePermission.require();
    if (roles == null) {
        roles = user.getClientRoleMappingsStream(client).peek(roleModel -> {
            auth.roles().requireMapRole(roleModel);
            user.deleteRoleMapping(roleModel);
        }).map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
    } else {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = client.getRole(role.getName());
            if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                throw new NotFoundException("Role not found");
            }
            auth.roles().requireMapRole(roleModel);
            try {
                user.deleteRoleMapping(roleModel);
            } catch (ModelException | ReadOnlyException me) {
                logger.warn(me.getMessage(), me);
                throw new ErrorResponseException("invalid_request", "Could not remove user role mappings!", Response.Status.BAD_REQUEST);
            }
        }
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
}

Example 64 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleContainerResource method getManagementPermissions.

/**
 * Return object stating whether role Authorization permissions have been initialized or not and a reference
 *
 * @param roleName
 * @return
 */
@Path("{role-name}/management/permissions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference getManagementPermissions(@PathParam("role-name") final String roleName) {
    auth.roles().requireView(roleContainer);
    RoleModel role = roleContainer.getRole(roleName);
    if (role == null) {
        throw new NotFoundException("Could not find role");
    }
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    if (!permissions.roles().isPermissionsEnabled(role)) {
        return new ManagementPermissionReference();
    }
    return RoleByIdResource.toMgmtRef(role, permissions);
}

Example 65 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleContainerResource method updateRole.

/**
 * Update a role by name
 *
 * @param roleName role's name (not id!)
 * @param rep
 * @return
 */
@Path("{role-name}")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public Response updateRole(@PathParam("role-name") final String roleName, final RoleRepresentation rep) {
    auth.roles().requireManage(roleContainer);
    RoleModel role = roleContainer.getRole(roleName);
    if (role == null) {
        throw new NotFoundException("Could not find role");
    }
    try {
        updateRole(rep, role);
        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }
        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
        return Response.noContent().build();
    } catch (ModelDuplicateException e) {
        return ErrorResponse.exists("Role with name " + rep.getName() + " already exists");
    }
}