Search in sources :

Example 61 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleResource method deleteComposites.

protected void deleteComposites(AdminEventBuilder adminEvent, UriInfo uriInfo, List<RoleRepresentation> roles, RoleModel role) {
    for (RoleRepresentation rep : roles) {
        RoleModel composite = realm.getRoleById(rep.getId());
        if (composite == null) {
            throw new NotFoundException("Could not find composite role");
        }
        role.removeCompositeRole(composite);
    }
    if (role.isClientRole()) {
        adminEvent.resource(ResourceType.CLIENT_ROLE);
    } else {
        adminEvent.resource(ResourceType.REALM_ROLE);
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel)

Example 62 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientRoleMappingsResource method addClientRoleMapping.

/**
 * Add client-level roles to the user role mapping
 *
 * @param roles
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addClientRoleMapping(List<RoleRepresentation> roles) {
    managePermission.require();
    try {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = client.getRole(role.getName());
            if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                throw new NotFoundException("Role not found");
            }
            auth.roles().requireMapRole(roleModel);
            user.grantRole(roleModel);
        }
    } catch (ModelException | ReadOnlyException me) {
        logger.warn(me.getMessage(), me);
        throw new ErrorResponseException("invalid_request", "Could not add user role mappings!", Response.Status.BAD_REQUEST);
    }
    adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ModelException(org.keycloak.models.ModelException) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) ErrorResponseException(org.keycloak.services.ErrorResponseException) ReadOnlyException(org.keycloak.storage.ReadOnlyException) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 63 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientRoleMappingsResource method deleteClientRoleMapping.

/**
 * Delete client-level roles from user role mapping
 *
 * @param roles
 */
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteClientRoleMapping(List<RoleRepresentation> roles) {
    managePermission.require();
    if (roles == null) {
        roles = user.getClientRoleMappingsStream(client).peek(roleModel -> {
            auth.roles().requireMapRole(roleModel);
            user.deleteRoleMapping(roleModel);
        }).map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
    } else {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = client.getRole(role.getName());
            if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                throw new NotFoundException("Role not found");
            }
            auth.roles().requireMapRole(roleModel);
            try {
                user.deleteRoleMapping(roleModel);
            } catch (ModelException | ReadOnlyException me) {
                logger.warn(me.getMessage(), me);
                throw new ErrorResponseException("invalid_request", "Could not remove user role mappings!", Response.Status.BAD_REQUEST);
            }
        }
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
}
Also used : ClientModel(org.keycloak.models.ClientModel) OperationType(org.keycloak.events.admin.OperationType) ResourceType(org.keycloak.events.admin.ResourceType) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) Logger(org.jboss.logging.Logger) Path(javax.ws.rs.Path) Function(java.util.function.Function) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) ReadOnlyException(org.keycloak.storage.ReadOnlyException) ErrorResponseException(org.keycloak.services.ErrorResponseException) DefaultValue(javax.ws.rs.DefaultValue) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) DELETE(javax.ws.rs.DELETE) RealmModel(org.keycloak.models.RealmModel) POST(javax.ws.rs.POST) Predicate(java.util.function.Predicate) AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator) KeycloakSession(org.keycloak.models.KeycloakSession) RoleModel(org.keycloak.models.RoleModel) Collectors(java.util.stream.Collectors) NotFoundException(javax.ws.rs.NotFoundException) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) List(java.util.List) Stream(java.util.stream.Stream) NoCache(org.jboss.resteasy.annotations.cache.NoCache) Response(javax.ws.rs.core.Response) ModelException(org.keycloak.models.ModelException) RoleMapperModel(org.keycloak.models.RoleMapperModel) UriInfo(javax.ws.rs.core.UriInfo) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ModelException(org.keycloak.models.ModelException) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) ErrorResponseException(org.keycloak.services.ErrorResponseException) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) ReadOnlyException(org.keycloak.storage.ReadOnlyException) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes)

Example 64 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleContainerResource method getManagementPermissions.

/**
 * Return object stating whether role Authorization permissions have been initialized or not and a reference
 *
 * @param roleName
 * @return
 */
@Path("{role-name}/management/permissions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference getManagementPermissions(@PathParam("role-name") final String roleName) {
    auth.roles().requireView(roleContainer);
    RoleModel role = roleContainer.getRole(roleName);
    if (role == null) {
        throw new NotFoundException("Could not find role");
    }
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    if (!permissions.roles().isPermissionsEnabled(role)) {
        return new ManagementPermissionReference();
    }
    return RoleByIdResource.toMgmtRef(role, permissions);
}
Also used : NotFoundException(javax.ws.rs.NotFoundException) ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference) RoleModel(org.keycloak.models.RoleModel) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 65 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleContainerResource method updateRole.

/**
 * Update a role by name
 *
 * @param roleName role's name (not id!)
 * @param rep
 * @return
 */
@Path("{role-name}")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public Response updateRole(@PathParam("role-name") final String roleName, final RoleRepresentation rep) {
    auth.roles().requireManage(roleContainer);
    RoleModel role = roleContainer.getRole(roleName);
    if (role == null) {
        throw new NotFoundException("Could not find role");
    }
    try {
        updateRole(rep, role);
        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }
        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
        return Response.noContent().build();
    } catch (ModelDuplicateException e) {
        return ErrorResponse.exists("Role with name " + rep.getName() + " already exists");
    }
}
Also used : ModelDuplicateException(org.keycloak.models.ModelDuplicateException) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Aggregations

RoleModel (org.keycloak.models.RoleModel)153 ClientModel (org.keycloak.models.ClientModel)73 RealmModel (org.keycloak.models.RealmModel)69 UserModel (org.keycloak.models.UserModel)36 Path (javax.ws.rs.Path)29 Test (org.junit.Test)29 NotFoundException (javax.ws.rs.NotFoundException)25 NoCache (org.jboss.resteasy.annotations.cache.NoCache)20 KeycloakSession (org.keycloak.models.KeycloakSession)19 Consumes (javax.ws.rs.Consumes)17 List (java.util.List)16 GET (javax.ws.rs.GET)16 Produces (javax.ws.rs.Produces)16 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15 LinkedList (java.util.LinkedList)14 HashMap (java.util.HashMap)13 ArrayList (java.util.ArrayList)12 GroupModel (org.keycloak.models.GroupModel)12 RoleContainerModel (org.keycloak.models.RoleContainerModel)12 Policy (org.keycloak.authorization.model.Policy)11