Example 96 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleByIdResource method setManagementPermissionsEnabled.
/**
* Return object stating whether role Authoirzation permissions have been initialized or not and a reference
*
* @param id
* @return initialized manage permissions reference
*/
@Path("{role-id}/management/permissions")
@PUT
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference setManagementPermissionsEnabled(@PathParam("role-id") final String id, ManagementPermissionReference ref) {
RoleModel role = getRoleModel(id);
auth.roles().requireManage(role);
AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
permissions.roles().setPermissionsEnabled(role, ref.isEnabled());
if (ref.isEnabled()) {
return toMgmtRef(role, permissions);
} else {
return new ManagementPermissionReference();
}
}
Also used :
ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference)
RoleModel(org.keycloak.models.RoleModel)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
PUT(javax.ws.rs.PUT)
Example 97 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleContainerResource method getClientRoleComposites.
/**
* Get client-level roles for the client that are in the role's composite
*
* @param roleName role's name (not id!)
* @param clientUuid
* @return
*/
@Path("{role-name}/composites/clients/{clientUuid}")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Stream<RoleRepresentation> getClientRoleComposites(@PathParam("role-name") final String roleName, @PathParam("clientUuid") final String clientUuid) {
auth.roles().requireView(roleContainer);
RoleModel role = roleContainer.getRole(roleName);
if (role == null) {
throw new NotFoundException("Could not find role");
}
ClientModel clientModel = realm.getClientById(clientUuid);
if (clientModel == null) {
throw new NotFoundException("Could not find client");
}
return getClientRoleComposites(clientModel, role);
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
NotFoundException(javax.ws.rs.NotFoundException)
RoleModel(org.keycloak.models.RoleModel)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
Example 98 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleContainerResource method getRole.
/**
* Get a role by name
*
* @param roleName role's name (not id!)
* @return
*/
@Path("{role-name}")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public RoleRepresentation getRole(@PathParam("role-name") final String roleName) {
auth.roles().requireView(roleContainer);
RoleModel roleModel = roleContainer.getRole(roleName);
if (roleModel == null) {
throw new NotFoundException("Could not find role");
}
return getRole(roleModel);
}Example 99 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleContainerResource method createRole.
/**
* Create a new role for the realm or client
*
* @param rep
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createRole(final RoleRepresentation rep) {
auth.roles().requireManage(roleContainer);
if (rep.getName() == null) {
throw new BadRequestException();
}
try {
RoleModel role = roleContainer.addRole(rep.getName());
role.setDescription(rep.getDescription());
Map<String, List<String>> attributes = rep.getAttributes();
if (attributes != null) {
for (Map.Entry<String, List<String>> attr : attributes.entrySet()) {
role.setAttribute(attr.getKey(), attr.getValue());
}
}
rep.setId(role.getId());
if (role.isClientRole()) {
adminEvent.resource(ResourceType.CLIENT_ROLE);
} else {
adminEvent.resource(ResourceType.REALM_ROLE);
}
// Handling of nested composite roles for KEYCLOAK-12754
if (rep.isComposite() && rep.getComposites() != null) {
RoleRepresentation.Composites composites = rep.getComposites();
Set<String> compositeRealmRoles = composites.getRealm();
if (compositeRealmRoles != null && !compositeRealmRoles.isEmpty()) {
Set<RoleModel> realmRoles = new LinkedHashSet<>();
for (String roleName : compositeRealmRoles) {
RoleModel realmRole = realm.getRole(roleName);
if (realmRole == null) {
return ErrorResponse.error("Realm Role with name " + roleName + " does not exist", Response.Status.NOT_FOUND);
}
realmRoles.add(realmRole);
}
RoleUtils.expandCompositeRoles(realmRoles).forEach(role::addCompositeRole);
}
Map<String, List<String>> compositeClientRoles = composites.getClient();
if (compositeClientRoles != null && !compositeClientRoles.isEmpty()) {
Set<Map.Entry<String, List<String>>> entries = compositeClientRoles.entrySet();
for (Map.Entry<String, List<String>> clientIdWithClientRoleNames : entries) {
String clientId = clientIdWithClientRoleNames.getKey();
List<String> clientRoleNames = clientIdWithClientRoleNames.getValue();
ClientModel client = realm.getClientByClientId(clientId);
if (client == null) {
continue;
}
Set<RoleModel> clientRoles = new LinkedHashSet<>();
for (String roleName : clientRoleNames) {
RoleModel clientRole = client.getRole(roleName);
if (clientRole == null) {
return ErrorResponse.error("Client Role with name " + roleName + " does not exist", Response.Status.NOT_FOUND);
}
clientRoles.add(clientRole);
}
RoleUtils.expandCompositeRoles(clientRoles).forEach(role::addCompositeRole);
}
}
}
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getName()).representation(rep).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Role with name " + rep.getName() + " already exists");
}
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
LinkedHashSet(java.util.LinkedHashSet)
RoleModel(org.keycloak.models.RoleModel)
ClientModel(org.keycloak.models.ClientModel)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
BadRequestException(javax.ws.rs.BadRequestException)
List(java.util.List)
Map(java.util.Map)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 100 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleContainerResource method deleteComposites.
/**
* Remove roles from the role's composite
*
* @param roleName role's name (not id!)
* @param roles roles to remove
*/
@Path("{role-name}/composites")
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteComposites(@PathParam("role-name") final String roleName, List<RoleRepresentation> roles) {
auth.roles().requireManage(roleContainer);
RoleModel role = roleContainer.getRole(roleName);
if (role == null) {
throw new NotFoundException("Could not find role");
}
deleteComposites(adminEvent, uriInfo, roles, role);
}
Also used :
NotFoundException(javax.ws.rs.NotFoundException)
RoleModel(org.keycloak.models.RoleModel)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Aggregations
RoleModel (org.keycloak.models.RoleModel)153
ClientModel (org.keycloak.models.ClientModel)73
RealmModel (org.keycloak.models.RealmModel)69
UserModel (org.keycloak.models.UserModel)36
Path (javax.ws.rs.Path)29
Test (org.junit.Test)29
NotFoundException (javax.ws.rs.NotFoundException)25
NoCache (org.jboss.resteasy.annotations.cache.NoCache)20
KeycloakSession (org.keycloak.models.KeycloakSession)19
Consumes (javax.ws.rs.Consumes)17
List (java.util.List)16
GET (javax.ws.rs.GET)16
Produces (javax.ws.rs.Produces)16
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15
LinkedList (java.util.LinkedList)14
HashMap (java.util.HashMap)13
ArrayList (java.util.ArrayList)12
GroupModel (org.keycloak.models.GroupModel)12
RoleContainerModel (org.keycloak.models.RoleContainerModel)12
Policy (org.keycloak.authorization.model.Policy)11
