Search in sources :

Example 16 with AdminPermissionManagement

use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.

the class RoleContainerResource method getManagementPermissions.

/**
 * Return object stating whether role Authorization permissions have been initialized or not and a reference
 *
 * @param roleName
 * @return
 */
@Path("{role-name}/management/permissions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference getManagementPermissions(@PathParam("role-name") final String roleName) {
    auth.roles().requireView(roleContainer);
    RoleModel role = roleContainer.getRole(roleName);
    if (role == null) {
        throw new NotFoundException("Could not find role");
    }
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    if (!permissions.roles().isPermissionsEnabled(role)) {
        return new ManagementPermissionReference();
    }
    return RoleByIdResource.toMgmtRef(role, permissions);
}
Also used : NotFoundException(javax.ws.rs.NotFoundException) ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference) RoleModel(org.keycloak.models.RoleModel) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 17 with AdminPermissionManagement

use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.

the class RoleByIdResource method setManagementPermissionsEnabled.

/**
 * Return object stating whether role Authoirzation permissions have been initialized or not and a reference
 *
 * @param id
 * @return initialized manage permissions reference
 */
@Path("{role-id}/management/permissions")
@PUT
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference setManagementPermissionsEnabled(@PathParam("role-id") final String id, ManagementPermissionReference ref) {
    RoleModel role = getRoleModel(id);
    auth.roles().requireManage(role);
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    permissions.roles().setPermissionsEnabled(role, ref.isEnabled());
    if (ref.isEnabled()) {
        return toMgmtRef(role, permissions);
    } else {
        return new ManagementPermissionReference();
    }
}
Also used : ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference) RoleModel(org.keycloak.models.RoleModel) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) Consumes(javax.ws.rs.Consumes) NoCache(org.jboss.resteasy.annotations.cache.NoCache) PUT(javax.ws.rs.PUT)

Example 18 with AdminPermissionManagement

use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.

the class IdentityProviderResource method getManagementPermissions.

/**
 * Return object stating whether client Authorization permissions have been initialized or not and a reference
 *
 * @return
 */
@Path("management/permissions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference getManagementPermissions() {
    this.auth.realm().requireViewIdentityProviders();
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    if (!permissions.idps().isPermissionsEnabled(identityProviderModel)) {
        return new ManagementPermissionReference();
    }
    return toMgmtRef(identityProviderModel, permissions);
}
Also used : ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 19 with AdminPermissionManagement

use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.

the class RealmAdminResource method setUsersManagementPermissionsEnabled.

@PUT
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
@Path("users-management-permissions")
public ManagementPermissionReference setUsersManagementPermissionsEnabled(ManagementPermissionReference ref) {
    auth.realm().requireManageRealm();
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    permissions.users().setPermissionsEnabled(ref.isEnabled());
    if (ref.isEnabled()) {
        return toUsersMgmtRef(permissions);
    } else {
        return new ManagementPermissionReference();
    }
}
Also used : ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) Consumes(javax.ws.rs.Consumes) NoCache(org.jboss.resteasy.annotations.cache.NoCache) PUT(javax.ws.rs.PUT)

Example 20 with AdminPermissionManagement

use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.

the class ClientResource method setManagementPermissionsEnabled.

/**
 * Return object stating whether client Authorization permissions have been initialized or not and a reference
 *
 * @return initialized manage permissions reference
 */
@Path("management/permissions")
@PUT
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference setManagementPermissionsEnabled(ManagementPermissionReference ref) {
    auth.clients().requireManage(client);
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    permissions.clients().setPermissionsEnabled(client, ref.isEnabled());
    if (ref.isEnabled()) {
        return toMgmtRef(client, permissions);
    } else {
        return new ManagementPermissionReference();
    }
}
Also used : ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) Consumes(javax.ws.rs.Consumes) NoCache(org.jboss.resteasy.annotations.cache.NoCache) PUT(javax.ws.rs.PUT)

Aggregations

AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)26 ClientModel (org.keycloak.models.ClientModel)14 RealmModel (org.keycloak.models.RealmModel)14 Path (javax.ws.rs.Path)12 Produces (javax.ws.rs.Produces)12 NoCache (org.jboss.resteasy.annotations.cache.NoCache)12 Policy (org.keycloak.authorization.model.Policy)12 RoleModel (org.keycloak.models.RoleModel)12 ManagementPermissionReference (org.keycloak.representations.idm.ManagementPermissionReference)12 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 UserModel (org.keycloak.models.UserModel)8 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)7 Consumes (javax.ws.rs.Consumes)6 GET (javax.ws.rs.GET)6 PUT (javax.ws.rs.PUT)6 GroupModel (org.keycloak.models.GroupModel)5 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4 Test (org.junit.Test)3 Keycloak (org.keycloak.admin.client.Keycloak)3 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)3