libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

application role mappings

Browse source
This commit is contained in:
Bill Burke 2013-09-26 19:43:16 -04:00
parent c8be9e01f8
commit 40d9e7b6f7
5 changed files with 112 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
View file

@ -59,6 +59,9 @@ module.config([ '$routeProvider', function($routeProvider) {
user : function(UserLoader) { user : function(UserLoader) {
return UserLoader(); return UserLoader();
}, },
applications : function(ApplicationListLoader) {
return ApplicationListLoader();
},
roles : function(RoleListLoader) { roles : function(RoleListLoader) {
return RoleListLoader(); return RoleListLoader();
} }

65
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
View file

@ -198,13 +198,20 @@ Array.prototype.remove = function(from, to) {
return this.push.apply(this, rest); return this.push.apply(this, rest);
}; };
module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, roles, RealmRoleMapping) { module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, roles, applications, RealmRoleMapping, ApplicationRoleMapping, ApplicationRole) {
$scope.realm = realm; $scope.realm = realm;
$scope.user = user; $scope.user = user;
$scope.realmRoles = angular.copy(roles); $scope.realmRoles = angular.copy(roles);
$scope.selectedRealmRoles = []; $scope.selectedRealmRoles = [];
$scope.selectedRealmMappings = []; $scope.selectedRealmMappings = [];
$scope.realmMappings = []; $scope.realmMappings = [];
$scope.applications = applications;
$scope.applicationRoles = [];
$scope.selectedApplicationRoles = [];
$scope.selectedApplicationMappings = [];
$scope.applicationMappings = [];
$scope.realmMappings = RealmRoleMapping.query({realm : realm.id, userId : user.username}, function(){ $scope.realmMappings = RealmRoleMapping.query({realm : realm.id, userId : user.username}, function(){
for (var i = 0; i < $scope.realmMappings.length; i++) { for (var i = 0; i < $scope.realmMappings.length; i++) {
@ -238,7 +245,6 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, ro
}; };
$scope.deleteRealmRole = function() { $scope.deleteRealmRole = function() {
console.log('deleteRealmRole');
$http.delete('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/realm', $http.delete('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/realm',
{data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function() { {data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function() {
for (var i = 0; i < $scope.selectedRealmMappings.length; i++) { for (var i = 0; i < $scope.selectedRealmMappings.length; i++) {
@ -253,6 +259,59 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, ro
}); });
}; };
$scope.addApplicationRole = function() {
$http.post('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/applications/' + $scope.application.id,
$scope.selectedApplicationRoles).success(function() {
for (var i = 0; i < $scope.selectedApplicationRoles.length; i++) {
var role = $scope.selectedApplicationRoles[i];
var idx = $scope.applicationRoles.indexOf($scope.selectedApplicationRoles[i]);
if (idx != -1) {
$scope.applicationRoles.splice(idx, 1);
$scope.applicationMappings.push(role);
}
}
$scope.selectedApplicationRoles = [];
});
};
$scope.deleteApplicationRole = function() {
$http.delete('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/applications/' + $scope.application.id,
{data : $scope.selectedApplicationMappings, headers : {"content-type" : "application/json"}}).success(function() {
for (var i = 0; i < $scope.selectedApplicationMappings.length; i++) {
var role = $scope.selectedApplicationMappings[i];
var idx = $scope.applicationMappings.indexOf($scope.selectedApplicationMappings[i]);
if (idx != -1) {
$scope.applicationMappings.splice(idx, 1);
$scope.applicationRoles.push(role);
}
}
$scope.selectedApplicationMappings = [];
});
};
$scope.changeApplication = function() {
$scope.applicationRoles = ApplicationRole.query({realm : realm.id, userId : user.username, application : $scope.application.id}, function() {
$scope.applicationMappings = ApplicationRoleMapping.query({realm : realm.id, userId : user.username, application : $scope.application.id}, function(){
for (var i = 0; i < $scope.applicationMappings.length; i++) {
var role = $scope.applicationMappings[i];
for (var j = 0; j < $scope.applicationRoles.length; j++) {
var realmRole = $scope.applicationRoles[j];
if (realmRole.id == role.id) {
var idx = $scope.applicationRoles.indexOf(realmRole);
if (idx != -1) {
$scope.applicationRoles.splice(idx, 1);
break;
}
}
}
}
});
}
);
};
}); });
@ -372,7 +431,7 @@ module.controller('ApplicationRoleDetailCtrl', function($scope, realm, applicati
var l = headers().location; var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1); var id = l.substring(l.lastIndexOf("/") + 1);
$location.url("/realms/" + realm.id + "/roles/" + id); $location.url("/realms/" + realm.id + "/applications/" + application.id + "/roles/" + id);
Notifications.success("Created role"); Notifications.success("Created role");
}); });

10
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
View file

@ -111,6 +111,16 @@ module.factory('RealmRoleMapping', function($resource) {
}); });
}); });
module.factory('ApplicationRoleMapping', function($resource) {
return $resource('/auth-server/rest/saas/admin/realms/:realm/users/:userId/role-mappings/applications/:application', {
realm : '@realm',
userId : '@userId',
application : "@application"
});
});
module.factory('RealmRoles', function($resource) { module.factory('RealmRoles', function($resource) {
return $resource('/auth-server/rest/saas/admin/realms/:realm/roles', { return $resource('/auth-server/rest/saas/admin/realms/:realm/roles', {
realm : '@realm' realm : '@realm'

43
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html
View file

@ -6,13 +6,13 @@
<ul class="rcue-tabs" > <ul class="rcue-tabs" >
<li><a href="#/create/user/{{realm.id}}">New User</a></li> <li><a href="#/create/user/{{realm.id}}">New User</a></li>
<li><a href="#/realms/{{realm.id}}/users">Query Users</a></li> <li><a href="#/realms/{{realm.id}}/users">Query Users</a></li>
<li><a href="#/realms/{{realm.id}}/users/{{user.username}}">Attributes</a></li> <li><a href="#/realms/{{realm.id}}/users/{{user.username}}">{{user.username}} Attributes</a></li>
<li><a href="#">Credentials</a></li> <li><a href="#">{{user.username}} Credentials</a></li>
<li class="active"><a href="#">Role Mappings</a></li> <li class="active"><a href="#">{{user.username}} Role Mappings</a></li>
</ul> </ul>
</div> </div>
<div id="content"> <div id="content">
<h2 class="pull-left">Role Mappings: <span>{{realm.realm}}</span></h2> <h2 class="pull-left">User Role Mappings for <span>{{user.username}}</span></h2>
<p class="subtitle"></p> <p class="subtitle"></p>
<form name="realmForm" novalidate> <form name="realmForm" novalidate>
<fieldset> <fieldset>
@ -34,23 +34,30 @@
</div> </div>
</div> </div>
</fieldset> </fieldset>
<fieldset> <fieldset ng-show="applications.length > 0">
<legend collapsed><span class="text">Application Roles</span> </legend> <legend collapsed><span class="text">Application Roles</span> </legend>
<div class="form-group"> <div class="form-group input-select">
<label for="applications">Application: </label>
<div class="input-group">
<div class="select-rcue">
<select id="applications" name="applications" ng-change="changeApplication()" ng-model="application" ng-options="a.name for a in applications">
</select>
</div>
</div>
</div>
<div class="form-group" ng-show="application">
<div class="controls"> <div class="controls">
<select multiple size=5> <select multiple size="5"
<option value="role1">role1</option> ng-multiple="true"
<option value="role2">role2</option> ng-model="selectedApplicationRoles"
<option value="role3">role3</option> ng-options="r.name for r in applicationRoles">
<option value="role4">role4</option>
</select> </select>
<button type="submit">---&gt;</button> <button type="submit" ng-click="addApplicationRole()">---&gt;</button>
<button type="submit">&lt;---</button> <button type="submit" ng-click="deleteApplicationRole()">&lt;---</button>
<select multiple size=5> <select multiple size=5
<option value="role1">role1</option> ng-multiple="true"
<option disabled="disabled" value="role2">role2</option> ng-model="selectedApplicationMappings"
<option value="role3">role3</option> ng-options="r.name for r in applicationMappings">
<option value="role4">role4</option>
</select> </select>
</div> </div>
</div> </div>

14
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -244,6 +244,8 @@ public class UsersResource {
@Produces("application/json") @Produces("application/json")
@NoCache @NoCache
public List<RoleRepresentation> getApplicationRoleMappings(@PathParam("username") String username, @PathParam("appId") String appId) { public List<RoleRepresentation> getApplicationRoleMappings(@PathParam("username") String username, @PathParam("appId") String appId) {
logger.info("getApplicationRoleMappings");
UserModel user = realm.getUser(username); UserModel user = realm.getUser(username);
if (user == null) { if (user == null) {
throw new NotFoundException(); throw new NotFoundException();
@ -258,10 +260,10 @@ public class UsersResource {
ApplicationRoleMappings rep = new ApplicationRoleMappings(); ApplicationRoleMappings rep = new ApplicationRoleMappings();
List<RoleModel> mappings = application.getRoleMappings(user); List<RoleModel> mappings = application.getRoleMappings(user);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : mappings) { for (RoleModel roleModel : mappings) {
mapRep.add(manager.toRepresentation(roleModel)); mapRep.add(RealmManager.toRepresentation(roleModel));
} }
logger.info("getApplicationRoleMappings.size() = " + mapRep.size());
return mapRep; return mapRep;
} }
@ -269,6 +271,7 @@ public class UsersResource {
@POST @POST
@Consumes("application/json") @Consumes("application/json")
public void addApplicationRoleMapping(@PathParam("username") String username, @PathParam("appId") String appId, List<RoleRepresentation> roles) { public void addApplicationRoleMapping(@PathParam("username") String username, @PathParam("appId") String appId, List<RoleRepresentation> roles) {
logger.info("addApplicationRoleMapping");
UserModel user = realm.getUser(username); UserModel user = realm.getUser(username);
if (user == null) { if (user == null) {
throw new NotFoundException(); throw new NotFoundException();
@ -280,6 +283,13 @@ public class UsersResource {
throw new NotFoundException(); throw new NotFoundException();
} }
for (RoleRepresentation role : roles) {
RoleModel roleModel = application.getRoleById(role.getId());
if (roleModel == null) {
throw new NotFoundException();
}
application.grantRole(user, roleModel);
}
} }