KEYCLOAK-2716

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientsResource.java

@@ -25,6 +25,7 @@ import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
@@ -45,6 +46,10 @@ public interface ClientsResource {
     @Produces(MediaType.APPLICATION_JSON)
     public List<ClientRepresentation> findAll();
 
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    public List<ClientRepresentation> findByClientId(@QueryParam("clientId") String clientId);
+
 
 
 }

model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java

@@ -627,26 +627,7 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
 
     @Override
     public boolean removeRole(RoleModel roleModel) {
-        if (roleModel == null) {
-            return false;
-        }
-        if (!roleModel.getContainer().equals(this)) return false;
-
-        session.users().preRemove(getRealm(), roleModel);
-        RoleEntity role = RoleAdapter.toRoleEntity(roleModel, em);
-        if (!role.isClientRole()) return false;
-
-        entity.getDefaultRoles().remove(role);
-        String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
-        em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", role).executeUpdate();
-        em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", role).executeUpdate();
-        em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", role).executeUpdate();
-        role.setClient(null);
-        em.flush();
-        em.remove(role);
-        em.flush();
-
-        return true;
+        return session.realms().removeRole(realm, roleModel);
     }
 
     @Override

model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java

@@ -261,7 +261,7 @@ public class JpaRealmProvider implements RealmProvider {
         em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
         em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
         em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
-        em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
+        int val = em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
 
         em.remove(roleEntity);
         em.flush();

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java

@@ -583,8 +583,7 @@ public class ClientAdapter extends AbstractMongoAdapter<MongoClientEntity> imple
 
     @Override
     public boolean removeRole(RoleModel role) {
-        session.users().preRemove(getRealm(), role);
-        return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
+        return session.realms().removeRole(realm, role);
     }
 
     @Override

services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java

@@ -36,6 +36,7 @@ import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@@ -71,26 +72,36 @@ public class ClientsResource {
      * Get clients belonging to the realm
      *
      * Returns a list of clients belonging to the realm
+     *
+     * @param clientId filter by clientId
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @NoCache
-    public List<ClientRepresentation> getClients() {
+    public List<ClientRepresentation> getClients(@QueryParam("clientId") String clientId) {
         auth.requireAny();
 
         List<ClientRepresentation> rep = new ArrayList<>();
-        List<ClientModel> clientModels = realm.getClients();
 
-        boolean view = auth.hasView();
-        for (ClientModel clientModel : clientModels) {
-            if (view) {
-                rep.add(ModelToRepresentation.toRepresentation(clientModel));
-            } else {
-                ClientRepresentation client = new ClientRepresentation();
-                client.setId(clientModel.getId());
-                client.setClientId(clientModel.getClientId());
-                client.setDescription(clientModel.getDescription());
-                rep.add(client);
+        if (clientId == null) {
+            List<ClientModel> clientModels = realm.getClients();
+
+            boolean view = auth.hasView();
+            for (ClientModel clientModel : clientModels) {
+                if (view) {
+                    rep.add(ModelToRepresentation.toRepresentation(clientModel));
+                } else {
+                    ClientRepresentation client = new ClientRepresentation();
+                    client.setId(clientModel.getId());
+                    client.setClientId(clientModel.getClientId());
+                    client.setDescription(clientModel.getDescription());
+                    rep.add(client);
+                }
+            }
+        } else {
+            ClientModel client = realm.getClientByClientId(clientId);
+            if (client != null) {
+                rep.add(ModelToRepresentation.toRepresentation(client));
             }
         }
         return rep;

testsuite/integration/src/test/java/org/keycloak/testsuite/model/GroupTest.java

@@ -36,6 +36,7 @@ import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
+import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.GroupRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
@@ -95,6 +96,35 @@ public class GroupTest {
     @WebResource
     protected OAuthClient oauth;
 
+    /**
+     * KEYCLOAK-2716
+     * @throws Exception
+     */
+    @Test
+    public void testClientRemoveWithClientRoleGroupMapping() throws Exception {
+        RealmResource realm = keycloak.realms().realm("test");
+        ClientRepresentation client = new ClientRepresentation();
+        client.setClientId("foo");
+        client.setRootUrl("http://foo");
+        client.setProtocol("openid-connect");
+        Response response = realm.clients().create(client);
+        response.close();
+        client = realm.clients().findByClientId("foo").get(0);
+        RoleRepresentation role = new RoleRepresentation();
+        role.setName("foo-role");
+        realm.clients().get(client.getId()).roles().create(role);
+        role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation();
+        GroupRepresentation group = new GroupRepresentation();
+        group.setName("2716");
+        realm.groups().add(group).close();
+        group = realm.getGroupByPath("/2716");
+        List<RoleRepresentation> list = new LinkedList<>();
+        list.add(role);
+        realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list);
+        realm.clients().get(client.getId()).remove();
+
+    }
+
     @Test
     public void createAndTestGroups() throws Exception {
         RealmResource realm = keycloak.realms().realm("test");