libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Added permission ticket /count endpoint. Todo: testing

Browse source
This commit is contained in:
stefvdwel 2021-01-23 16:46:05 +01:00 committed by Pedro Igor
parent 2593c3dbc4
commit 5a500055f6
3 changed files with 125 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPermissionTicketStore.java
View file

@ -57,6 +57,63 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
this.provider = provider;
}
@Override
public long count(Map<String, String> attributes, String resourceServerId) {
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
CriteriaQuery<Long> querybuilder = builder.createQuery(Long.class);
Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
querybuilder.select(root.get("id"));
List<Predicate> predicates = new ArrayList();
if (resourceServerId != null) {
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServerId));
}
attributes.forEach((name, value) -> {
if (PermissionTicket.ID.equals(name)) {
predicates.add(root.get(name).in(value));
} else if (PermissionTicket.SCOPE.equals(name)) {
predicates.add(root.join("scope").get("id").in(value));
} else if (PermissionTicket.SCOPE_IS_NULL.equals(name)) {
if (Boolean.valueOf(value)) {
predicates.add(builder.isNull(root.get("scope")));
} else {
predicates.add(builder.isNotNull(root.get("scope")));
}
} else if (PermissionTicket.RESOURCE.equals(name)) {
predicates.add(root.join("resource").get("id").in(value));
} else if (PermissionTicket.RESOURCE_NAME.equals(name)) {
predicates.add(root.join("resource").get("name").in(value));
} else if (PermissionTicket.OWNER.equals(name)) {
predicates.add(builder.equal(root.get("owner"), value));
} else if (PermissionTicket.REQUESTER.equals(name)) {
predicates.add(builder.equal(root.get("requester"), value));
} else if (PermissionTicket.GRANTED.equals(name)) {
if (Boolean.valueOf(value)) {
predicates.add(builder.isNotNull(root.get("grantedTimestamp")));
} else {
predicates.add(builder.isNull(root.get("grantedTimestamp")));
}
} else if (PermissionTicket.REQUESTER_IS_NULL.equals(name)) {
predicates.add(builder.isNull(root.get("requester")));
} else if (PermissionTicket.POLICY_IS_NOT_NULL.equals(name)) {
predicates.add(builder.isNotNull(root.get("policy")));
} else if (PermissionTicket.POLICY.equals(name)) {
predicates.add(root.join("policy").get("id").in(value));
} else {
throw new RuntimeException("Unsupported filter [" + name + "]");
}
});
querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("id")));
TypedQuery query = entityManager.createQuery(querybuilder);
return query.getResultStream().count();
}
@Override
public PermissionTicket create(String resourceId, String scopeId, String requester, ResourceServer resourceServer) {
PermissionTicketEntity entity = new PermissionTicketEntity();

9
server-spi-private/src/main/java/org/keycloak/authorization/store/PermissionTicketStore.java
View file

@ -31,6 +31,15 @@ import org.keycloak.authorization.model.ResourceServer;
*/
public interface PermissionTicketStore {
/**
* Returns a list of {@link PermissionTicket}, filtered by the given attributes.
*
* @param attributes permission tickets that do not match the attributes are not included with the count.
* @param resourceServerId the resource server id
* @return an integer indicating the amount of permission tickets
*/
long count(Map<String, String> attributes, String resourceServerId);
/**
* Creates a new {@link PermissionTicket} instance.
*

45
services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicketService.java
View file

@ -226,6 +226,51 @@ public class PermissionTicketService {
.build();
}
@Path("/count")
@GET
public Response getResourceCount(@QueryParam("scopeId") String scopeId,
@QueryParam("resourceId") String resourceId,
@QueryParam("owner") String owner,
@QueryParam("requester") String requester,
@QueryParam("granted") Boolean granted,
@QueryParam("returnNames") Boolean returnNames) {
StoreFactory storeFactory = authorization.getStoreFactory();
PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
Map<String, String> filters = new HashMap<>();
if (resourceId != null) {
filters.put(PermissionTicket.RESOURCE, resourceId);
}
if (scopeId != null) {
ScopeStore scopeStore = storeFactory.getScopeStore();
Scope scope = scopeStore.findById(scopeId, resourceServer.getId());
if (scope == null) {
scope = scopeStore.findByName(scopeId, resourceServer.getId());
}
filters.put(PermissionTicket.SCOPE, scope != null ? scope.getId() : scopeId);
}
if (owner != null) {
filters.put(PermissionTicket.OWNER, getUserId(owner));
}
if (requester != null) {
filters.put(PermissionTicket.REQUESTER, getUserId(requester));
}
if (granted != null) {
filters.put(PermissionTicket.GRANTED, granted.toString());
}
long count = permissionTicketStore.count(filters, resourceServer.getId());
Map<String, Long> map = new HashMap<>();
map.put("count", count);
return Response.ok().entity(map).build();
}
private String getUserId(String userIdOrName) {
UserProvider userProvider = authorization.getKeycloakSession().users();
RealmModel realm = authorization.getRealm();