Merge pull request #5200 from martel-innovate/KEYCLOAK-7337

[KEYCLOAK-7337] Implement return of requester in UMA permissions

core/src/main/java/org/keycloak/representations/idm/authorization/PermissionTicketRepresentation.java

@@ -28,6 +28,9 @@ public class PermissionTicketRepresentation {
     private boolean granted;
     private String scopeName;
     private String resourceName;
+    private String requester; 
+    private String ownerName;
+    private String requesterName;
 
     public String getId() {
         return id;
@@ -84,4 +87,28 @@ public class PermissionTicketRepresentation {
     public String getResourceName() {
         return resourceName;
     }
+    
+    public void setRequesterName(String requesterName) {
+        this.requesterName = requesterName;
+    }
+
+    public String getRequesterName() {
+        return requesterName;
+    }
+    
+    public void setRequester(String requester) {
+        this.requester = requester;
+    }
+
+    public String getRequester() {
+        return requester;
+    }
+    
+    public void setOwnerName(String ownerName) {
+        this.ownerName = ownerName;
+    }
+
+    public String getOwnerName() {
+        return ownerName;
+    }
 }

server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java

@@ -848,16 +848,17 @@ public class ModelToRepresentation {
         return resource;
     }
 
-    public static PermissionTicketRepresentation toRepresentation(PermissionTicket ticket) {
+    public static PermissionTicketRepresentation toRepresentation(PermissionTicket ticket, AuthorizationProvider authorization) {
-        return toRepresentation(ticket, false);
+        return toRepresentation(ticket, authorization, false);
     }
 
-    public static PermissionTicketRepresentation toRepresentation(PermissionTicket ticket, boolean returnNames) {
+    public static PermissionTicketRepresentation toRepresentation(PermissionTicket ticket, AuthorizationProvider authorization, boolean returnNames) {
         PermissionTicketRepresentation representation = new PermissionTicketRepresentation();
 
         representation.setId(ticket.getId());
         representation.setGranted(ticket.isGranted());
         representation.setOwner(ticket.getOwner());
+        representation.setRequester(ticket.getRequester());
 
         Resource resource = ticket.getResource();
 
@@ -865,6 +866,12 @@ public class ModelToRepresentation {
 
         if (returnNames) {
             representation.setResourceName(resource.getName());
+            KeycloakSession keycloakSession = authorization.getKeycloakSession();
+            RealmModel realm = authorization.getRealm();
+            UserModel owner = keycloakSession.users().getUserById(ticket.getOwner(), realm);
+            UserModel requester = keycloakSession.users().getUserById(ticket.getRequester(), realm);
+            representation.setRequesterName(requester.getUsername());
+            representation.setOwnerName(owner.getUsername());
         }
 
         Scope scope = ticket.getScope();

services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java

@@ -138,7 +138,7 @@ public class PermissionService extends AbstractPermissionService {
 
         return Response.ok().entity(permissionTicketStore.find(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS)
                     .stream()
-                        .map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, returnNames == null ? false : returnNames))
+                        .map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, authorization, returnNames == null ? false : returnNames))
                         .collect(Collectors.toList()))
                 .build();
     }