KEYCLOAK-5049 add explicit removal of groups (#4416)

This commit is contained in:
vramik 2017-08-30 08:16:00 +02:00 committed by Stian Thorgersen
parent d3dc26181e
commit 8bfab22417
3 changed files with 40 additions and 8 deletions

View file

@ -115,7 +115,7 @@ public class JpaRealmProvider implements RealmProvider {
TypedQuery<String> query = em.createNamedQuery("getRealmIdByName", String.class);
query.setParameter("name", name);
List<String> entities = query.getResultList();
if (entities.size() == 0) return null;
if (entities.isEmpty()) return null;
if (entities.size() > 1) throw new IllegalStateException("Should not be more than one realm with same name");
String id = query.getResultList().get(0);
@ -155,6 +155,10 @@ public class JpaRealmProvider implements RealmProvider {
removeRole(adapter, role);
}
for (GroupModel group : adapter.getGroups()) {
session.realms().removeGroup(adapter, group);
}
num = em.createNamedQuery("removeClientInitialAccessByRealm")
.setParameter("realm", realm).executeUpdate();
@ -208,7 +212,7 @@ public class JpaRealmProvider implements RealmProvider {
query.setParameter("name", name);
query.setParameter("realm", realm.getId());
List<String> roles = query.getResultList();
if (roles.size() == 0) return null;
if (roles.isEmpty()) return null;
return session.realms().getRoleById(roles.get(0), realm);
}
@ -237,7 +241,7 @@ public class JpaRealmProvider implements RealmProvider {
List<String> roles = query.getResultList();
if (roles.isEmpty()) return Collections.EMPTY_SET;
Set<RoleModel> list = new HashSet<RoleModel>();
Set<RoleModel> list = new HashSet<>();
for (String id : roles) {
list.add(session.realms().getRoleById(id, realm));
}
@ -250,14 +254,14 @@ public class JpaRealmProvider implements RealmProvider {
query.setParameter("name", name);
query.setParameter("client", client.getId());
List<String> roles = query.getResultList();
if (roles.size() == 0) return null;
if (roles.isEmpty()) return null;
return session.realms().getRoleById(roles.get(0), realm);
}
@Override
public Set<RoleModel> getClientRoles(RealmModel realm, ClientModel client) {
Set<RoleModel> list = new HashSet<RoleModel>();
Set<RoleModel> list = new HashSet<>();
TypedQuery<String> query = em.createNamedQuery("getClientRoleIds", String.class);
query.setParameter("client", client.getId());
List<String> roles = query.getResultList();
@ -384,9 +388,8 @@ public class JpaRealmProvider implements RealmProvider {
for (GroupModel subGroup : group.getSubGroups()) {
session.realms().removeGroup(realm, subGroup);
}
moveGroup(realm, group, null);
GroupEntity groupEntity = em.find(GroupEntity.class, group.getId());
if (!groupEntity.getRealm().getId().equals(realm.getId())) {
if ((groupEntity == null) || (!groupEntity.getRealm().getId().equals(realm.getId()))) {
return false;
}
em.createNamedQuery("deleteGroupRoleMappingsByGroup").setParameter("group", groupEntity).executeUpdate();

View file

@ -75,4 +75,11 @@ log4j.logger.org.apache.directory.server.core=warn
# log4j.logger.org.keycloak.keys.infinispan=trace
log4j.logger.org.keycloak.services.clientregistration.policy=debug
#log4j.logger.org.keycloak.authentication=debug
#log4j.logger.org.keycloak.authentication=debug
## Enable SQL debugging
# Enable logs the SQL statements
#log4j.logger.org.hibernate.SQL=debug
# Enable logs the JDBC parameters passed to a query
#log4j.logger.org.hibernate.type=trace

View file

@ -456,6 +456,17 @@
"attributes": {
"level2Attribute": ["true"]
}
},
{
"name": "level2group2",
"realmRoles": ["admin"],
"clientRoles": {
"test-app": ["customer-user"]
},
"attributes": {
"level2Attribute": ["true"]
}
}
]
@ -481,6 +492,17 @@
"attributes": {
"level2Attribute": ["true"]
}
},
{
"name": "level2group2",
"realmRoles": ["admin"],
"clientRoles": {
"test-app": ["customer-user"]
},
"attributes": {
"level2Attribute": ["true"]
}
}
]