Merge pull request #1839 from patriot1burke/master

default groups back end

connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.7.0.xml

@@ -37,6 +37,14 @@
                 <constraints nullable="false"/>
             </column>
         </createTable>
+        <createTable tableName="REALM_DEFAULT_GROUPS">
+            <column name="REALM_ID" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="GROUP_ID" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
 
         <addColumn tableName="IDENTITY_PROVIDER">
             <column name="FIRST_BROKER_LOGIN_FLOW_ID" type="VARCHAR(36)">
@@ -58,6 +66,9 @@
         <addForeignKeyConstraint baseColumnNames="GROUP_ID" baseTableName="GROUP_ROLE_MAPPING" constraintName="FK_GROUP_ROLE_GROUP" referencedColumnNames="ID" referencedTableName="KEYCLOAK_GROUP"/>
         <addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="GROUP_ROLE_MAPPING" constraintName="FK_GROUP_ROLE_ROLE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
 
+        <addUniqueConstraint columnNames="GROUP_ID" constraintName="CON_GROUP_ID_DEF_GROUPS" tableName="REALM_DEFAULT_GROUPS"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_DEFAULT_GROUPS" constraintName="FK_DEF_GROUPS_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+        <addForeignKeyConstraint baseColumnNames="GROUP_ID" baseTableName="REALM_DEFAULT_GROUPS" constraintName="FK_DEF_GROUPS_GROUP" referencedColumnNames="ID" referencedTableName="KEYCLOAK_GROUP"/>
         <addColumn tableName="CLIENT">
             <column name="REGISTRATION_TOKEN" type="VARCHAR(255)"/>
         </addColumn>

core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java

@@ -49,6 +49,7 @@ public class RealmRepresentation {
     protected RolesRepresentation roles;
     protected List<GroupRepresentation> groups;
     protected List<String> defaultRoles;
+    protected List<String> defaultGroups;
     @Deprecated
     protected Set<String> requiredCredentials;
     protected String passwordPolicy;
@@ -269,6 +270,14 @@ public class RealmRepresentation {
         this.defaultRoles = defaultRoles;
     }
 
+    public List<String> getDefaultGroups() {
+        return defaultGroups;
+    }
+
+    public void setDefaultGroups(List<String> defaultGroups) {
+        this.defaultGroups = defaultGroups;
+    }
+
     public String getPrivateKey() {
         return privateKey;
     }

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java

@@ -47,6 +47,19 @@ public interface RealmResource {
     @Produces(MediaType.APPLICATION_JSON)
     public GroupRepresentation getGroupByPath(@PathParam("path") String path);
 
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("default-groups")
+    public List<GroupRepresentation> getDefaultGroups();
+
+    @PUT
+    @Path("default-groups/{groupId}")
+    public void addDefaultGroup(@PathParam("groupId") String groupId);
+
+    @DELETE
+    @Path("default-groups/{groupId}")
+    public void removeDefaultGroup(@PathParam("groupId") String groupId);
+
     @Path("identity-provider")
     IdentityProvidersResource identityProviders();
 

model/api/src/main/java/org/keycloak/models/RealmModel.java

@@ -165,6 +165,12 @@ public interface RealmModel extends RoleContainerModel {
 
     void updateDefaultRoles(String[] defaultRoles);
 
+    List<GroupModel> getDefaultGroups();
+
+    void addDefaultGroup(GroupModel group);
+
+    void removeDefaultGroup(GroupModel group);
+
     // Key is clientId
     Map<String, ClientModel> getClientNameMap();
 

model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java

@@ -61,6 +61,7 @@ public class RealmEntity extends AbstractIdentifiableEntity {
 
     // We are using names of defaultRoles (not ids)
     private List<String> defaultRoles = new ArrayList<String>();
+    private List<String> defaultGroups = new ArrayList<String>();
 
     private List<RequiredCredentialEntity> requiredCredentials = new ArrayList<RequiredCredentialEntity>();
     private List<UserFederationProviderEntity> userFederationProviders = new ArrayList<UserFederationProviderEntity>();
@@ -629,6 +630,14 @@ public class RealmEntity extends AbstractIdentifiableEntity {
     public void setClientAuthenticationFlow(String clientAuthenticationFlow) {
         this.clientAuthenticationFlow = clientAuthenticationFlow;
     }
+
+    public List<String> getDefaultGroups() {
+        return defaultGroups;
+    }
+
+    public void setDefaultGroups(List<String> defaultGroups) {
+        this.defaultGroups = defaultGroups;
+    }
 }
 
 

model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java

@@ -239,6 +239,14 @@ public class ModelToRepresentation {
             roleStrings.addAll(defaultRoles);
             rep.setDefaultRoles(roleStrings);
         }
+        List<GroupModel> defaultGroups = realm.getDefaultGroups();
+        if (!defaultGroups.isEmpty()) {
+            List<String> groupPaths = new LinkedList<>();
+            for (GroupModel group : defaultGroups) {
+                groupPaths.add(ModelToRepresentation.buildGroupPath(group));
+            }
+            rep.setDefaultGroups(groupPaths);
+        }
 
         List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
         if (requiredCredentialModels.size() > 0) {

model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java

@@ -315,6 +315,13 @@ public class RepresentationToModel {
 
         if (rep.getGroups() != null) {
             importGroups(newRealm, rep);
+            if (rep.getDefaultGroups() != null) {
+                for (String path : rep.getDefaultGroups()) {
+                    GroupModel found = KeycloakModelUtils.findGroupByPath(newRealm, path);
+                    if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path);
+                    newRealm.addDefaultGroup(found);
+                }
+            }
         }
 
 

model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java

@@ -480,6 +480,30 @@ public class RealmAdapter implements RealmModel {
         return cacheSession.getRoleById(id, this);
      }
 
+    @Override
+    public List<GroupModel> getDefaultGroups() {
+        List<GroupModel> defaultGroups = new LinkedList<>();
+        for (String id : cached.getDefaultGroups()) {
+            defaultGroups.add(cacheSession.getGroupById(id, this));
+        }
+        return defaultGroups;
+
+    }
+
+    @Override
+    public void addDefaultGroup(GroupModel group) {
+        getDelegateForUpdate();
+        updated.addDefaultGroup(group);
+
+    }
+
+    @Override
+    public void removeDefaultGroup(GroupModel group) {
+        getDelegateForUpdate();
+        updated.removeDefaultGroup(group);
+
+    }
+
     @Override
     public List<String> getDefaultRoles() {
         if (updated != null) return updated.getDefaultRoles();

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java

@@ -107,6 +107,7 @@ public class CachedRealm implements Serializable {
     protected Set<String> adminEnabledEventOperations = new HashSet<String>();
     protected boolean adminEventsDetailsEnabled;
     private List<String> defaultRoles = new LinkedList<String>();
+    private List<String> defaultGroups = new LinkedList<String>();
     private Set<String> groups = new HashSet<String>();
     private Map<String, String> realmRoles = new HashMap<String, String>();
     private Map<String, String> clients = new HashMap<String, String>();
@@ -229,6 +230,10 @@ public class CachedRealm implements Serializable {
             requiredActionProvidersByAlias.put(action.getAlias(), action);
         }
 
+        for (GroupModel group : model.getDefaultGroups()) {
+            defaultGroups.add(group.getId());
+        }
+
         browserFlow = model.getBrowserFlow();
         registrationFlow = model.getRegistrationFlow();
         directGrantFlow = model.getDirectGrantFlow();
@@ -516,4 +521,8 @@ public class CachedRealm implements Serializable {
     public Set<String> getGroups() {
         return groups;
     }
+
+    public List<String> getDefaultGroups() {
+        return defaultGroups;
+    }
 }

model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java

@@ -71,6 +71,10 @@ public class JpaUserProvider implements UserProvider {
                     userModel.grantRole(application.getRole(r));
                 }
             }
+
+            for (GroupModel g : realm.getDefaultGroups()) {
+                userModel.joinGroup(g);
+            }
         }
         for (RequiredActionProviderModel r : realm.getRequiredActionProviders()) {
             if (r.isEnabled() && r.isDefaultAction()) {

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java

@@ -647,6 +647,44 @@ public class RealmAdapter implements RealmModel {
         em.flush();
     }
 
+    @Override
+    public List<GroupModel> getDefaultGroups() {
+        Collection<GroupEntity> entities = realm.getDefaultGroups();
+        List<GroupModel> defaultGroups = new LinkedList<>();
+        for (GroupEntity entity : entities) {
+            defaultGroups.add(session.realms().getGroupById(entity.getId(), this));
+        }
+        return defaultGroups;
+    }
+
+    @Override
+    public void addDefaultGroup(GroupModel group) {
+        Collection<GroupEntity> entities = realm.getDefaultGroups();
+        for (GroupEntity entity : entities) {
+            if (entity.getId().equals(group.getId())) return;
+        }
+        GroupEntity groupEntity = GroupAdapter.toEntity(group, em);
+        realm.getDefaultGroups().add(groupEntity);
+        em.flush();
+
+    }
+
+    @Override
+    public void removeDefaultGroup(GroupModel group) {
+        GroupEntity found = null;
+        for (GroupEntity defaultGroup : realm.getDefaultGroups()) {
+            if (defaultGroup.getId().equals(group.getId())) {
+                found = defaultGroup;
+                break;
+            }
+        }
+        if (found != null) {
+            realm.getDefaultGroups().remove(found);
+            em.flush();
+        }
+
+    }
+
     @Override
     public Map<String, ClientModel> getClientNameMap() {
         Map<String, ClientModel> map = new HashMap<String, ClientModel>();
@@ -2002,6 +2040,7 @@ public class RealmAdapter implements RealmModel {
         if (!groupEntity.getRealm().getId().equals(getId())) {
             return false;
         }
+        realm.getDefaultRoles().remove(groupEntity);
         for (GroupModel subGroup : group.getSubGroups()) {
             removeGroup(subGroup);
         }

model/jpa/src/main/java/org/keycloak/models/jpa/entities/GroupEntity.java

@@ -92,7 +92,7 @@ public class GroupEntity {
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
+        if (o == null) return false;
 
         GroupEntity that = (GroupEntity) o;
 

model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java

@@ -143,6 +143,10 @@ public class RealmEntity {
     @JoinTable(name="REALM_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="REALM_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")})
     protected Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
 
+    @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
+    @JoinTable(name="REALM_DEFAULT_GROUPS", joinColumns = { @JoinColumn(name="REALM_ID")}, inverseJoinColumns = { @JoinColumn(name="GROUP_ID")})
+    protected Collection<GroupEntity> defaultGroups = new ArrayList<>();
+
     @Column(name="EVENTS_ENABLED")
     protected boolean eventsEnabled;
     @Column(name="EVENTS_EXPIRATION")
@@ -426,6 +430,14 @@ public class RealmEntity {
         this.defaultRoles = defaultRoles;
     }
 
+    public Collection<GroupEntity> getDefaultGroups() {
+        return defaultGroups;
+    }
+
+    public void setDefaultGroups(Collection<GroupEntity> defaultGroups) {
+        this.defaultGroups = defaultGroups;
+    }
+
     public String getPasswordPolicy() {
         return passwordPolicy;
     }

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java

@@ -300,6 +300,9 @@ public class MongoUserProvider implements UserProvider {
                     userModel.grantRole(application.getRole(r));
                 }
             }
+            for (GroupModel g : realm.getDefaultGroups()) {
+                userModel.joinGroup(g);
+            }
         }
 
         if (addDefaultRequiredActions) {

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java

@@ -681,6 +681,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
 
     @Override
     public boolean removeGroup(GroupModel group) {
+        if (realm.getDefaultGroups() != null) {
+            getMongoStore().pullItemFromList(realm, "defaultGroups", group.getId(), invocationContext);
+        }
         for (GroupModel subGroup : group.getSubGroups()) {
             removeGroup(subGroup);
         }
@@ -689,6 +692,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         return getMongoStore().removeEntity(MongoGroupEntity.class, group.getId(), invocationContext);
     }
 
+
+
     @Override
     public List<String> getDefaultRoles() {
         return realm.getDefaultRoles();
@@ -720,6 +725,27 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         updateRealm();
     }
 
+    @Override
+    public List<GroupModel> getDefaultGroups() {
+        List<GroupModel> defaultGroups = new LinkedList<>();
+        for (String id : realm.getDefaultGroups()) {
+            defaultGroups.add(session.realms().getGroupById(id, this));
+        }
+        return defaultGroups;
+    }
+
+    @Override
+    public void addDefaultGroup(GroupModel group) {
+        getMongoStore().pushItemToList(realm, "defaultGroups", group.getId(), true, invocationContext);
+
+    }
+
+    @Override
+    public void removeDefaultGroup(GroupModel group) {
+        getMongoStore().pullItemFromList(realm, "defaultGroups", group.getId(), invocationContext);
+
+    }
+
     @Override
     public ClientModel getClientById(String id) {
         return model.getClientById(id, this);

services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java

@@ -634,6 +634,48 @@ public class RealmAdminResource {
         return new IdentityProvidersResource(realm, session, this.auth, adminEvent);
     }
 
+    /**
+     * Get group hierarchy.  Only name and ids are returned.
+     *
+     * @return
+     */
+    @GET
+    @NoCache
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("default-groups")
+    public List<GroupRepresentation> getDefaultGroups() {
+        this.auth.requireView();
+        List<GroupRepresentation> defaults = new LinkedList<>();
+        for (GroupModel group : realm.getDefaultGroups()) {
+            defaults.add(ModelToRepresentation.toRepresentation(group, false));
+        }
+        return defaults;
+    }
+    @PUT
+    @NoCache
+    @Path("default-groups/{groupId}")
+    public void addDefaultGroup(@PathParam("groupId") String groupId) {
+        this.auth.requireManage();
+        GroupModel group = realm.getGroupById(groupId);
+        if (group == null) {
+            throw new NotFoundException("Group not found");
+        }
+        realm.addDefaultGroup(group);
+    }
+
+    @DELETE
+    @NoCache
+    @Path("default-groups/{groupId}")
+    public void removeDefaultGroup(@PathParam("groupId") String groupId) {
+        this.auth.requireManage();
+        GroupModel group = realm.getGroupById(groupId);
+        if (group == null) {
+            throw new NotFoundException("Group not found");
+        }
+        realm.removeDefaultGroup(group);
+    }
+
+
     @Path("groups")
     public GroupsResource getGroups() {
         GroupsResource resource =  new GroupsResource(realm, session, this.auth, adminEvent);

testsuite/integration/src/test/java/org/keycloak/testsuite/model/GroupTest.java

@@ -180,6 +180,25 @@ public class GroupTest {
         Assert.assertTrue(token.getRealmAccess().getRoles().contains("level2Role"));
         Assert.assertTrue(token.getRealmAccess().getRoles().contains("level3Role"));
 
+        realm.addDefaultGroup(level3Group.getId());
+
+        List<GroupRepresentation> defaultGroups = realm.getDefaultGroups();
+        Assert.assertEquals(1, defaultGroups.size());
+        Assert.assertEquals(defaultGroups.get(0).getId(), level3Group.getId());
+
+        UserRepresentation newUser = new UserRepresentation();
+        newUser.setUsername("groupUser");
+        newUser.setEmail("group@group.com");
+        response = realm.users().create(newUser);
+        response.close();
+        newUser =  realm.users().search("groupUser", -1, -1).get(0);
+        membership = realm.users().get(newUser.getId()).groups();
+        Assert.assertEquals(1, membership.size());
+        Assert.assertEquals("level3", membership.get(0).getName());
+
+        realm.removeDefaultGroup(level3Group.getId());
+        defaultGroups = realm.getDefaultGroups();
+        Assert.assertEquals(0, defaultGroups.size());
 
     }