KEYCLOAK-16082 save attributes when role is created (with REST POST request)

- add missing mapping code to RoleContainerResource#createRole
- extend ClientRolesTest and RealmRolesTest to check that now the attributes are saved when a role is created
- remove no longer needed code which updated roles because attributes were not saved on creation
This commit is contained in:
Daniel Fesenmeyer 2021-03-25 16:41:33 +01:00 committed by Bruno Oliveira da Silva
parent e0d660d815
commit a48d04bfe0
4 changed files with 92 additions and 105 deletions

View file

@ -53,6 +53,7 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Stream;
@ -131,6 +132,13 @@ public class RoleContainerResource extends RoleResource {
RoleModel role = roleContainer.addRole(rep.getName());
role.setDescription(rep.getDescription());
Map<String, List<String>> attributes = rep.getAttributes();
if (attributes != null) {
for (Map.Entry<String, List<String>> attr : attributes.entrySet()) {
role.setAttribute(attr.getKey(), attr.getValue());
}
}
rep.setId(role.getId());
if (role.isClientRole()) {

View file

@ -2046,7 +2046,6 @@ public class UserTest extends AbstractAdminTest {
realm.roles().create(RoleBuilder.create().name("realm-role").build());
realm.roles().create(realmCompositeRole);
realm.roles().get("realm-composite").update(realmCompositeRole);
realm.roles().create(RoleBuilder.create().name("realm-child").build());
realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
@ -2061,7 +2060,6 @@ public class UserTest extends AbstractAdminTest {
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role").build());
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role2").build());
realm.clients().get(clientUuid).roles().create(clientCompositeRole);
realm.clients().get(clientUuid).roles().get("client-composite").update(clientCompositeRole);
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-child").build());
realm.clients().get(clientUuid).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));

View file

@ -85,9 +85,15 @@ public class ClientRolesTest extends AbstractClientTest {
@Test
public void testAddRole() {
RoleRepresentation role1 = makeRole("role1");
role1.setDescription("role1-description");
role1.setAttributes(Collections.singletonMap("role1-attr-key", Collections.singletonList("role1-attr-val")));
rolesRsc.create(role1);
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role1"), role1, ResourceType.CLIENT_ROLE);
assertTrue(hasRole(rolesRsc, "role1"));
RoleRepresentation addedRole = rolesRsc.get(role1.getName()).toRepresentation();
assertEquals(role1.getName(), addedRole.getName());
assertEquals(role1.getDescription(), addedRole.getDescription());
assertEquals(role1.getAttributes(), addedRole.getAttributes());
}
@Test(expected = ClientErrorException.class)
@ -279,14 +285,6 @@ public class ClientRolesTest extends AbstractClientTest {
rolesRsc.create(role);
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId,roleName), role, ResourceType.CLIENT_ROLE);
// we have to update the role to set the attributes because
// the add role endpoint only care about name and description
RoleResource roleToUpdate = rolesRsc.get(roleName);
role.setId(roleToUpdate.toRepresentation().getId());
roleToUpdate.update(role);
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientRoleResourcePath(clientDbId,roleName), role, ResourceType.CLIENT_ROLE);
}
List<RoleRepresentation> roles = rolesRsc.list(false);
@ -305,14 +303,6 @@ public class ClientRolesTest extends AbstractClientTest {
rolesRsc.create(role);
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId,roleName), role, ResourceType.CLIENT_ROLE);
// we have to update the role to set the attributes because
// the add role endpoint only care about name and description
RoleResource roleToUpdate = rolesRsc.get(roleName);
role.setId(roleToUpdate.toRepresentation().getId());
roleToUpdate.update(role);
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientRoleResourcePath(clientDbId,roleName), role, ResourceType.CLIENT_ROLE);
}
List<RoleRepresentation> roles = rolesRsc.list();

View file

@ -70,6 +70,9 @@ import org.keycloak.models.Constants;
*/
public class RealmRolesTest extends AbstractAdminTest {
private static final Map<String, List<String>> ROLE_A_ATTRIBUTES =
Collections.singletonMap("role-a-attr-key1", Collections.singletonList("role-a-attr-val1"));
private RolesResource resource;
private Map<String, String> ids = new HashMap<>();
@ -77,7 +80,7 @@ public class RealmRolesTest extends AbstractAdminTest {
@Before
public void before() {
RoleRepresentation roleA = RoleBuilder.create().name("role-a").description("Role A").build();
RoleRepresentation roleA = RoleBuilder.create().name("role-a").description("Role A").attributes(ROLE_A_ATTRIBUTES).build();
RoleRepresentation roleB = RoleBuilder.create().name("role-b").description("Role B").build();
//KEYCLOAK-2035
RoleRepresentation roleWithUsers = RoleBuilder.create().name("role-with-users").description("Role with users").build();
@ -152,6 +155,7 @@ public class RealmRolesTest extends AbstractAdminTest {
assertNotNull(role);
assertEquals("role-a", role.getName());
assertEquals("Role A", role.getDescription());
assertEquals(ROLE_A_ATTRIBUTES, role.getAttributes());
assertFalse(role.isComposite());
}
@ -166,6 +170,8 @@ public class RealmRolesTest extends AbstractAdminTest {
role.setName("role-a-new");
role.setDescription("Role A New");
Map<String, List<String>> newAttributes = Collections.singletonMap("attrKeyNew", Collections.singletonList("attrValueNew"));
role.setAttributes(newAttributes);
resource.get("role-a").update(role);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), role, ResourceType.REALM_ROLE);
@ -175,6 +181,7 @@ public class RealmRolesTest extends AbstractAdminTest {
assertNotNull(role);
assertEquals("role-a-new", role.getName());
assertEquals("Role A New", role.getDescription());
assertEquals(newAttributes, role.getAttributes());
assertFalse(role.isComposite());
}
@ -445,20 +452,12 @@ public class RealmRolesTest extends AbstractAdminTest {
String roleName = "attributesrole"+i;
RoleRepresentation role = makeRole(roleName);
Map<String, List<String>> attributes = new HashMap<String, List<String>>();
Map<String, List<String>> attributes = new HashMap<>();
attributes.put("attribute1", Arrays.asList("value1","value2"));
role.setAttributes(attributes);
resource.create(role);
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
// we have to update the role to set the attributes because
// the add role endpoint only care about name and description
RoleResource roleToUpdate = resource.get(roleName);
role.setId(roleToUpdate.toRepresentation().getId());
roleToUpdate.update(role);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
}
List<RoleRepresentation> roles = resource.list("attributesrole", false);
@ -471,20 +470,12 @@ public class RealmRolesTest extends AbstractAdminTest {
String roleName = "attributesrolebrief"+i;
RoleRepresentation role = makeRole(roleName);
Map<String, List<String>> attributes = new HashMap<String, List<String>>();
Map<String, List<String>> attributes = new HashMap<>();
attributes.put("attribute1", Arrays.asList("value1","value2"));
role.setAttributes(attributes);
resource.create(role);
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
// we have to update the role to set the attributes because
// the add role endpoint only care about name and description
RoleResource roleToUpdate = resource.get(roleName);
role.setId(roleToUpdate.toRepresentation().getId());
roleToUpdate.update(role);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
}
List<RoleRepresentation> roles = resource.list("attributesrolebrief", true);