libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Improve documentation on ClientRolemappingsRessource

Browse source 
Closes #29266

Signed-off-by: Sebastian Prehn <sebastian.prehn@ero.eu>
This commit is contained in:
Sebastian Prehn 2024-05-07 10:03:41 +02:00 committed by Alexander Schwartz
parent cfd270b572
commit b5d0154bb1
2 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java
View file

@ -102,7 +102,7 @@ public class ClientRoleMappingsResource {
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@NoCache @NoCache
@Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS) @Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS)
@Operation( summary = "Get client-level role mappings for the user, and the app") @Operation( summary = "Get client-level role mappings for the user or group, and the app")
public Stream<RoleRepresentation> getClientRoleMappings() { public Stream<RoleRepresentation> getClientRoleMappings() {
viewPermission.require(); viewPermission.require();
@ -134,7 +134,7 @@ public class ClientRoleMappingsResource {
} }
/** /**
* Get available client-level roles that can be mapped to the user * Get available client-level roles that can be mapped to the user or group
* *
* @return * @return
*/ */
@ -143,7 +143,7 @@ public class ClientRoleMappingsResource {
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@NoCache @NoCache
@Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS) @Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS)
@Operation( summary = "Get available client-level roles that can be mapped to the user") @Operation( summary = "Get available client-level roles that can be mapped to the user or group")
public Stream<RoleRepresentation> getAvailableClientRoleMappings() { public Stream<RoleRepresentation> getAvailableClientRoleMappings() {
viewPermission.require(); viewPermission.require();
@ -154,14 +154,14 @@ public class ClientRoleMappingsResource {
} }
/** /**
* Add client-level roles to the user role mapping * Add client-level roles to the user or group role mapping
* *
* @param roles * @param roles
*/ */
@POST @POST
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS) @Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS)
@Operation( summary = "Add client-level roles to the user role mapping") @Operation( summary = "Add client-level roles to the user or group role mapping")
@APIResponse(responseCode = "204", description = "No Content") @APIResponse(responseCode = "204", description = "No Content")
public void addClientRoleMapping(List<RoleRepresentation> roles) { public void addClientRoleMapping(List<RoleRepresentation> roles) {
managePermission.require(); managePermission.require();
@ -180,7 +180,7 @@ public class ClientRoleMappingsResource {
throw ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR); throw ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
} catch (ModelException | ReadOnlyException me) { } catch (ModelException | ReadOnlyException me) {
logger.warn(me.getMessage(), me); logger.warn(me.getMessage(), me);
throw new ErrorResponseException("invalid_request", "Could not add user role mappings!", Response.Status.BAD_REQUEST); throw new ErrorResponseException("invalid_request", "Could not add user role or group mappings!", Response.Status.BAD_REQUEST);
} }
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success(); adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
@ -188,14 +188,14 @@ public class ClientRoleMappingsResource {
} }
/** /**
* Delete client-level roles from user role mapping * Delete client-level roles from user or group role mapping
* *
* @param roles * @param roles
*/ */
@DELETE @DELETE
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS) @Tag(name = KeycloakOpenAPI.Admin.Tags.CLIENT_ROLE_MAPPINGS)
@Operation( summary = "Delete client-level roles from user role mapping") @Operation( summary = "Delete client-level roles from user or group role mapping")
public void deleteClientRoleMapping(List<RoleRepresentation> roles) { public void deleteClientRoleMapping(List<RoleRepresentation> roles) {
managePermission.require(); managePermission.require();
@ -222,7 +222,7 @@ public class ClientRoleMappingsResource {
throw ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR); throw ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
} catch (ModelException | ReadOnlyException me) { } catch (ModelException | ReadOnlyException me) {
logger.warn(me.getMessage(), me); logger.warn(me.getMessage(), me);
throw new ErrorResponseException("invalid_request", "Could not remove user role mappings!", Response.Status.BAD_REQUEST); throw new ErrorResponseException("invalid_request", "Could not remove user or group role mappings!", Response.Status.BAD_REQUEST);
} }
} }
} }

4
services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java
View file

@ -307,8 +307,8 @@ public class RoleMapperResource {
return auth.roles().canMapRole(roleModel); return auth.roles().canMapRole(roleModel);
} }
@Path("clients/{client}") @Path("clients/{client-id}")
public ClientRoleMappingsResource getUserClientRoleMappingsResource(@PathParam("client") String client) { public ClientRoleMappingsResource getUserClientRoleMappingsResource(@PathParam("client-id") @Parameter(description = "client id (not clientId!)") String client) {
ClientModel clientModel = realm.getClientById(client); ClientModel clientModel = realm.getClientById(client);
if (clientModel == null) { if (clientModel == null) {
throw new NotFoundException("Client not found"); throw new NotFoundException("Client not found");