commit
d1a3ff8707
2 changed files with 20 additions and 28 deletions
|
@ -29,6 +29,7 @@ import org.keycloak.models.GroupModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RealmProvider;
|
import org.keycloak.models.RealmProvider;
|
||||||
|
import org.keycloak.models.RoleContainerModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.mongo.keycloak.entities.MongoClientEntity;
|
import org.keycloak.models.mongo.keycloak.entities.MongoClientEntity;
|
||||||
import org.keycloak.models.mongo.keycloak.entities.MongoClientTemplateEntity;
|
import org.keycloak.models.mongo.keycloak.entities.MongoClientTemplateEntity;
|
||||||
|
@ -396,6 +397,11 @@ public class MongoRealmProvider implements RealmProvider {
|
||||||
@Override
|
@Override
|
||||||
public boolean removeRole(RealmModel realm, RoleModel role) {
|
public boolean removeRole(RealmModel realm, RoleModel role) {
|
||||||
session.users().preRemove(realm, role);
|
session.users().preRemove(realm, role);
|
||||||
|
RoleContainerModel container = role.getContainer();
|
||||||
|
if (container.getDefaultRoles().contains(role.getName())) {
|
||||||
|
container.removeDefaultRoles(role.getName());
|
||||||
|
}
|
||||||
|
|
||||||
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
|
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -58,20 +58,19 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
|
||||||
public void afterRemove(MongoStoreInvocationContext invContext) {
|
public void afterRemove(MongoStoreInvocationContext invContext) {
|
||||||
MongoStore mongoStore = invContext.getMongoStore();
|
MongoStore mongoStore = invContext.getMongoStore();
|
||||||
|
|
||||||
{
|
// Remove from groups
|
||||||
DBObject query = new QueryBuilder()
|
DBObject query = new QueryBuilder()
|
||||||
.and("roleIds").is(getId())
|
.and("roleIds").is(getId())
|
||||||
.get();
|
.get();
|
||||||
|
|
||||||
List<MongoGroupEntity> groups = mongoStore.loadEntities(MongoGroupEntity.class, query, invContext);
|
|
||||||
for (MongoGroupEntity group : groups) {
|
|
||||||
mongoStore.pullItemFromList(group, "roleIds", getId(), invContext);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
List<MongoGroupEntity> groups = mongoStore.loadEntities(MongoGroupEntity.class, query, invContext);
|
||||||
|
for (MongoGroupEntity group : groups) {
|
||||||
|
mongoStore.pullItemFromList(group, "roleIds", getId(), invContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Remove this scope from all clients, which has it
|
// Remove this scope from all clients, which has it
|
||||||
DBObject query = new QueryBuilder()
|
query = new QueryBuilder()
|
||||||
.and("scopeIds").is(getId())
|
.and("scopeIds").is(getId())
|
||||||
.get();
|
.get();
|
||||||
|
|
||||||
|
@ -81,24 +80,11 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
|
||||||
mongoStore.pullItemFromList(client, "scopeIds", getId(), invContext);
|
mongoStore.pullItemFromList(client, "scopeIds", getId(), invContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove defaultRoles from realm
|
// Remove this scope from all clientTemplates, which has it
|
||||||
if (getRealmId() != null) {
|
List<MongoClientTemplateEntity> clientTemplates = mongoStore.loadEntities(MongoClientTemplateEntity.class, query, invContext);
|
||||||
MongoRealmEntity realmEntity = mongoStore.loadEntity(MongoRealmEntity.class, getRealmId(), invContext);
|
for (MongoClientTemplateEntity clientTemplate : clientTemplates) {
|
||||||
|
//logger.info("Removing scope " + getName() + " from user " + user.getUsername());
|
||||||
// Realm might be already removed at this point
|
mongoStore.pullItemFromList(clientTemplate, "scopeIds", getId(), invContext);
|
||||||
if (realmEntity != null) {
|
|
||||||
mongoStore.pullItemFromList(realmEntity, "defaultRoles", getName(), invContext);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Remove defaultRoles from application
|
|
||||||
if (getClientId() != null) {
|
|
||||||
MongoClientEntity appEntity = mongoStore.loadEntity(MongoClientEntity.class, getClientId(), invContext);
|
|
||||||
|
|
||||||
// Application might be already removed at this point
|
|
||||||
if (appEntity != null) {
|
|
||||||
mongoStore.pullItemFromList(appEntity, "defaultRoles", getName(), invContext);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove this role from others who has it as composite
|
// Remove this role from others who has it as composite
|
||||||
|
|
Loading…
Reference in a new issue