commit
d1a3ff8707
2 changed files with 20 additions and 28 deletions
|
@ -29,6 +29,7 @@ import org.keycloak.models.GroupModel;
|
|||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RealmProvider;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.mongo.keycloak.entities.MongoClientEntity;
|
||||
import org.keycloak.models.mongo.keycloak.entities.MongoClientTemplateEntity;
|
||||
|
@ -396,6 +397,11 @@ public class MongoRealmProvider implements RealmProvider {
|
|||
@Override
|
||||
public boolean removeRole(RealmModel realm, RoleModel role) {
|
||||
session.users().preRemove(realm, role);
|
||||
RoleContainerModel container = role.getContainer();
|
||||
if (container.getDefaultRoles().contains(role.getName())) {
|
||||
container.removeDefaultRoles(role.getName());
|
||||
}
|
||||
|
||||
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
|
||||
}
|
||||
|
||||
|
|
|
@ -58,20 +58,19 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
|
|||
public void afterRemove(MongoStoreInvocationContext invContext) {
|
||||
MongoStore mongoStore = invContext.getMongoStore();
|
||||
|
||||
{
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("roleIds").is(getId())
|
||||
.get();
|
||||
|
||||
List<MongoGroupEntity> groups = mongoStore.loadEntities(MongoGroupEntity.class, query, invContext);
|
||||
for (MongoGroupEntity group : groups) {
|
||||
mongoStore.pullItemFromList(group, "roleIds", getId(), invContext);
|
||||
}
|
||||
// Remove from groups
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("roleIds").is(getId())
|
||||
.get();
|
||||
|
||||
List<MongoGroupEntity> groups = mongoStore.loadEntities(MongoGroupEntity.class, query, invContext);
|
||||
for (MongoGroupEntity group : groups) {
|
||||
mongoStore.pullItemFromList(group, "roleIds", getId(), invContext);
|
||||
}
|
||||
|
||||
|
||||
// Remove this scope from all clients, which has it
|
||||
DBObject query = new QueryBuilder()
|
||||
query = new QueryBuilder()
|
||||
.and("scopeIds").is(getId())
|
||||
.get();
|
||||
|
||||
|
@ -81,24 +80,11 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
|
|||
mongoStore.pullItemFromList(client, "scopeIds", getId(), invContext);
|
||||
}
|
||||
|
||||
// Remove defaultRoles from realm
|
||||
if (getRealmId() != null) {
|
||||
MongoRealmEntity realmEntity = mongoStore.loadEntity(MongoRealmEntity.class, getRealmId(), invContext);
|
||||
|
||||
// Realm might be already removed at this point
|
||||
if (realmEntity != null) {
|
||||
mongoStore.pullItemFromList(realmEntity, "defaultRoles", getName(), invContext);
|
||||
}
|
||||
}
|
||||
|
||||
// Remove defaultRoles from application
|
||||
if (getClientId() != null) {
|
||||
MongoClientEntity appEntity = mongoStore.loadEntity(MongoClientEntity.class, getClientId(), invContext);
|
||||
|
||||
// Application might be already removed at this point
|
||||
if (appEntity != null) {
|
||||
mongoStore.pullItemFromList(appEntity, "defaultRoles", getName(), invContext);
|
||||
}
|
||||
// Remove this scope from all clientTemplates, which has it
|
||||
List<MongoClientTemplateEntity> clientTemplates = mongoStore.loadEntities(MongoClientTemplateEntity.class, query, invContext);
|
||||
for (MongoClientTemplateEntity clientTemplate : clientTemplates) {
|
||||
//logger.info("Removing scope " + getName() + " from user " + user.getUsername());
|
||||
mongoStore.pullItemFromList(clientTemplate, "scopeIds", getId(), invContext);
|
||||
}
|
||||
|
||||
// Remove this role from others who has it as composite
|
||||
|
|
Loading…
Reference in a new issue