Fetch groups from the target user, not the logged in one, fixed the

wronge hard-coded userId, fix addition of roles.

Fetch groups from the target user, not the logged in one, fixed the
wronge hard-coded userId, fix addition of roles.
Adam Heath
Showing 1 changed file with 18 additions and 4 deletions
service/keycloak/KeycloakServices.groovy
--- a/service/keycloak/KeycloakServices.groovy
View file @af3ad96
+++ b/service/keycloak/KeycloakServices.groovy
View file @af3ad96
@@ -206,13 +206,20 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse

    List<EntityValue> userPermissionList = ec.entity.find('UserPermissionCheck')
        .condition('userId', userId)
-        .useCache(true)
+        .useCache(false)
        .disableAuthz()
        .list()
        .filterByDate('groupFromDate', 'groupThruDate', now)
        .filterByDate('permissionFromDate', 'permissionThruDate', now)
    List<String> moquiPermissions = userPermisionList*.userPermissionId.collect { permission -> 'permission:' + permission }
-    List<String> moquiGroups = ec.user.userGroupIdSet.collect { group -> 'group:' + group }
+    List<EntityValue> userGroupList = ec.entity.find('UserGroupMemberUser')
+        .condition('userId', userId)
+        .useCache(false)
+        .disableAuthz()
+        .list()
+        .filterByDate('fromDate', 'thruDate', now)
+    Set<String> moquiGroups = userGroupList*.userGroupId.collect { group -> 'group:' + group }
+    moquiGroups.add('group:ALL_USERS')

    Map<String, RoleRepresentation> wantedClientRoles = getClientRoles(realm, clientResource, moquiPermissions + moquiGroups)

@@ -225,6 +232,7 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse
    logger.info("user[$userId]} attributes: " + attributes)
    userRep.setAttributes(attributes)

+    List<RoleRepresentation> toRemove = []
    RoleMappingResource roleMappingResource = userResource.roles()
    ClientMappingsRepresentation clientMappingsRespresentation = roleMappingResource.getAll().getClientMappings()[keycloakClientId]
    for (RoleRepresentation existingRoleRep: clientMappingsRespresentation.getMappings()) {
@@ -232,11 +240,16 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse
            toRemove.add(existingRoleRep)
        }
    }
+    List<RoleRepresentation> toAdd = wantedClientRoles.values() as List
+    logger.info("roles to remove: ${toRemove}")
+    logger.info("roles to add: ${toAdd}")
    RoleScopeResource clientRoleScopeResource = roleMappingResource.clientLevel(clientId)
    clientRoleScopeResource.remove(toRemove)
-    clientRoleScopeResource.add(wantedClientRoles.values() as List)
+    clientRoleScopeResource.add(toAdd)

    userResource.update(userRep)
+    Map<String, Object> foo = userResource.impersonate()
+    logger.info("impersonate: foo=${foo}")
 }


@@ -279,7 +292,8 @@ Map<String, Object> getKeycloakUsers() {
            logger.info('keycloak user: ' + keycloakToJson(user))
        }
 */
-        updateUser(realm, keycloakClientId, 'c6a4cb53-4533-4236-89e5-058967b9b90a', '100000')
+        updateUser(realm, keycloakClientId, 'c6a4cb53-4533-4236-89e5-058967b9b90a', '100003')
+        logger.info("access token=${keycloakToJson(keycloak.tokenManager().getAccessToken())}")

    } finally {
        keycloak.close()