Skip to content

moqui / moqui-keycloak

Go to a project
Toggle navigation
Toggle navigation pinning
af3ad96c by Adam Heath
Options

Fetch groups from the target user, not the logged in one, fixed the 

wronge hard-coded userId, fix addition of roles.
1 parent d3562157
Inline Side-by-side
Showing 1 changed file with 18 additions and 4 deletions
...@@ -206,13 +206,20 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse ...@@ -206,13 +206,20 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse
206 206
207 List<EntityValue> userPermissionList = ec.entity.find('UserPermissionCheck') 207 List<EntityValue> userPermissionList = ec.entity.find('UserPermissionCheck')
208 .condition('userId', userId) 208 .condition('userId', userId)
209 .useCache(true) 209 .useCache(false)
210 .disableAuthz() 210 .disableAuthz()
211 .list() 211 .list()
212 .filterByDate('groupFromDate', 'groupThruDate', now) 212 .filterByDate('groupFromDate', 'groupThruDate', now)
213 .filterByDate('permissionFromDate', 'permissionThruDate', now) 213 .filterByDate('permissionFromDate', 'permissionThruDate', now)
214 List<String> moquiPermissions = userPermisionList*.userPermissionId.collect { permission -> 'permission:' + permission } 214 List<String> moquiPermissions = userPermisionList*.userPermissionId.collect { permission -> 'permission:' + permission }
215 List<String> moquiGroups = ec.user.userGroupIdSet.collect { group -> 'group:' + group } 215 List<EntityValue> userGroupList = ec.entity.find('UserGroupMemberUser')
216 .condition('userId', userId)
217 .useCache(false)
218 .disableAuthz()
219 .list()
220 .filterByDate('fromDate', 'thruDate', now)
221 Set<String> moquiGroups = userGroupList*.userGroupId.collect { group -> 'group:' + group }
222 moquiGroups.add('group:ALL_USERS')
216 223
217 Map<String, RoleRepresentation> wantedClientRoles = getClientRoles(realm, clientResource, moquiPermissions + moquiGroups) 224 Map<String, RoleRepresentation> wantedClientRoles = getClientRoles(realm, clientResource, moquiPermissions + moquiGroups)
218 225
...@@ -225,6 +232,7 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse ...@@ -225,6 +232,7 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse
225 logger.info("user[$userId]} attributes: " + attributes) 232 logger.info("user[$userId]} attributes: " + attributes)
226 userRep.setAttributes(attributes) 233 userRep.setAttributes(attributes)
227 234
235 List<RoleRepresentation> toRemove = []
228 RoleMappingResource roleMappingResource = userResource.roles() 236 RoleMappingResource roleMappingResource = userResource.roles()
229 ClientMappingsRepresentation clientMappingsRespresentation = roleMappingResource.getAll().getClientMappings()[keycloakClientId] 237 ClientMappingsRepresentation clientMappingsRespresentation = roleMappingResource.getAll().getClientMappings()[keycloakClientId]
230 for (RoleRepresentation existingRoleRep: clientMappingsRespresentation.getMappings()) { 238 for (RoleRepresentation existingRoleRep: clientMappingsRespresentation.getMappings()) {
...@@ -232,11 +240,16 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse ...@@ -232,11 +240,16 @@ void updateUser(RealmResource realm, String keycloakClientId, String keycloakUse
232 toRemove.add(existingRoleRep) 240 toRemove.add(existingRoleRep)
233 } 241 }
234 } 242 }
243 List<RoleRepresentation> toAdd = wantedClientRoles.values() as List
244 logger.info("roles to remove: ${toRemove}")
245 logger.info("roles to add: ${toAdd}")
235 RoleScopeResource clientRoleScopeResource = roleMappingResource.clientLevel(clientId) 246 RoleScopeResource clientRoleScopeResource = roleMappingResource.clientLevel(clientId)
236 clientRoleScopeResource.remove(toRemove) 247 clientRoleScopeResource.remove(toRemove)
237 clientRoleScopeResource.add(wantedClientRoles.values() as List) 248 clientRoleScopeResource.add(toAdd)
238 249
239 userResource.update(userRep) 250 userResource.update(userRep)
251 Map<String, Object> foo = userResource.impersonate()
252 logger.info("impersonate: foo=${foo}")
240 } 253 }
241 254
242 255
...@@ -279,7 +292,8 @@ Map<String, Object> getKeycloakUsers() { ...@@ -279,7 +292,8 @@ Map<String, Object> getKeycloakUsers() {
279 logger.info('keycloak user: ' + keycloakToJson(user)) 292 logger.info('keycloak user: ' + keycloakToJson(user))
280 } 293 }
281 */ 294 */
282 updateUser(realm, keycloakClientId, 'c6a4cb53-4533-4236-89e5-058967b9b90a', '100000') 295 updateUser(realm, keycloakClientId, 'c6a4cb53-4533-4236-89e5-058967b9b90a', '100003')
296 logger.info("access token=${keycloakToJson(keycloak.tokenManager().getAccessToken())}")
283 297
284 } finally { 298 } finally {
285 keycloak.close() 299 keycloak.close()
......