From b46c4e19e243bfcf6d5f7e3f33318faf78cfb086 Mon Sep 17 00:00:00 2001 From: Thomas Georgios Giannos Date: Tue, 12 Dec 2023 16:17:08 +0200 Subject: [PATCH] Extracting subject id from user credentials for role mapping on Keycloak Api --- .../java/eu/eudat/service/user/UserServiceImpl.java | 13 +++++++++++-- .../web/src/main/resources/config/keycloak.yml | 5 +---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/dmp-backend/core/src/main/java/eu/eudat/service/user/UserServiceImpl.java b/dmp-backend/core/src/main/java/eu/eudat/service/user/UserServiceImpl.java index 08313fa4f..5c1ef1a9b 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/service/user/UserServiceImpl.java +++ b/dmp-backend/core/src/main/java/eu/eudat/service/user/UserServiceImpl.java @@ -10,6 +10,7 @@ import eu.eudat.commons.enums.IsActive; import eu.eudat.commons.scope.user.UserScope; import eu.eudat.commons.types.user.AdditionalInfoEntity; import eu.eudat.convention.ConventionService; +import eu.eudat.data.UserCredentialEntity; import eu.eudat.data.UserEntity; import eu.eudat.data.UserRoleEntity; import eu.eudat.errorcode.ErrorThesaurusProperties; @@ -23,6 +24,7 @@ import eu.eudat.model.deleter.UserRoleDeleter; import eu.eudat.model.persist.UserAdditionalInfoPersist; import eu.eudat.model.persist.UserPersist; import eu.eudat.model.persist.UserRolePatchPersist; +import eu.eudat.query.UserCredentialQuery; import eu.eudat.query.UserQuery; import eu.eudat.query.UserRoleQuery; import eu.eudat.service.keycloak.KeycloakRole; @@ -206,6 +208,9 @@ public class UserServiceImpl implements UserService { if (data == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage()); + List userCredentials = this.queryFactory.query(UserCredentialQuery.class).userIds(data.getId()).collect(); + boolean credentialsExist = !userCredentials.isEmpty(); + List existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(data.getId()).collect(); List foundIds = new ArrayList<>(); for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank()).distinct().toList()) { @@ -217,7 +222,9 @@ public class UserServiceImpl implements UserService { item.setRole(roleName); item.setCreatedAt(Instant.now()); this.entityManager.persist(item); - this.keycloakService.addUserToGroup(data.getId(), KeycloakRole.valueOf(roleName)); + if (credentialsExist) { + this.keycloakService.addUserToGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(roleName)); + } } foundIds.add(item.getId()); } @@ -225,7 +232,9 @@ public class UserServiceImpl implements UserService { this.entityManager.flush(); List toDelete = existingItems.stream().filter(x-> foundIds.stream().noneMatch(y-> y.equals(x.getId()))).collect(Collectors.toList()); - toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(data.getId(), KeycloakRole.valueOf(x.getRole()))); + if (credentialsExist) { + toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(x.getRole()))); + } this.deleterFactory.deleter(UserRoleDeleter.class).deleteAndSave(toDelete); this.entityManager.flush(); diff --git a/dmp-backend/web/src/main/resources/config/keycloak.yml b/dmp-backend/web/src/main/resources/config/keycloak.yml index 3916f6454..934a3e5f0 100644 --- a/dmp-backend/web/src/main/resources/config/keycloak.yml +++ b/dmp-backend/web/src/main/resources/config/keycloak.yml @@ -7,7 +7,4 @@ keycloak-client: clientSecret: ${KEYCLOAK_API_CLIENT_SECRET:} keycloak-resources: - authorities: null - tenantGroupsNamingStrategy: null - guestsGroup: null - administratorsGroup: null \ No newline at end of file + authorities: null \ No newline at end of file