Extracting subject id from user credentials for role mapping on Keycloak Api
This commit is contained in:
parent
a94473be49
commit
b46c4e19e2
|
@ -10,6 +10,7 @@ import eu.eudat.commons.enums.IsActive;
|
||||||
import eu.eudat.commons.scope.user.UserScope;
|
import eu.eudat.commons.scope.user.UserScope;
|
||||||
import eu.eudat.commons.types.user.AdditionalInfoEntity;
|
import eu.eudat.commons.types.user.AdditionalInfoEntity;
|
||||||
import eu.eudat.convention.ConventionService;
|
import eu.eudat.convention.ConventionService;
|
||||||
|
import eu.eudat.data.UserCredentialEntity;
|
||||||
import eu.eudat.data.UserEntity;
|
import eu.eudat.data.UserEntity;
|
||||||
import eu.eudat.data.UserRoleEntity;
|
import eu.eudat.data.UserRoleEntity;
|
||||||
import eu.eudat.errorcode.ErrorThesaurusProperties;
|
import eu.eudat.errorcode.ErrorThesaurusProperties;
|
||||||
|
@ -23,6 +24,7 @@ import eu.eudat.model.deleter.UserRoleDeleter;
|
||||||
import eu.eudat.model.persist.UserAdditionalInfoPersist;
|
import eu.eudat.model.persist.UserAdditionalInfoPersist;
|
||||||
import eu.eudat.model.persist.UserPersist;
|
import eu.eudat.model.persist.UserPersist;
|
||||||
import eu.eudat.model.persist.UserRolePatchPersist;
|
import eu.eudat.model.persist.UserRolePatchPersist;
|
||||||
|
import eu.eudat.query.UserCredentialQuery;
|
||||||
import eu.eudat.query.UserQuery;
|
import eu.eudat.query.UserQuery;
|
||||||
import eu.eudat.query.UserRoleQuery;
|
import eu.eudat.query.UserRoleQuery;
|
||||||
import eu.eudat.service.keycloak.KeycloakRole;
|
import eu.eudat.service.keycloak.KeycloakRole;
|
||||||
|
@ -206,6 +208,9 @@ public class UserServiceImpl implements UserService {
|
||||||
if (data == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
if (data == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
||||||
if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage());
|
if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage());
|
||||||
|
|
||||||
|
List<UserCredentialEntity> userCredentials = this.queryFactory.query(UserCredentialQuery.class).userIds(data.getId()).collect();
|
||||||
|
boolean credentialsExist = !userCredentials.isEmpty();
|
||||||
|
|
||||||
List<UserRoleEntity> existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(data.getId()).collect();
|
List<UserRoleEntity> existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(data.getId()).collect();
|
||||||
List<UUID> foundIds = new ArrayList<>();
|
List<UUID> foundIds = new ArrayList<>();
|
||||||
for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank()).distinct().toList()) {
|
for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank()).distinct().toList()) {
|
||||||
|
@ -217,7 +222,9 @@ public class UserServiceImpl implements UserService {
|
||||||
item.setRole(roleName);
|
item.setRole(roleName);
|
||||||
item.setCreatedAt(Instant.now());
|
item.setCreatedAt(Instant.now());
|
||||||
this.entityManager.persist(item);
|
this.entityManager.persist(item);
|
||||||
this.keycloakService.addUserToGroup(data.getId(), KeycloakRole.valueOf(roleName));
|
if (credentialsExist) {
|
||||||
|
this.keycloakService.addUserToGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(roleName));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
foundIds.add(item.getId());
|
foundIds.add(item.getId());
|
||||||
}
|
}
|
||||||
|
@ -225,7 +232,9 @@ public class UserServiceImpl implements UserService {
|
||||||
this.entityManager.flush();
|
this.entityManager.flush();
|
||||||
|
|
||||||
List<UserRoleEntity> toDelete = existingItems.stream().filter(x-> foundIds.stream().noneMatch(y-> y.equals(x.getId()))).collect(Collectors.toList());
|
List<UserRoleEntity> toDelete = existingItems.stream().filter(x-> foundIds.stream().noneMatch(y-> y.equals(x.getId()))).collect(Collectors.toList());
|
||||||
toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(data.getId(), KeycloakRole.valueOf(x.getRole())));
|
if (credentialsExist) {
|
||||||
|
toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(x.getRole())));
|
||||||
|
}
|
||||||
this.deleterFactory.deleter(UserRoleDeleter.class).deleteAndSave(toDelete);
|
this.deleterFactory.deleter(UserRoleDeleter.class).deleteAndSave(toDelete);
|
||||||
|
|
||||||
this.entityManager.flush();
|
this.entityManager.flush();
|
||||||
|
|
|
@ -8,6 +8,3 @@ keycloak-client:
|
||||||
|
|
||||||
keycloak-resources:
|
keycloak-resources:
|
||||||
authorities: null
|
authorities: null
|
||||||
tenantGroupsNamingStrategy: null
|
|
||||||
guestsGroup: null
|
|
||||||
administratorsGroup: null
|
|
Loading…
Reference in New Issue