argos/dmp-backend/core/src/main/java/eu/eudat/service/keycloak/KeycloakServiceImpl.java

package eu.eudat.service.keycloak;

import gr.cite.commons.web.keycloak.api.configuration.KeycloakClientConfiguration;
import gr.cite.tools.logging.LoggerService;
import org.jetbrains.annotations.NotNull;
import org.keycloak.representations.idm.GroupRepresentation;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.*;

@Service
public class KeycloakServiceImpl implements KeycloakService {

    private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(KeycloakServiceImpl.class));
    private final MyKeycloakAdminRestApi api;
    private final KeycloakResourcesConfiguration configuration;
    private final KeycloakClientConfiguration clientConfiguration;

    @Autowired
    public KeycloakServiceImpl(MyKeycloakAdminRestApi api, KeycloakResourcesConfiguration configuration, KeycloakClientConfiguration clientConfiguration) {
        this.api = api;
        this.configuration = configuration;
        this.clientConfiguration = clientConfiguration;
    }

    @Override
    public void addUserToGroup(@NotNull String subjectId, String groupId) {
        api.users().addUserToGroup(subjectId, groupId);
    }

    @Override
    public void removeUserFromGroup(@NotNull String subjectId, String groupId) {
        api.users().removeUserFromGroup(subjectId, groupId);
    }

    @Override
    public void addUserToGlobalRoleGroup(String subjectId, String role) {
        KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role);
        if (properties != null) addUserToGroup(subjectId, properties.getGroupId());
    }

    @Override
    public void removeUserGlobalRoleGroup(@NotNull String subjectId, String role) {
        KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role);
        if (properties != null)
            removeUserFromGroup(subjectId, properties.getGroupId());
    }
//
//    @Override
//    public void assignClientRoleToUser(UUID subjectId, String clientId, KeycloakRole role) {
//        if (clientId == null)
//            clientId = clientConfiguration.getProperties().getClientId();
//        UserRepresentation user = api.users().findUserById(subjectId.toString());
//        user.getClientRoles().computeIfAbsent(clientId, k -> new ArrayList<>());
//        Set<String> clientRoles = new HashSet<>(Set.copyOf(user.getClientRoles().get(clientId)));
//        clientRoles.add(role.name());
//        user.getClientRoles().get(clientId).clear();
//        user.getClientRoles().get(clientId).addAll(clientRoles);
//        api.users().updateUser(subjectId.toString(), user);
//    }
//
//    @Override
//    public void removeClientRoleFromUser(UUID subjectId, String clientId, KeycloakRole role) {
//        if (clientId == null) clientId = clientConfiguration.getProperties().getClientId();
//        UserRepresentation user = api.users().findUserById(subjectId.toString());
//        user.getClientRoles().computeIfAbsent(clientId, k -> new ArrayList<>());
//        Set<String> clientRoles = new HashSet<>(Set.copyOf(user.getClientRoles().get(clientId)));
//        clientRoles.remove(role.name());
//        user.getClientRoles().get(clientId).clear();
//        user.getClientRoles().get(clientId).addAll(clientRoles);
//        api.users().updateUser(subjectId.toString(), user);
//    }
//
//    public List<GroupRepresentation> getUserGroups(UUID subjectId) {
//        return api.users().getGroups(subjectId.toString());
//    }

    @Override
    public void addUserToTenantRoleGroup(String subjectId, String tenantCode, String tenantRole) {
        GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(tenantRole) + "/" + configuration.getTenantGroupName(tenantCode));
        addUserToGroup(subjectId, group.getId());
    }

    @Override
    public void removeUserTenantRoleGroup(String subjectId, String tenantCode, String tenantRole) {
        GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(tenantRole) + "/" + configuration.getTenantGroupName(tenantCode));
        removeUserFromGroup(subjectId, group.getId());
    }
    
    private String getTenantAuthorityParentPath(String tenantRole) {
        GroupRepresentation parent = api.groups().findGroupById(configuration.getProperties().getTenantAuthorities().get(tenantRole).getParent());
        return parent.getPath();
    }

    @Override
    public void createTenantGroups(String tenantCode) {
        for (Map.Entry<String,KeycloakTenantAuthorityProperties> entry :configuration.getProperties().getTenantAuthorities().entrySet()){
            GroupRepresentation group = new GroupRepresentation();
            group.setName(configuration.getTenantGroupName(tenantCode));
            HashMap<String, List<String>> user_attributes = new HashMap<>();
            user_attributes.put(this.configuration.getProperties().getTenantRoleAttributeName(), List.of(configuration.getTenantRoleAttributeValue(tenantCode, entry.getKey())));
            group.setAttributes(user_attributes);
            api.groups().addGroupWithParent(group, configuration.getProperties().getTenantAuthorities().get(entry.getKey()).getParent());
        }
    }
}