From 562b884c606b827bd8b410d10d14440d0b4dccce Mon Sep 17 00:00:00 2001 From: Markus Spanier Date: Sun, 4 Mar 2018 17:47:33 +0100 Subject: [PATCH] Add method to retrieve avaialbe and composite client roles of a user --- keycloak/keycloak_admin.py | 30 +++++++++++++++++++++++++++--- keycloak/urls_patterns.py | 2 ++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 37d5ab4..bfedd86 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -22,8 +22,9 @@ from .urls_patterns import \ URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \ URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \ URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \ - URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\ - URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE + URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP, \ + URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, \ + URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, URL_ADMIN_USER_STORAGE from .keycloak_openid import KeycloakOpenID @@ -645,8 +646,31 @@ class KeycloakAdmin: :param user_id: id of user :return: Keycloak server response (array RoleRepresentation) """ + return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES, user_id, client_id) + + def get_available_client_roles_of_user(self, user_id, client_id): + """ + Get available client role-mappings for a user. + + :param client_id: id of client (not client-id) + :param user_id: id of user + :return: Keycloak server response (array RoleRepresentation) + """ + return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, user_id, client_id) + + def get_composite_client_roles_of_user(self, user_id, client_id): + """ + Get composite client role-mappings for a user. + + :param client_id: id of client (not client-id) + :param user_id: id of user + :return: Keycloak server response (array RoleRepresentation) + """ + return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, user_id, client_id) + + def _get_client_roles_of_user(self, client_level_role_mapping_url, user_id, client_id): params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id} - data_raw = self.connection.raw_get(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path)) + data_raw = self.connection.raw_get(client_level_role_mapping_url.format(**params_path)) return raise_error_from_response(data_raw, KeycloakGetError) def delete_client_roles_of_user(self, user_id, client_id, roles): diff --git a/keycloak/urls_patterns.py b/keycloak/urls_patterns.py index ce593da..11f2e00 100644 --- a/keycloak/urls_patterns.py +++ b/keycloak/urls_patterns.py @@ -34,6 +34,8 @@ URL_ADMIN_SEND_VERIFY_EMAIL = "admin/realms/{realm-name}/users/{id}/send-verify- URL_ADMIN_RESET_PASSWORD = "admin/realms/{realm-name}/users/{id}/reset-password" URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions" URL_ADMIN_USER_CLIENT_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}" +URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/available" +URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/composite" URL_ADMIN_USER_GROUP = "admin/realms/{realm-name}/users/{id}/groups/{group-id}" URL_ADMIN_SERVER_INFO = "admin/serverinfo"