Browse Source

Add method to retrieve avaialbe and composite client roles of a user

pull/12/head
Markus Spanier 7 years ago
parent
commit
562b884c60
  1. 28
      keycloak/keycloak_admin.py
  2. 2
      keycloak/urls_patterns.py

28
keycloak/keycloak_admin.py

@ -23,7 +23,8 @@ from .urls_patterns import \
URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP, \
URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE
URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, \
URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, URL_ADMIN_USER_STORAGE
from .keycloak_openid import KeycloakOpenID
@ -645,8 +646,31 @@ class KeycloakAdmin:
:param user_id: id of user
:return: Keycloak server response (array RoleRepresentation)
"""
return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES, user_id, client_id)
def get_available_client_roles_of_user(self, user_id, client_id):
"""
Get available client role-mappings for a user.
:param client_id: id of client (not client-id)
:param user_id: id of user
:return: Keycloak server response (array RoleRepresentation)
"""
return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, user_id, client_id)
def get_composite_client_roles_of_user(self, user_id, client_id):
"""
Get composite client role-mappings for a user.
:param client_id: id of client (not client-id)
:param user_id: id of user
:return: Keycloak server response (array RoleRepresentation)
"""
return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, user_id, client_id)
def _get_client_roles_of_user(self, client_level_role_mapping_url, user_id, client_id):
params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
data_raw = self.connection.raw_get(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path))
data_raw = self.connection.raw_get(client_level_role_mapping_url.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError)
def delete_client_roles_of_user(self, user_id, client_id, roles):

2
keycloak/urls_patterns.py

@ -34,6 +34,8 @@ URL_ADMIN_SEND_VERIFY_EMAIL = "admin/realms/{realm-name}/users/{id}/send-verify-
URL_ADMIN_RESET_PASSWORD = "admin/realms/{realm-name}/users/{id}/reset-password"
URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions"
URL_ADMIN_USER_CLIENT_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}"
URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/available"
URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/composite"
URL_ADMIN_USER_GROUP = "admin/realms/{realm-name}/users/{id}/groups/{group-id}"
URL_ADMIN_SERVER_INFO = "admin/serverinfo"

Loading…
Cancel
Save