Browse Source

feat: allows retrieval of realm and client level roles for a user (#512)

Co-authored-by: Côme Mary-Vallée <come.maryvallee@cdbdx.biz>
pull/550/head v3.12.0
Côme Mary-Vallée 9 months ago
committed by GitHub
parent
commit
654cf8848d
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 14
      src/keycloak/keycloak_admin.py
  2. 1
      src/keycloak/urls_patterns.py
  3. 33
      tests/test_keycloak_admin.py

14
src/keycloak/keycloak_admin.py

@ -3111,6 +3111,20 @@ class KeycloakAdmin:
)
return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204])
def get_all_roles_of_user(self, user_id):
"""Get all level roles for a user.
:param user_id: id of user
:type user_id: str
:return: Keycloak server response (array RoleRepresentation)
:rtype: list
"""
params_path = {"realm-name": self.connection.realm_name, "id": user_id}
data_raw = self.connection.raw_get(
urls_patterns.URL_ADMIN_USER_ALL_ROLES.format(**params_path)
)
return raise_error_from_response(data_raw, KeycloakGetError)
def get_client_roles_of_user(self, user_id, client_id):
"""Get all client roles for a user.

1
src/keycloak/urls_patterns.py

@ -51,6 +51,7 @@ URL_ADMIN_SEND_UPDATE_ACCOUNT = "admin/realms/{realm-name}/users/{id}/execute-ac
URL_ADMIN_SEND_VERIFY_EMAIL = "admin/realms/{realm-name}/users/{id}/send-verify-email"
URL_ADMIN_RESET_PASSWORD = "admin/realms/{realm-name}/users/{id}/reset-password"
URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions"
URL_ADMIN_USER_ALL_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings"
URL_ADMIN_USER_CLIENT_ROLES = (
"admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}"
)

33
tests/test_keycloak_admin.py

@ -386,6 +386,39 @@ def test_users(admin: KeycloakAdmin, realm: str):
assert err.match(USER_NOT_FOUND_REGEX)
def test_users_roles(admin: KeycloakAdmin, realm: str):
"""Test users roles.
:param admin: Keycloak Admin client
:type admin: KeycloakAdmin
:param realm: Keycloak realm
:type realm: str
"""
user_id = admin.create_user(payload={"username": "test", "email": "test@test.test"})
# Test all level user roles
client_id = admin.create_client(payload={"name": "test-client", "clientId": "test-client"})
admin.create_client_role(client_role_id=client_id, payload={"name": "test-role"})
admin.assign_client_role(
client_id=client_id,
user_id=user_id,
roles=[admin.get_client_role(client_id=client_id, role_name="test-role")],
)
all_roles = admin.get_all_roles_of_user(user_id=user_id)
realm_roles = all_roles["realmMappings"]
assert len(realm_roles) == 1, realm_roles
client_roles = all_roles["clientMappings"]
assert len(client_roles) == 1, client_roles
# Test all level user roles fail
with pytest.raises(KeycloakGetError) as err:
admin.get_all_roles_of_user(user_id="non-existent-id")
err.match('404: b\'{"error":"User not found"}\'')
admin.delete_user(user_id)
admin.delete_client(client_id)
def test_users_pagination(admin: KeycloakAdmin, realm: str):
"""Test user pagination.

Loading…
Cancel
Save