feat: allows retrieval of realm and client level roles for a user (#512)

Co-authored-by: Côme Mary-Vallée <come.maryvallee@cdbdx.biz>
9 months ago · 654cf8848d
3 changed files with 48 additions and 0 deletions
--- a/src/keycloak/keycloak_admin.py
+++ b/src/keycloak/keycloak_admin.py
@ -3111,6 +3111,20 @@ class KeycloakAdmin:
        )
        return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204])
    def get_all_roles_of_user(self, user_id):
        """Get all level roles for a user.
        :param user_id: id of user
        :type user_id: str
        :return: Keycloak server response (array RoleRepresentation)
        :rtype: list
        """
        params_path = {"realm-name": self.connection.realm_name, "id": user_id}
        data_raw = self.connection.raw_get(
            urls_patterns.URL_ADMIN_USER_ALL_ROLES.format(**params_path)
        )
        return raise_error_from_response(data_raw, KeycloakGetError)
    def get_client_roles_of_user(self, user_id, client_id):
        """Get all client roles for a user.
--- a/src/keycloak/urls_patterns.py
+++ b/src/keycloak/urls_patterns.py
@ -51,6 +51,7 @@ URL_ADMIN_SEND_UPDATE_ACCOUNT = "admin/realms/{realm-name}/users/{id}/execute-ac
 URL_ADMIN_SEND_VERIFY_EMAIL = "admin/realms/{realm-name}/users/{id}/send-verify-email"
 URL_ADMIN_RESET_PASSWORD = "admin/realms/{realm-name}/users/{id}/reset-password"
 URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions"
 URL_ADMIN_USER_ALL_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings"
 URL_ADMIN_USER_CLIENT_ROLES = (
    "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}"
 )
--- a/tests/test_keycloak_admin.py
+++ b/tests/test_keycloak_admin.py
@ -386,6 +386,39 @@ def test_users(admin: KeycloakAdmin, realm: str):
    assert err.match(USER_NOT_FOUND_REGEX)
 def test_users_roles(admin: KeycloakAdmin, realm: str):
    """Test users roles.
    :param admin: Keycloak Admin client
    :type admin: KeycloakAdmin
    :param realm: Keycloak realm
    :type realm: str
    """
    user_id = admin.create_user(payload={"username": "test", "email": "test@test.test"})
    # Test all level user roles
    client_id = admin.create_client(payload={"name": "test-client", "clientId": "test-client"})
    admin.create_client_role(client_role_id=client_id, payload={"name": "test-role"})
    admin.assign_client_role(
        client_id=client_id,
        user_id=user_id,
        roles=[admin.get_client_role(client_id=client_id, role_name="test-role")],
    )
    all_roles = admin.get_all_roles_of_user(user_id=user_id)
    realm_roles = all_roles["realmMappings"]
    assert len(realm_roles) == 1, realm_roles
    client_roles = all_roles["clientMappings"]
    assert len(client_roles) == 1, client_roles
    # Test all level user roles fail
    with pytest.raises(KeycloakGetError) as err:
        admin.get_all_roles_of_user(user_id="non-existent-id")
    err.match('404: b\'{"error":"User not found"}\'')
    admin.delete_user(user_id)
    admin.delete_client(client_id)
 def test_users_pagination(admin: KeycloakAdmin, realm: str):
    """Test user pagination.