Add method to retrieve avaialbe and composite client roles of a user

6 years ago · 562b884c60
2 changed files with 29 additions and 3 deletions
--- a/keycloak/keycloak_admin.py
+++ b/keycloak/keycloak_admin.py
@ -22,8 +22,9 @@ from .urls_patterns import \
    URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
    URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
    URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
-    URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\
-    URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE
+    URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP, \
+    URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, \
+    URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, URL_ADMIN_USER_STORAGE

 from .keycloak_openid import KeycloakOpenID

@ -645,8 +646,31 @@ class KeycloakAdmin:
        :param user_id: id of user
        :return: Keycloak server response (array RoleRepresentation)
        """
+        return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES, user_id, client_id)
+
+    def get_available_client_roles_of_user(self, user_id, client_id):
+        """
+        Get available client role-mappings for a user.
+
+        :param client_id: id of client (not client-id)
+        :param user_id: id of user
+        :return: Keycloak server response (array RoleRepresentation)
+        """
+        return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, user_id, client_id)
+
+    def get_composite_client_roles_of_user(self, user_id, client_id):
+        """
+        Get composite client role-mappings for a user.
+
+        :param client_id: id of client (not client-id)
+        :param user_id: id of user
+        :return: Keycloak server response (array RoleRepresentation)
+        """
+        return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, user_id, client_id)
+
+    def _get_client_roles_of_user(self, client_level_role_mapping_url, user_id, client_id):
        params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
-        data_raw = self.connection.raw_get(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path))
+        data_raw = self.connection.raw_get(client_level_role_mapping_url.format(**params_path))
        return raise_error_from_response(data_raw, KeycloakGetError)

    def delete_client_roles_of_user(self, user_id, client_id, roles):
--- a/keycloak/urls_patterns.py
+++ b/keycloak/urls_patterns.py
@ -34,6 +34,8 @@ URL_ADMIN_SEND_VERIFY_EMAIL = "admin/realms/{realm-name}/users/{id}/send-verify-
 URL_ADMIN_RESET_PASSWORD = "admin/realms/{realm-name}/users/{id}/reset-password"
 URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions"
 URL_ADMIN_USER_CLIENT_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}"
+URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/available"
+URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/composite"
 URL_ADMIN_USER_GROUP = "admin/realms/{realm-name}/users/{id}/groups/{group-id}"

 URL_ADMIN_SERVER_INFO = "admin/serverinfo"