airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject [07/50] [abbrv] airavata-php-gateway git commit: AIRAVATA-2342 Add support for removing roles from user
Date Fri, 16 Jun 2017 20:36:10 GMT
AIRAVATA-2342 Add support for removing roles from user


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/68cfa16f
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/68cfa16f
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/68cfa16f

Branch: refs/heads/develop
Commit: 68cfa16faa2e60d45874760f781c8f497820fa93
Parents: ee4e98a
Author: Marcus Christie <machrist@iu.edu>
Authored: Thu Mar 23 15:40:52 2017 -0400
Committer: Marcus Christie <machrist@iu.edu>
Committed: Thu Mar 23 15:40:52 2017 -0400

----------------------------------------------------------------------
 app/libraries/Keycloak/API/RoleMapper.php | 38 ++++++++++++++++++++++++++
 app/libraries/Keycloak/Keycloak.php       | 12 +++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/68cfa16f/app/libraries/Keycloak/API/RoleMapper.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/API/RoleMapper.php b/app/libraries/Keycloak/API/RoleMapper.php
index 738012b..18a477b 100644
--- a/app/libraries/Keycloak/API/RoleMapper.php
+++ b/app/libraries/Keycloak/API/RoleMapper.php
@@ -56,6 +56,10 @@ class RoleMapper {
         return $result;
     }
 
+    /**
+     * Add realm-level role mappings for a user
+     * POST /admin/realms/{realm}/users/{user_id}/role-mappings/realm
+     */
     public function addRealmRoleMappingsToUser($realm, $user_id, $role_representations) {
 
         // get access token for admin API
@@ -85,6 +89,40 @@ class RoleMapper {
         return;
     }
 
+    /*
+     * Delete realm-level role mappings for a user
+     * DELETE /admin/realms/{realm}/users/{user_id}/role-mappings/realm
+     */
+    public function deleteRealmRoleMappingsToUser($realm, $user_id, $role_representations)
{
+
+        // get access token for admin API
+        $access_token = $this->getAPIAccessToken();
+        $url = $this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users/'
. rawurlencode($user_id) . '/role-mappings/realm';
+        // Log::debug("deleteRealmRoleMappingsToUser", array($url, $role_representations));
+        $r = curl_init($url);
+        curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($r, CURLOPT_ENCODING, 1);
+        curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+
+        curl_setopt($r, CURLOPT_CUSTOMREQUEST, "DELETE");
+        curl_setopt($r, CURLOPT_POST, true);
+        $data = json_encode($role_representations);
+        // Log::debug("deleteRealmRoleMappingsToUser data=$data");
+        curl_setopt($r, CURLOPT_HTTPHEADER, array(
+            "Authorization: Bearer " . $access_token,
+            'Content-Type: application/json',
+            'Content-Length: ' . strlen($data))
+        );
+        curl_setopt($r, CURLOPT_POSTFIELDS, $data);
+
+        $response = curl_exec($r);
+        $info = curl_getinfo($r);
+        if ($info['http_code'] != 200 && $info['http_code'] != 204) {
+            throw new Exception("Failed to delete realm role mapping to user");
+        }
+        return;
+    }
+
     // TODO: factor this out into base class?
     private function getAPIAccessToken() {
 

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/68cfa16f/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index 5dc57d4..a6d618b 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -188,7 +188,7 @@ class Keycloak {
      * @return void
      */
     public function updateUserRoles( $user_id, $roles){
-        Log::debug("updateUserRoles", array($user_id, $roles));
+        // Log::debug("updateUserRoles", array($user_id, $roles));
         try {
             // Get all of the roles into an array keyed by role name
             $all_roles = $this->roles->getRoles($this->realm);
@@ -196,6 +196,16 @@ class Keycloak {
             foreach ($all_roles as $role) {
                 $roles_by_name[$role->name] = $role;
             }
+
+            // Process the role deletions
+            if(isset($roles["deleted"])){
+                if(!is_array($roles["deleted"]))
+                    $roles["deleted"] = array($roles["deleted"]);
+                foreach ($roles["deleted"] as $role) {
+                    $this->role_mapper->deleteRealmRoleMappingsToUser($this->realm,
$user_id, array($roles_by_name[$role]));
+                }
+            }
+
             // Process the role additions
             if(isset($roles["new"])){
                 if(!is_array($roles["new"]))


Mime
View raw message