diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
index f1befd7..211ed20 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
@@ -59,6 +59,9 @@ module.config([ '$routeProvider', function($routeProvider) {
user : function(UserLoader) {
return UserLoader();
},
+ applications : function(ApplicationListLoader) {
+ return ApplicationListLoader();
+ },
roles : function(RoleListLoader) {
return RoleListLoader();
}
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
index 5f76681..3dedcb0 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
@@ -198,13 +198,20 @@ Array.prototype.remove = function(from, to) {
return this.push.apply(this, rest);
};
-module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, roles, RealmRoleMapping) {
+module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, roles, applications, RealmRoleMapping, ApplicationRoleMapping, ApplicationRole) {
$scope.realm = realm;
$scope.user = user;
$scope.realmRoles = angular.copy(roles);
$scope.selectedRealmRoles = [];
$scope.selectedRealmMappings = [];
$scope.realmMappings = [];
+ $scope.applications = applications;
+ $scope.applicationRoles = [];
+ $scope.selectedApplicationRoles = [];
+ $scope.selectedApplicationMappings = [];
+ $scope.applicationMappings = [];
+
+
$scope.realmMappings = RealmRoleMapping.query({realm : realm.id, userId : user.username}, function(){
for (var i = 0; i < $scope.realmMappings.length; i++) {
@@ -238,7 +245,6 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, ro
};
$scope.deleteRealmRole = function() {
- console.log('deleteRealmRole');
$http.delete('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/realm',
{data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function() {
for (var i = 0; i < $scope.selectedRealmMappings.length; i++) {
@@ -253,6 +259,59 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, ro
});
};
+ $scope.addApplicationRole = function() {
+ $http.post('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/applications/' + $scope.application.id,
+ $scope.selectedApplicationRoles).success(function() {
+ for (var i = 0; i < $scope.selectedApplicationRoles.length; i++) {
+ var role = $scope.selectedApplicationRoles[i];
+ var idx = $scope.applicationRoles.indexOf($scope.selectedApplicationRoles[i]);
+ if (idx != -1) {
+ $scope.applicationRoles.splice(idx, 1);
+ $scope.applicationMappings.push(role);
+ }
+ }
+ $scope.selectedApplicationRoles = [];
+ });
+ };
+
+ $scope.deleteApplicationRole = function() {
+ $http.delete('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/applications/' + $scope.application.id,
+ {data : $scope.selectedApplicationMappings, headers : {"content-type" : "application/json"}}).success(function() {
+ for (var i = 0; i < $scope.selectedApplicationMappings.length; i++) {
+ var role = $scope.selectedApplicationMappings[i];
+ var idx = $scope.applicationMappings.indexOf($scope.selectedApplicationMappings[i]);
+ if (idx != -1) {
+ $scope.applicationMappings.splice(idx, 1);
+ $scope.applicationRoles.push(role);
+ }
+ }
+ $scope.selectedApplicationMappings = [];
+ });
+ };
+
+
+ $scope.changeApplication = function() {
+ $scope.applicationRoles = ApplicationRole.query({realm : realm.id, userId : user.username, application : $scope.application.id}, function() {
+ $scope.applicationMappings = ApplicationRoleMapping.query({realm : realm.id, userId : user.username, application : $scope.application.id}, function(){
+ for (var i = 0; i < $scope.applicationMappings.length; i++) {
+ var role = $scope.applicationMappings[i];
+ for (var j = 0; j < $scope.applicationRoles.length; j++) {
+ var realmRole = $scope.applicationRoles[j];
+ if (realmRole.id == role.id) {
+ var idx = $scope.applicationRoles.indexOf(realmRole);
+ if (idx != -1) {
+ $scope.applicationRoles.splice(idx, 1);
+ break;
+ }
+ }
+ }
+ }
+ });
+
+ }
+ );
+ };
+
});
@@ -372,7 +431,7 @@ module.controller('ApplicationRoleDetailCtrl', function($scope, realm, applicati
var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1);
- $location.url("/realms/" + realm.id + "/roles/" + id);
+ $location.url("/realms/" + realm.id + "/applications/" + application.id + "/roles/" + id);
Notifications.success("Created role");
});
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
index e8c3526..9636d46 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
@@ -111,6 +111,16 @@ module.factory('RealmRoleMapping', function($resource) {
});
});
+module.factory('ApplicationRoleMapping', function($resource) {
+ return $resource('/auth-server/rest/saas/admin/realms/:realm/users/:userId/role-mappings/applications/:application', {
+ realm : '@realm',
+ userId : '@userId',
+ application : "@application"
+ });
+});
+
+
+
module.factory('RealmRoles', function($resource) {
return $resource('/auth-server/rest/saas/admin/realms/:realm/roles', {
realm : '@realm'
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html
index d0cb06a..d4ffcce 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html
@@ -6,13 +6,13 @@
<ul class="rcue-tabs" >
<li><a href="#/create/user/{{realm.id}}">New User</a></li>
<li><a href="#/realms/{{realm.id}}/users">Query Users</a></li>
- <li><a href="#/realms/{{realm.id}}/users/{{user.username}}">Attributes</a></li>
- <li><a href="#">Credentials</a></li>
- <li class="active"><a href="#">Role Mappings</a></li>
+ <li><a href="#/realms/{{realm.id}}/users/{{user.username}}">{{user.username}} Attributes</a></li>
+ <li><a href="#">{{user.username}} Credentials</a></li>
+ <li class="active"><a href="#">{{user.username}} Role Mappings</a></li>
</ul>
</div>
<div id="content">
- <h2 class="pull-left">Role Mappings: <span>{{realm.realm}}</span></h2>
+ <h2 class="pull-left">User Role Mappings for <span>{{user.username}}</span></h2>
<p class="subtitle"></p>
<form name="realmForm" novalidate>
<fieldset>
@@ -34,23 +34,30 @@
</div>
</div>
</fieldset>
- <fieldset>
+ <fieldset ng-show="applications.length > 0">
<legend collapsed><span class="text">Application Roles</span> </legend>
- <div class="form-group">
+ <div class="form-group input-select">
+ <label for="applications">Application: </label>
+ <div class="input-group">
+ <div class="select-rcue">
+ <select id="applications" name="applications" ng-change="changeApplication()" ng-model="application" ng-options="a.name for a in applications">
+ </select>
+ </div>
+ </div>
+ </div>
+ <div class="form-group" ng-show="application">
<div class="controls">
- <select multiple size=5>
- <option value="role1">role1</option>
- <option value="role2">role2</option>
- <option value="role3">role3</option>
- <option value="role4">role4</option>
+ <select multiple size="5"
+ ng-multiple="true"
+ ng-model="selectedApplicationRoles"
+ ng-options="r.name for r in applicationRoles">
</select>
- <button type="submit">---></button>
- <button type="submit"><---</button>
- <select multiple size=5>
- <option value="role1">role1</option>
- <option disabled="disabled" value="role2">role2</option>
- <option value="role3">role3</option>
- <option value="role4">role4</option>
+ <button type="submit" ng-click="addApplicationRole()">---></button>
+ <button type="submit" ng-click="deleteApplicationRole()"><---</button>
+ <select multiple size=5
+ ng-multiple="true"
+ ng-model="selectedApplicationMappings"
+ ng-options="r.name for r in applicationMappings">
</select>
</div>
</div>
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 709c638..dd55e20 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -244,6 +244,8 @@ public class UsersResource {
@Produces("application/json")
@NoCache
public List<RoleRepresentation> getApplicationRoleMappings(@PathParam("username") String username, @PathParam("appId") String appId) {
+ logger.info("getApplicationRoleMappings");
+
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
@@ -258,10 +260,10 @@ public class UsersResource {
ApplicationRoleMappings rep = new ApplicationRoleMappings();
List<RoleModel> mappings = application.getRoleMappings(user);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
- RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : mappings) {
- mapRep.add(manager.toRepresentation(roleModel));
+ mapRep.add(RealmManager.toRepresentation(roleModel));
}
+ logger.info("getApplicationRoleMappings.size() = " + mapRep.size());
return mapRep;
}
@@ -269,6 +271,7 @@ public class UsersResource {
@POST
@Consumes("application/json")
public void addApplicationRoleMapping(@PathParam("username") String username, @PathParam("appId") String appId, List<RoleRepresentation> roles) {
+ logger.info("addApplicationRoleMapping");
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
@@ -280,6 +283,13 @@ public class UsersResource {
throw new NotFoundException();
}
+ for (RoleRepresentation role : roles) {
+ RoleModel roleModel = application.getRoleById(role.getId());
+ if (roleModel == null) {
+ throw new NotFoundException();
+ }
+ application.grantRole(user, roleModel);
+ }
}
