org.keycloak.services.resources.admin.GroupResource 連携図

公開メンバ関数
	GroupResource (RealmModel realm, GroupModel group, KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)

GroupRepresentation	getGroup ()

void	updateGroup (GroupRepresentation rep)

void	deleteGroup ()

Response	addChild (GroupRepresentation rep)

RoleMapperResource	getRoleMappings ()

List< UserRepresentation >	getMembers (@QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults)

ManagementPermissionReference	getManagementPermissions ()

ManagementPermissionReference	setManagementPermissionsEnabled (ManagementPermissionReference ref)

静的公開メンバ関数
static void	updateGroup (GroupRepresentation rep, GroupModel model)

static ManagementPermissionReference	toMgmtRef (GroupModel group, AdminPermissionManagement permissions)

非公開変数類
final RealmModel	realm

final KeycloakSession	session

final AdminPermissionEvaluator	auth

final AdminEventBuilder	adminEvent

final GroupModel	group

詳解

Groups

著者: Bill Burke

構築子と解体子

◆ GroupResource()

org.keycloak.services.resources.admin.GroupResource.GroupResource	(	RealmModel	realm,
		GroupModel	group,
		KeycloakSession	session,
		AdminPermissionEvaluator	auth,
		AdminEventBuilder	adminEvent
	)

inline

                                                                                                                                                    {
         this.realm = realm;
         this.session = session;
         this.auth = auth;
         this.adminEvent = adminEvent.resource(ResourceType.GROUP);
         this.group = group;
     }

関数詳解

◆ addChild()

Response org.keycloak.services.resources.admin.GroupResource.addChild ( GroupRepresentation rep )

inline

Set or create child. This will just set the parent if it exists. Create it and set the parent if the group doesn't exist.

引数

rep

                                                       {
         this.auth.groups().requireManage(group);
 
         for (GroupModel group : group.getSubGroups()) {
             if (group.getName().equals(rep.getName())) {
                 return ErrorResponse.exists("Parent already contains subgroup named '" + rep.getName() + "'");
             }
         }
 
         Response.ResponseBuilder builder = Response.status(204);
         GroupModel child = null;
         if (rep.getId() != null) {
             child = realm.getGroupById(rep.getId());
             if (child == null) {
                 throw new NotFoundException("Could not find child by id");
             }
             adminEvent.operation(OperationType.UPDATE);
         } else {
             child = realm.createGroup(rep.getName());
             updateGroup(rep, child);
             URI uri = session.getContext().getUri().getBaseUriBuilder()
                                            .path(session.getContext().getUri().getMatchedURIs().get(2))
                                            .path(child.getId()).build();
             builder.status(201).location(uri);
             rep.setId(child.getId());
             adminEvent.operation(OperationType.CREATE);
 
         }
         realm.moveGroup(child, group);
         adminEvent.resourcePath(session.getContext().getUri()).representation(rep).success();
 
         GroupRepresentation childRep = ModelToRepresentation.toGroupHierarchy(child, true);
         return builder.type(MediaType.APPLICATION_JSON_TYPE).entity(childRep).build();
     }

◆ deleteGroup()

void org.keycloak.services.resources.admin.GroupResource.deleteGroup ( )

inline

                               {
         this.auth.groups().requireManage(group);
 
         realm.removeGroup(group);
         adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
     }

◆ getGroup()

GroupRepresentation org.keycloak.services.resources.admin.GroupResource.getGroup ( )

inline

戻り値

                                           {
         this.auth.groups().requireView(group);
 
         GroupRepresentation rep = ModelToRepresentation.toGroupHierarchy(group, true);
 
         rep.setAccess(auth.groups().getAccess(group));
 
         return rep;
     }

◆ getManagementPermissions()

ManagementPermissionReference org.keycloak.services.resources.admin.GroupResource.getManagementPermissions ( )

inline

Return object stating whether client Authorization permissions have been initialized or not and a reference

戻り値

                                                                     {
         auth.groups().requireView(group);
 
         AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
         if (!permissions.groups().isPermissionsEnabled(group)) {
             return new ManagementPermissionReference();
         }
         return toMgmtRef(group, permissions);
     }

◆ getMembers()

List<UserRepresentation> org.keycloak.services.resources.admin.GroupResource.getMembers	(	@QueryParam("first") Integer	firstResult,
		@QueryParam("max") Integer	maxResults
	)

inline

Get users

Returns a list of users, filtered according to query parameters

引数

firstResult	Pagination offset
maxResults	Maximum results size (defaults to 100)

戻り値

                                                                                       {
         this.auth.groups().requireViewMembers(group);
 
 
         firstResult = firstResult != null ? firstResult : 0;
         maxResults = maxResults != null ? maxResults : Constants.DEFAULT_MAX_RESULTS;
 
         List<UserRepresentation> results = new ArrayList<UserRepresentation>();
         List<UserModel> userModels = session.users().getGroupMembers(realm, group, firstResult, maxResults);
 
         for (UserModel user : userModels) {
             results.add(ModelToRepresentation.toRepresentation(session, realm, user));
         }
         return results;
     }

◆ getRoleMappings()

RoleMapperResource org.keycloak.services.resources.admin.GroupResource.getRoleMappings ( )

inline

                                                 {
         AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.groups().requireManage(group);
         AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.groups().requireView(group);
         RoleMapperResource resource =  new RoleMapperResource(realm, auth, group, adminEvent, manageCheck, viewCheck);
         ResteasyProviderFactory.getInstance().injectProperties(resource);
         return resource;
 
     }

◆ setManagementPermissionsEnabled()

ManagementPermissionReference org.keycloak.services.resources.admin.GroupResource.setManagementPermissionsEnabled ( ManagementPermissionReference ref )

inline

Return object stating whether client Authorization permissions have been initialized or not and a reference

戻り値: initialized manage permissions reference

                                                                                                             {
         auth.groups().requireManage(group);
         AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
         permissions.groups().setPermissionsEnabled(group, ref.isEnabled());
         if (ref.isEnabled()) {
             return toMgmtRef(group, permissions);
         } else {
             return new ManagementPermissionReference();
         }
     }

◆ toMgmtRef()

static ManagementPermissionReference org.keycloak.services.resources.admin.GroupResource.toMgmtRef	(	GroupModel	group,
		AdminPermissionManagement	permissions
	)

inlinestatic

                                                                                                                    {
         ManagementPermissionReference ref = new ManagementPermissionReference();
         ref.setEnabled(true);
         ref.setResource(permissions.groups().resource(group).getId());
         ref.setScopePermissions(permissions.groups().getPermissions(group));
         return ref;
     }

◆ updateGroup() [1/2]

void org.keycloak.services.resources.admin.GroupResource.updateGroup ( GroupRepresentation rep )

inline

Update group, ignores subgroups.

引数

rep

                                                      {
         this.auth.groups().requireManage(group);
 
         updateGroup(rep, group);
         adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
 
 
     }

◆ updateGroup() [2/2]

static void org.keycloak.services.resources.admin.GroupResource.updateGroup	(	GroupRepresentation	rep,
		GroupModel	model
	)

inlinestatic

                                                                               {
         if (rep.getName() != null) model.setName(rep.getName());
 
         if (rep.getAttributes() != null) {
             Set<String> attrsToRemove = new HashSet<>(model.getAttributes().keySet());
             attrsToRemove.removeAll(rep.getAttributes().keySet());
             for (Map.Entry<String, List<String>> attr : rep.getAttributes().entrySet()) {
                 model.setAttribute(attr.getKey(), attr.getValue());
             }
 
             for (String attr : attrsToRemove) {
                 model.removeAttribute(attr);
             }
         }
     }

メンバ詳解

◆ adminEvent

final AdminEventBuilder org.keycloak.services.resources.admin.GroupResource.adminEvent

private

◆ auth

final AdminPermissionEvaluator org.keycloak.services.resources.admin.GroupResource.auth

private

◆ group

final GroupModel org.keycloak.services.resources.admin.GroupResource.group

private

◆ realm

final RealmModel org.keycloak.services.resources.admin.GroupResource.realm

private

◆ session

final KeycloakSession org.keycloak.services.resources.admin.GroupResource.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java

公開メンバ関数

静的公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ GroupResource()

関数詳解

◆ addChild()

◆ deleteGroup()

◆ getGroup()

◆ getManagementPermissions()

◆ getMembers()

◆ getRoleMappings()

◆ setManagementPermissionsEnabled()

◆ toMgmtRef()

◆ updateGroup() [1/2]

◆ updateGroup() [2/2]

メンバ詳解

◆ adminEvent

◆ auth

◆ group

◆ realm

◆ session