template scope

keycloak · Dec 18, 2015 · d939b6a · d939b6a
1 parent 0527d44
commit d939b6a
Show file tree

Hide file tree

Showing 42 changed files with 1,294 additions and 132 deletions.
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
@@ -15,6 +15,17 @@
             <column name="REALM_ID" type="VARCHAR(36)"/>
             <column name="DESCRIPTION" type="VARCHAR(255)"/>
             <column name="PROTOCOL" type="VARCHAR(255)"/>
+            <column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createTable tableName="TEMPLATE_SCOPE_MAPPING">
+            <column name="TEMPLATE_ID" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="ROLE_ID" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
         </createTable>
 
 
@@ -24,12 +35,21 @@
             <column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
                 <constraints nullable="true"/>
             </column>
+            <column name="USE_TEMPLATE_CONFIG" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
+            <column name="USE_TEMPLATE_SCOPE" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
+            <column name="USE_TEMPLATE_MAPPERS" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
         </addColumn>
         <addColumn tableName="PROTOCOL_MAPPER">
             <column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
                 <constraints nullable="true"/>
             </column>
-        </addColumn>
+         </addColumn>
         <createTable tableName="REALM_CLIENT_TEMPLATE">
             <column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
                 <constraints nullable="false"/>
@@ -46,6 +66,9 @@
         <addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="CLIENT" constraintName="FK_CLI_TMPLT_CLIENT" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
         <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_RLM" referencedColumnNames="ID" referencedTableName="REALM"/>
         <addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_CLI" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+        <addPrimaryKey columnNames="TEMPLATE_ID, ROLE_ID" constraintName="PK_TEMPLATE_SCOPE" tableName="TEMPLATE_SCOPE_MAPPING"/>
+        <addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+        <addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_ROLE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
 
 
     </changeSet>

diff --git a/connections/jpa/src/main/resources/META-INF/persistence.xml b/connections/jpa/src/main/resources/META-INF/persistence.xml
@@ -36,6 +36,7 @@
         <class>org.keycloak.models.jpa.entities.GroupRoleMappingEntity</class>
         <class>org.keycloak.models.jpa.entities.UserGroupMembershipEntity</class>
         <class>org.keycloak.models.jpa.entities.ClientTemplateEntity</class>
+        <class>org.keycloak.models.jpa.entities.TemplateScopeMappingEntity</class>
 
         <!-- JpaAuditProviders -->
         <class>org.keycloak.events.jpa.EventEntity</class>

diff --git a/core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java
@@ -41,6 +41,10 @@ public class ClientRepresentation {
     protected Map<String, Integer> registeredNodes;
     protected List<ProtocolMapperRepresentation> protocolMappers;
     protected String clientTemplate;
+    private Boolean useTemplateConfig;
+    private Boolean useTemplateScope;
+    private Boolean useTemplateMappers;
+
 
     public String getId() {
         return id;
@@ -298,4 +302,29 @@ public String getClientTemplate() {
     public void setClientTemplate(String clientTemplate) {
         this.clientTemplate = clientTemplate;
     }
+
+    public Boolean isUseTemplateConfig() {
+        return useTemplateConfig;
+    }
+
+    public void setUseTemplateConfig(Boolean useTemplateConfig) {
+        this.useTemplateConfig = useTemplateConfig;
+    }
+
+    public Boolean isUseTemplateScope() {
+        return useTemplateScope;
+    }
+
+    public void setUseTemplateScope(Boolean useTemplateScope) {
+        this.useTemplateScope = useTemplateScope;
+    }
+
+    public Boolean isUseTemplateMappers() {
+        return useTemplateMappers;
+    }
+
+    public void setUseTemplateMappers(Boolean useTemplateMappers) {
+        this.useTemplateMappers = useTemplateMappers;
+    }
+
 }
diff --git a/core/src/main/java/org/keycloak/representations/idm/ClientTemplateRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ClientTemplateRepresentation.java
@@ -16,6 +16,7 @@ public class ClientTemplateRepresentation {
     protected String name;
     protected String description;
     protected String protocol;
+    protected Boolean fullScopeAllowed;
     protected List<ProtocolMapperRepresentation> protocolMappers;
 
     public String getId() {
@@ -58,4 +59,12 @@ public String getProtocol() {
     public void setProtocol(String protocol) {
         this.protocol = protocol;
     }
+
+    public Boolean isFullScopeAllowed() {
+        return fullScopeAllowed;
+    }
+
+    public void setFullScopeAllowed(Boolean fullScopeAllowed) {
+        this.fullScopeAllowed = fullScopeAllowed;
+    }
 }
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
@@ -1088,6 +1088,9 @@ module.config([ '$routeProvider', function($routeProvider) {
                 client : function(ClientLoader) {
                     return ClientLoader();
                 },
+                templates : function(ClientTemplateListLoader) {
+                    return ClientTemplateListLoader();
+                },
                 clients : function(ClientListLoader) {
                     return ClientListLoader();
                 }
@@ -1202,6 +1205,21 @@ module.config([ '$routeProvider', function($routeProvider) {
             },
             controller : 'ClientTemplateDetailCtrl'
         })
+        .when('/realms/:realm/client-templates/:template/scope-mappings', {
+            templateUrl : resourceUrl + '/partials/client-template-scope-mappings.html',
+            resolve : {
+                realm : function(RealmLoader) {
+                    return RealmLoader();
+                },
+                template : function(ClientTemplateLoader) {
+                    return ClientTemplateLoader();
+                },
+                clients : function(ClientListLoader) {
+                    return ClientListLoader();
+                }
+            },
+            controller : 'ClientTemplateScopeMappingCtrl'
+        })
         .when('/realms/:realm/clients', {
             templateUrl : resourceUrl + '/partials/client-list.html',
             resolve : {

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
@@ -1089,8 +1089,8 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, templates,
     };
 });
 
-module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, client, clients, Notifications,
+module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, client, clients, templates, Notifications,
-                                                          Client,
+                                                          Client, ClientTemplate,
                                                           ClientRealmScopeMapping, ClientClientScopeMapping, ClientRole,
                                                           ClientAvailableRealmScopeMapping, ClientAvailableClientScopeMapping,
                                                           ClientCompositeRealmScopeMapping, ClientCompositeClientScopeMapping) {
@@ -1107,8 +1107,20 @@ module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, clien
     $scope.clientMappings = [];
     $scope.dummymodel = [];
 
+    if (client.clientTemplate) {
+        for (var i = 0; i < templates.length; i++) {
+            if (templates[i].name == client.clientTemplate) {
+                ClientTemplate.get({realm: realm.realm, template: templates[i].id}, function(data) {
+                    $scope.template = data;
+                });
+                break;
+            }
+        }
 
-    $scope.changeFullScopeAllowed = function() {
+    }
+
+
+    $scope.changeFlag = function() {
         Client.update({
             realm : realm.realm,
             client : client.id
@@ -1122,6 +1134,7 @@ module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, clien
 
 
 
+
     function updateRealmRoles() {
         $scope.realmRoles = ClientAvailableRealmScopeMapping.query({realm : realm.realm, client : client.id});
         $scope.realmMappings = ClientRealmScopeMapping.query({realm : realm.realm, client : client.id});
@@ -1420,6 +1433,7 @@ module.controller('AddBuiltinProtocolMapperCtrl', function($scope, realm, client
 });
 
 module.controller('ClientProtocolMapperListCtrl', function($scope, realm, client, templates, serverInfo,
+                                                           Client,
                                                            ClientProtocolMappersByProtocol, ClientProtocolMapper,
                                                            $route, Dialog, Notifications) {
     $scope.realm = realm;
@@ -1435,6 +1449,16 @@ module.controller('ClientProtocolMapperListCtrl', function($scope, realm, client
             }
         }
     }
+    $scope.changeFlag = function() {
+        Client.update({
+            realm : realm.realm,
+            client : client.id
+        }, $scope.client, function() {
+            $scope.changed = false;
+            client = angular.copy($scope.client);
+            Notifications.success("Client updated.");
+        });
+    }
 
     var protocolMappers = serverInfo.protocolMapperTypes[client.protocol];
     var mapperTypes = {};
@@ -1910,6 +1934,104 @@ module.controller('ClientTemplateAddBuiltinProtocolMapperCtrl', function($scope,
 });
 
 
+module.controller('ClientTemplateScopeMappingCtrl', function($scope, $http, realm, template, clients, Notifications,
+                                                     ClientTemplate,
+                                                     ClientTemplateRealmScopeMapping, ClientTemplateClientScopeMapping, ClientRole,
+                                                     ClientTemplateAvailableRealmScopeMapping, ClientTemplateAvailableClientScopeMapping,
+                                                     ClientTemplateCompositeRealmScopeMapping, ClientTemplateCompositeClientScopeMapping) {
+    $scope.realm = realm;
+    $scope.template = angular.copy(template);
+    $scope.selectedRealmRoles = [];
+    $scope.selectedRealmMappings = [];
+    $scope.realmMappings = [];
+    $scope.clients = clients;
+    $scope.clientRoles = [];
+    $scope.clientComposite = [];
+    $scope.selectedClientRoles = [];
+    $scope.selectedClientMappings = [];
+    $scope.clientMappings = [];
+    $scope.dummymodel = [];
+
+
+    $scope.changeFullScopeAllowed = function() {
+        ClientTemplate.update({
+            realm : realm.realm,
+            template : template.id
+        }, $scope.template, function() {
+            $scope.changed = false;
+            template = angular.copy($scope.template);
+            updateTemplateRealmRoles();
+            Notifications.success("Scope mappings updated.");
+        });
+    }
+
+
+
+    function updateTemplateRealmRoles() {
+        $scope.realmRoles = ClientTemplateAvailableRealmScopeMapping.query({realm : realm.realm, template : template.id});
+        $scope.realmMappings = ClientTemplateRealmScopeMapping.query({realm : realm.realm, template : template.id});
+        $scope.realmComposite = ClientTemplateCompositeRealmScopeMapping.query({realm : realm.realm, template : template.id});
+    }
+
+    function updateTemplateClientRoles() {
+        if ($scope.targetClient) {
+            $scope.clientRoles = ClientTemplateAvailableClientScopeMapping.query({realm : realm.realm, template : template.id, targetClient : $scope.targetClient.id});
+            $scope.clientMappings = ClientTemplateClientScopeMapping.query({realm : realm.realm, template : template.id, targetClient : $scope.targetClient.id});
+            $scope.clientComposite = ClientTemplateCompositeClientScopeMapping.query({realm : realm.realm, template : template.id, targetClient : $scope.targetClient.id});
+        } else {
+            $scope.clientRoles = null;
+            $scope.clientMappings = null;
+            $scope.clientComposite = null;
+        }
+    }
+
+    $scope.changeClient = function() {
+        updateTemplateClientRoles();
+    };
+
+    $scope.addRealmRole = function() {
+        var roles = $scope.selectedRealmRoles;
+        $scope.selectedRealmRoles = [];
+        $http.post(authUrl + '/admin/realms/' + realm.realm + '/client-templates/' + template.id + '/scope-mappings/realm',
+            roles).success(function() {
+                updateTemplateRealmRoles();
+                Notifications.success("Scope mappings updated.");
+            });
+    };
+
+    $scope.deleteRealmRole = function() {
+        var roles = $scope.selectedRealmMappings;
+        $scope.selectedRealmMappings = [];
+        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/client-templates/' + template.id +  '/scope-mappings/realm',
+            {data : roles, headers : {"content-type" : "application/json"}}).success(function () {
+                updateTemplateRealmRoles();
+                Notifications.success("Scope mappings updated.");
+            });
+    };
+
+    $scope.addClientRole = function() {
+        var roles = $scope.selectedClientRoles;
+        $scope.selectedClientRoles = [];
+        $http.post(authUrl + '/admin/realms/' + realm.realm + '/client-templates/' + template.id +  '/scope-mappings/clients/' + $scope.targetClient.id,
+            roles).success(function () {
+                updateTemplateClientRoles();
+                Notifications.success("Scope mappings updated.");
+            });
+    };
+
+    $scope.deleteClientRole = function() {
+        var roles = $scope.selectedClientMappings;
+        $scope.selectedClientMappings = [];
+        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/client-templates/' + template.id +  '/scope-mappings/clients/' + $scope.targetClient.id,
+            {data : roles, headers : {"content-type" : "application/json"}}).success(function () {
+                updateTemplateClientRoles();
+                Notifications.success("Scope mappings updated.");
+            });
+    };
+
+    updateTemplateRealmRoles();
+});
+
 
 
 

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
@@ -848,6 +848,52 @@ module.factory('ClientTemplateProtocolMappersByProtocol', function($resource) {
     });
 });
 
+module.factory('ClientTemplateRealmScopeMapping', function($resource) {
+    return $resource(authUrl + '/admin/realms/:realm/client-templates/:template/scope-mappings/realm', {
+        realm : '@realm',
+        template : '@template'
+    });
+});
+
+module.factory('ClientTemplateAvailableRealmScopeMapping', function($resource) {
+    return $resource(authUrl + '/admin/realms/:realm/client-templates/:template/scope-mappings/realm/available', {
+        realm : '@realm',
+        template : '@template'
+    });
+});
+
+module.factory('ClientTemplateCompositeRealmScopeMapping', function($resource) {
+    return $resource(authUrl + '/admin/realms/:realm/client-templates/:template/scope-mappings/realm/composite', {
+        realm : '@realm',
+        template : '@template'
+    });
+});
+
+module.factory('ClientTemplateClientScopeMapping', function($resource) {
+    return $resource(authUrl + '/admin/realms/:realm/client-templates/:template/scope-mappings/clients/:targetClient', {
+        realm : '@realm',
+        template : '@template',
+        targetClient : '@targetClient'
+    });
+});
+
+module.factory('ClientTemplateAvailableClientScopeMapping', function($resource) {
+    return $resource(authUrl + '/admin/realms/:realm/client-templates/:template/scope-mappings/clients/:targetClient/available', {
+        realm : '@realm',
+        template : '@template',
+        targetClient : '@targetClient'
+    });
+});
+
+module.factory('ClientTemplateCompositeClientScopeMapping', function($resource) {
+    return $resource(authUrl + '/admin/realms/:realm/client-templates/:template/scope-mappings/clients/:targetClient/composite', {
+        realm : '@realm',
+        template : '@template',
+        targetClient : '@targetClient'
+    });
+});
+
+
 module.factory('ClientSessionStats', function($resource) {
     return $resource(authUrl + '/admin/realms/:realm/clients/:client/session-stats', {
         realm : '@realm',