mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-06 06:49:53 -06:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate RoleModel.SearchableFields.IS_CLIENT_ROLE field

Browse Source 
Closes #17144
This commit is contained in:
Michal Hajas
2023-02-16 15:44:13 +01:00
committed by Hynek Mlnařík
parent 0972edd6a5
commit 1c79a5666d
6 changed files with 30 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
model/map-hot-rod/src/main/java/org/keycloak/models/map/storage/hotRod/IckleQueryWhereClauses.java
View File

@@ -71,7 +71,6 @@ public class IckleQueryWhereClauses {
WHERE_CLAUSE_PRODUCER_OVERRIDES.put(Policy.SearchableFields.CONFIG, IckleQueryWhereClauses::whereClauseForPolicyConfig);
WHERE_CLAUSE_PRODUCER_OVERRIDES.put(Event.SearchableFields.EVENT_TYPE, IckleQueryWhereClauses::whereClauseForEnumWithStableIndex);
WHERE_CLAUSE_PRODUCER_OVERRIDES.put(AdminEvent.SearchableFields.OPERATION_TYPE, IckleQueryWhereClauses::whereClauseForEnumWithStableIndex);
WHERE_CLAUSE_PRODUCER_OVERRIDES.put(RoleModel.SearchableFields.IS_CLIENT_ROLE, IckleQueryWhereClauses::whereClauseForClientRole);
}
@FunctionalInterface
@@ -170,30 +169,6 @@ public class IckleQueryWhereClauses {
return IckleQueryOperators.combineExpressions(ModelCriteriaBuilder.Operator.LIKE, getFieldName(UserModel.SearchableFields.CONSENT_FOR_CLIENT), new String[] {providerId + "%"}, parameters);
}
private static String whereClauseForClientRole(String modelFieldName, ModelCriteriaBuilder.Operator op, Object[] values, Map<String, Object> parameters) {
if (op != ModelCriteriaBuilder.Operator.EQ && op != ModelCriteriaBuilder.Operator.NE) {
throw new CriterionNotSupportedException(RoleModel.SearchableFields.IS_CLIENT_ROLE, op);
}
if (values == null || values.length != 1) {
throw new CriterionNotSupportedException(RoleModel.SearchableFields.IS_CLIENT_ROLE, op, "Invalid arguments, expected (boolean), got: " + Arrays.toString(values));
}
Boolean b = (Boolean) values[0];
if (op == Operator.EQ) {
if (b == null || b == Boolean.FALSE) {
return IckleQueryWhereClauses.produceWhereClause(RoleModel.SearchableFields.CLIENT_ID, Operator.NOT_EXISTS, new Object[] {}, parameters);
} else {
return IckleQueryWhereClauses.produceWhereClause(RoleModel.SearchableFields.CLIENT_ID, Operator.EXISTS, new Object[] {}, parameters);
}
} else /* if (op == Operator.NE) */ {
if (b == null || b == Boolean.TRUE) {
return IckleQueryWhereClauses.produceWhereClause(RoleModel.SearchableFields.CLIENT_ID, Operator.NOT_EXISTS, new Object[] {}, parameters);
} else {
return IckleQueryWhereClauses.produceWhereClause(RoleModel.SearchableFields.CLIENT_ID, Operator.EXISTS, new Object[] {}, parameters);
}
}
}
private static String whereClauseForCorrespondingSessionId(String modelFieldName, ModelCriteriaBuilder.Operator op, Object[] values, Map<String, Object> parameters) {
if (op != ModelCriteriaBuilder.Operator.EQ) {
throw new CriterionNotSupportedException(UserSessionModel.SearchableFields.CORRESPONDING_SESSION_ID, op);

20
model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/role/JpaRoleModelCriteriaBuilder.java
View File

@@ -76,19 +76,8 @@ public class JpaRoleModelCriteriaBuilder extends JpaModelCriteriaBuilder<JpaRole
} else {
throw new CriterionNotSupportedException(modelField, op);
}
case NE:
if (modelField == SearchableFields.IS_CLIENT_ROLE) {
validateValue(value, modelField, op, Boolean.class);
return new JpaRoleModelCriteriaBuilder((cb, query, root) ->
((Boolean) value[0]) ? cb.isNull(root.get("clientId")) : cb.isNotNull(root.get("clientId"))
);
} else {
throw new CriterionNotSupportedException(modelField, op);
}
case IN:
if (modelField ==SearchableFields.ID) {
if (modelField == SearchableFields.ID) {
Set<UUID> uuids = getUuidsForInOperator(value, modelField);
@@ -114,6 +103,13 @@ public class JpaRoleModelCriteriaBuilder extends JpaModelCriteriaBuilder<JpaRole
} else {
throw new CriterionNotSupportedException(modelField, op);
}
case NOT_EXISTS:
if (modelField == SearchableFields.CLIENT_ID) {
return new JpaRoleModelCriteriaBuilder((cb, query, root) -> cb.isNull(root.get("clientId")));
} else {
throw new CriterionNotSupportedException(modelField, op);
}
default:
throw new CriterionNotSupportedException(modelField, op);
}

19
model/map-ldap/src/main/java/org/keycloak/models/map/storage/ldap/role/LdapRoleModelCriteriaBuilder.java
View File

@@ -123,11 +123,7 @@ public class LdapRoleModelCriteriaBuilder extends LdapModelCriteriaBuilder<LdapR
public LdapRoleModelCriteriaBuilder compare(SearchableModelField<? super RoleModel> modelField, Operator op, Object... value) {
switch (op) {
case EQ:
if (modelField == RoleModel.SearchableFields.IS_CLIENT_ROLE) {
LdapRoleModelCriteriaBuilder result = new LdapRoleModelCriteriaBuilder(roleMapperConfig, StringBuilder::new);
result.isClientRole = (boolean) value[0];
return result;
} else if (modelField == RoleModel.SearchableFields.CLIENT_ID) {
if (modelField == RoleModel.SearchableFields.CLIENT_ID) {
LdapRoleModelCriteriaBuilder result = new LdapRoleModelCriteriaBuilder(roleMapperConfig, StringBuilder::new);
result.clientId = (String) value[0];
return result;
@@ -148,11 +144,7 @@ public class LdapRoleModelCriteriaBuilder extends LdapModelCriteriaBuilder<LdapR
}
case NE:
if (modelField == RoleModel.SearchableFields.IS_CLIENT_ROLE) {
LdapRoleModelCriteriaBuilder result = new LdapRoleModelCriteriaBuilder(roleMapperConfig, StringBuilder::new);
result.isClientRole = !((boolean) value[0]);
return result;
} else if (modelField == RoleModel.SearchableFields.NAME) {
if (modelField == RoleModel.SearchableFields.NAME) {
// validateValue(value, modelField, op, String.class);
String field = modelFieldNameToLdap(roleMapperConfig, modelField);
return not(new LdapRoleModelCriteriaBuilder(roleMapperConfig,
@@ -201,6 +193,13 @@ public class LdapRoleModelCriteriaBuilder extends LdapModelCriteriaBuilder<LdapR
} else {
throw new CriterionNotSupportedException(modelField, op);
}
case EXISTS:
case NOT_EXISTS:
if (modelField == RoleModel.SearchableFields.CLIENT_ID) {
LdapRoleModelCriteriaBuilder result = new LdapRoleModelCriteriaBuilder(roleMapperConfig, StringBuilder::new);
result.isClientRole = op == Operator.EXISTS;
return result;
}
default:
throw new CriterionNotSupportedException(modelField, op);

12
model/map/src/main/java/org/keycloak/models/map/role/MapRoleProvider.java
View File

@@ -91,7 +91,8 @@ public class MapRoleProvider implements RoleProvider {
public Stream<RoleModel> getRealmRolesStream(RealmModel realm, Integer first, Integer max) {
DefaultModelCriteria<RoleModel> mcb = criteria();
mcb = mcb.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.NE, true);
// filter realm roles only
.compare(SearchableFields.CLIENT_ID, Operator.NOT_EXISTS);
return txInRealm(realm).read(withCriteria(mcb).pagination(first, max, SearchableFields.NAME))
.map(entityToAdapterFunc(realm));
@@ -118,7 +119,8 @@ public class MapRoleProvider implements RoleProvider {
public Stream<RoleModel> getRealmRolesStream(RealmModel realm) {
DefaultModelCriteria<RoleModel> mcb = criteria();
mcb = mcb.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.NE, true);
// filter realm roles only
.compare(SearchableFields.CLIENT_ID, Operator.NOT_EXISTS);
return txInRealm(realm).read(withCriteria(mcb).orderBy(SearchableFields.NAME, ASCENDING))
.map(entityToAdapterFunc(realm));
@@ -200,7 +202,8 @@ public class MapRoleProvider implements RoleProvider {
DefaultModelCriteria<RoleModel> mcb = criteria();
mcb = mcb.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.NE, true)
// filter realm roles only
.compare(SearchableFields.CLIENT_ID, Operator.NOT_EXISTS)
.compare(SearchableFields.NAME, Operator.EQ, name);
return txInRealm(realm).read(withCriteria(mcb))
@@ -251,7 +254,8 @@ public class MapRoleProvider implements RoleProvider {
}
DefaultModelCriteria<RoleModel> mcb = criteria();
mcb = mcb.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.NE, true)
// filter realm roles only
.compare(SearchableFields.CLIENT_ID, Operator.NOT_EXISTS)
.or(
mcb.compare(SearchableFields.NAME, Operator.ILIKE, "%" + search + "%"),
mcb.compare(SearchableFields.DESCRIPTION, Operator.ILIKE, "%" + search + "%")

13
model/map/src/main/java/org/keycloak/models/map/storage/chm/MapFieldPredicates.java
View File

@@ -129,7 +129,6 @@ public class MapFieldPredicates {
put(ROLE_PREDICATES, RoleModel.SearchableFields.CLIENT_ID, MapRoleEntity::getClientId);
put(ROLE_PREDICATES, RoleModel.SearchableFields.DESCRIPTION, MapRoleEntity::getDescription);
put(ROLE_PREDICATES, RoleModel.SearchableFields.NAME, MapRoleEntity::getName);
put(ROLE_PREDICATES, RoleModel.SearchableFields.IS_CLIENT_ROLE, MapFieldPredicates::isClientRole);
put(ROLE_PREDICATES, RoleModel.SearchableFields.COMPOSITE_ROLE, MapFieldPredicates::checkCompositeRoles);
put(USER_PREDICATES, UserModel.SearchableFields.REALM_ID, MapUserEntity::getRealmId);
@@ -389,18 +388,6 @@ public class MapFieldPredicates {
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
private static MapModelCriteriaBuilder<Object, MapRoleEntity, RoleModel> isClientRole(MapModelCriteriaBuilder<Object, MapRoleEntity, RoleModel> mcb, Operator op, Object[] values) {
if (values == null || values.length != 1 || ! (op == Operator.EQ || op == Operator.NE) || ! (values[0] instanceof Boolean)) {
throw new CriterionNotSupportedException(RoleModel.SearchableFields.IS_CLIENT_ROLE, op, "Invalid arguments, got: " + Arrays.toString(values));
}
Function<MapRoleEntity, Boolean> getter;
Predicate<Object> valueComparator = CriteriaOperator.predicateFor(op, values);
getter = re -> re.getClientId() != null;
return mcb.fieldCompare(valueComparator, getter);
}
private static MapModelCriteriaBuilder<Object, MapRoleEntity, RoleModel> checkCompositeRoles(MapModelCriteriaBuilder<Object, MapRoleEntity, RoleModel> mcb, Operator op, Object[] values) {
String roleIdS = ensureEqSingleValue(RoleModel.SearchableFields.COMPOSITE_ROLE, "composite_role_id", op, values);
Function<MapRoleEntity, ?> getter;

7
server-spi/src/main/java/org/keycloak/models/RoleModel.java
View File

@@ -21,8 +21,6 @@ import org.keycloak.provider.ProviderEvent;
import org.keycloak.storage.SearchableModelField;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
@@ -38,6 +36,11 @@ public interface RoleModel {
public static final SearchableModelField<RoleModel> CLIENT_ID = new SearchableModelField<>("clientId", String.class);
public static final SearchableModelField<RoleModel> NAME = new SearchableModelField<>("name", String.class);
public static final SearchableModelField<RoleModel> DESCRIPTION = new SearchableModelField<>("description", String.class);
/**
* @deprecated Please use {@link #CLIENT_ID} SearchableField with operators EXISTS/NOT_EXISTS to replace
* field IS_CLIENT_ROLE with operator EQ with value true/false.
*/
@Deprecated
public static final SearchableModelField<RoleModel> IS_CLIENT_ROLE = new SearchableModelField<>("isClientRole", Boolean.class);
public static final SearchableModelField<RoleModel> COMPOSITE_ROLE = new SearchableModelField<>("compositeRoles", Boolean.class);
}