Merge pull request #56 from fschmtt/origin/feature/user-realm-roles

Add user add/remove realm roles endpoints in Users

Author: fschmtt

README.md

@@ -99,6 +99,18 @@ More examples can be found in the [examples](examples) directory.
 | `PUT /{realm}/users/{id}/groups/{groupId}` | `n/a` | [Users::joinGroup()](src/Resource/Users.php) |
 | `DELETE /{realm}/users/{id}/groups/{groupId}` | `n/a` | [Users::leaveGroup()](src/Resource/Users.php) |
 | `GET /{realm}/users/{id}/groups` | [GroupCollection](src/Collection/GroupCollection.php) | [Users::retrieveGroups()](src/Resource/Users.php) |
+| `GET /{realm}/users/{id}/role-mappings/realm` | [RoleCollection](src/Collection/RoleCollection.php) | [Users::retrieveRealmRoles()](src/Resource/Users.php) |
+| `GET /{realm}/users/{id}/role-mappings/realm/available` | [RoleCollection](src/Collection/RoleCollection.php) | [Users::retrieveAvailableRealmRoles()](src/Resource/Users.php) |
+| `POST /{realm}/users/{id}/role-mappings/realm` | `n/a` | [Users::addRealmRoles()](src/Resource/Users.php) |
+| `DELETE /{realm}/users/{id}/role-mappings/realm` | `n/a` | [Users::removeRealmRoles()](src/Resource/Users.php) |
+
+### [Roles](https://www.keycloak.org/docs-api/20.0.0/rest-api/index.html#_roles_resource)
+| Endpoint | Response | API |
+|----------|----------|-----|
+| `GET /admin/realms/{realm}/roles` | [RoleCollection](src/Collection/RoleCollection.php) | [Roles::all()](src/Resource/Roles.php) |
+| `GET /admin/realms/{realm}/roles/{roleName}` | [Role](src/Representation/Role.php) | [Roles::get()](src/Resource/Roles.php) |
+| `POST /admin/realms/{realm}/roles` | `n/a` | [Roles::create()](src/Resource/Roles.php) |
+| `DELETE /admin/realms/{realm}/roles/{roleName}` | `n/a` | [Roles::delete()](src/Resource/Roles.php) |
 
 ### [Root](https://www.keycloak.org/docs-api/20.0.0/rest-api/index.html#_root_resource)
 | Endpoint | Response | API |

composer.json

@@ -43,8 +43,8 @@
         "phpstan": "docker compose run --rm --no-deps php vendor/bin/phpstan analyze src tests examples",
         "psalm": "docker compose run --rm --no-deps php vendor/bin/psalm src tests examples",
         "test": [
-            "@test-unit",
-            "@test-integration"
+            "@test:unit",
+            "@test:integration"
         ],
         "test:unit": "docker compose run --rm --no-deps php vendor/bin/phpunit --testsuite unit",
         "test:integration": "docker compose run --rm --no-deps php vendor/bin/phpunit --testsuite integration"

src/Collection/RoleCollection.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Fschmtt\Keycloak\Collection;
+
+use Fschmtt\Keycloak\Representation\Role;
+
+/**
+ * @method Role[] getIterator()
+ * @codeCoverageIgnore
+ */
+class RoleCollection extends Collection
+{
+    public static function getRepresentationClass(): string
+    {
+        return Role::class;
+    }
+}

src/Http/Command.php

@@ -4,6 +4,7 @@
 
 namespace Fschmtt\Keycloak\Http;
 
+use Fschmtt\Keycloak\Collection\Collection;
 use Fschmtt\Keycloak\Representation\Representation;
 
 class Command
@@ -12,7 +13,7 @@ public function __construct(
         private readonly string $path,
         private readonly Method $method,
         private readonly array $parameters = [],
-        private readonly ?Representation $representation = null,
+        private readonly Representation|Collection|null $payload = null,
     ) {
     }
 
@@ -37,8 +38,8 @@ public function getPath(): string
         );
     }
 
-    public function getRepresentation(): ?Representation
+    public function getPayload(): Representation|Collection|null
     {
-        return $this->representation;
+        return $this->payload;
     }
 }

src/Http/CommandExecutor.php

@@ -5,6 +5,7 @@
 namespace Fschmtt\Keycloak\Http;
 
 use Fschmtt\Keycloak\Json\JsonEncoder;
+use Fschmtt\Keycloak\Representation\Representation;
 
 class CommandExecutor
 {
@@ -20,13 +21,32 @@ public function executeCommand(Command $command): void
             $command->getMethod()->value,
             $command->getPath(),
             [
-                'body' => $command->getRepresentation()
-                    ? (new JsonEncoder())->encode($this->propertyFilter->filter($command->getRepresentation()))
-                    : null,
+                'body' => $this->prepareBody($command),
                 'headers' => [
                     'Content-Type' => 'application/json',
                 ],
             ]
         );
     }
+
+    protected function prepareBody(Command $command): ?string
+    {
+        if ($command->getPayload() === null) {
+            return null;
+        }
+
+        $jsonEncoder = new JsonEncoder();
+
+        if ($command->getPayload() instanceof Representation) {
+            return $jsonEncoder->encode($this->propertyFilter->filter($command->getPayload()));
+        }
+
+        $representations = [];
+
+        foreach ($command->getPayload() as $representation) {
+            $representations[] = $this->propertyFilter->filter($representation);
+        }
+
+        return $jsonEncoder->encode($representations);
+    }
 }

src/Keycloak.php

@@ -12,6 +12,7 @@
 use Fschmtt\Keycloak\Resource\Clients;
 use Fschmtt\Keycloak\Resource\Groups;
 use Fschmtt\Keycloak\Resource\Realms;
+use Fschmtt\Keycloak\Resource\Roles;
 use Fschmtt\Keycloak\Resource\ServerInfo;
 use Fschmtt\Keycloak\Resource\Users;
 use Fschmtt\Keycloak\Serializer\Factory as SerializerFactory;
@@ -91,6 +92,13 @@ public function groups(): Groups
         return new Groups($this->commandExecutor, $this->queryExecutor);
     }
 
+    public function roles(): Roles
+    {
+        $this->fetchVersion();
+
+        return new Roles($this->commandExecutor, $this->queryExecutor);
+    }
+
     private function fetchVersion(): void
     {
         if ($this->version) {

src/Resource/Roles.php

@@ -0,0 +1,71 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Fschmtt\Keycloak\Resource;
+
+use Fschmtt\Keycloak\Collection\RoleCollection;
+use Fschmtt\Keycloak\Http\Command;
+use Fschmtt\Keycloak\Http\Criteria;
+use Fschmtt\Keycloak\Http\Method;
+use Fschmtt\Keycloak\Http\Query;
+use Fschmtt\Keycloak\Representation\Role;
+
+class Roles extends Resource
+{
+    public function all(string $realm, ?Criteria $criteria = null): RoleCollection
+    {
+        return $this->queryExecutor->executeQuery(
+            new Query(
+                '/admin/realms/{realm}/roles',
+                RoleCollection::class,
+                [
+                    'realm' => $realm,
+                ],
+                $criteria
+            )
+        );
+    }
+
+    public function get(string $realm, string $roleName): Role
+    {
+        return $this->queryExecutor->executeQuery(
+            new Query(
+                '/admin/realms/{realm}/roles/{roleName}',
+                Role::class,
+                [
+                    'realm' => $realm,
+                    'roleName' => $roleName,
+                ]
+            )
+        );
+    }
+
+    public function create(string $realm, Role $role): void
+    {
+        $this->commandExecutor->executeCommand(
+            new Command(
+                '/admin/realms/{realm}/roles',
+                Method::POST,
+                [
+                    'realm' => $realm,
+                ],
+                $role,
+            )
+        );
+    }
+
+    public function delete(string $realm, string $roleName): void
+    {
+        $this->commandExecutor->executeCommand(
+            new Command(
+                '/admin/realms/{realm}/roles/{roleName}',
+                Method::DELETE,
+                [
+                    'realm' => $realm,
+                    'roleName' => $roleName,
+                ],
+            )
+        );
+    }
+}

src/Resource/Users.php

@@ -5,6 +5,7 @@
 namespace Fschmtt\Keycloak\Resource;
 
 use Fschmtt\Keycloak\Collection\GroupCollection;
+use Fschmtt\Keycloak\Collection\RoleCollection;
 use Fschmtt\Keycloak\Collection\UserCollection;
 use Fschmtt\Keycloak\Http\Command;
 use Fschmtt\Keycloak\Http\Criteria;
@@ -143,4 +144,62 @@ public function retrieveGroups(string $realm, string $userId, ?Criteria $criteri
             )
         );
     }
+
+    public function retrieveRealmRoles(string $realm, string $userId): RoleCollection
+    {
+        return $this->queryExecutor->executeQuery(
+            new Query(
+                '/admin/realms/{realm}/users/{userId}/role-mappings/realm',
+                RoleCollection::class,
+                [
+                    'realm' => $realm,
+                    'userId' => $userId,
+                ]
+            )
+        );
+    }
+
+    public function retrieveAvailableRealmRoles(string $realm, string $userId): RoleCollection
+    {
+        return $this->queryExecutor->executeQuery(
+            new Query(
+                '/admin/realms/{realm}/users/{userId}/role-mappings/realm/available',
+                RoleCollection::class,
+                [
+                    'realm' => $realm,
+                    'userId' => $userId,
+                ]
+            )
+        );
+    }
+
+    public function addRealmRoles(string $realm, string $userId, RoleCollection $roles): void
+    {
+        $this->commandExecutor->executeCommand(
+            new Command(
+                '/admin/realms/{realm}/users/{userId}/role-mappings/realm',
+                Method::POST,
+                [
+                    'realm' => $realm,
+                    'userId' => $userId,
+                ],
+                $roles
+            )
+        );
+    }
+
+    public function removeRealmRoles(string $realm, string $userId, RoleCollection $roles): void
+    {
+        $this->commandExecutor->executeCommand(
+            new Command(
+                '/admin/realms/{realm}/users/{userId}/role-mappings/realm',
+                Method::DELETE,
+                [
+                    'realm' => $realm,
+                    'userId' => $userId,
+                ],
+                $roles
+            )
+        );
+    }
 }

tests/Integration/Resource/RolesTest.php

@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Fschmtt\Keycloak\Test\Integration\Resource;
+
+use Exception;
+use Fschmtt\Keycloak\Http\Criteria;
+use Fschmtt\Keycloak\Representation\Role;
+use Fschmtt\Keycloak\Test\Integration\IntegrationTestBehaviour;
+use PHPUnit\Framework\TestCase;
+
+class RolesTest extends TestCase
+{
+    use IntegrationTestBehaviour;
+
+    public function testCreateRetrieveDeleteRole(): void
+    {
+        $resource = $this->getKeycloak()->roles();
+
+        // Get all roles
+        $allRoles = $resource->all('master');
+        static::assertGreaterThanOrEqual(1, $allRoles->count());
+        $role = $allRoles->first();
+        static::assertInstanceOf(Role::class, $role);
+
+        // Create role
+        $resource->create(
+            'master',
+            new Role(name: 'test-role', description: 'test-role-description')
+        );
+
+        // Search (created) role
+        $role = $resource->all('master', new Criteria([
+            'search' => 'test-role',
+        ]))->first();
+        static::assertInstanceOf(Role::class, $role);
+        static::assertEquals('test-role', $role->getName());
+
+        // Get single (created) role
+        $role = $resource->get('master', 'test-role');
+        static::assertSame('test-role', $role->getName());
+
+        // Delete (created) role
+        $resource->delete('master', 'test-role');
+
+        try {
+            $resource->get('master', 'test-role');
+            static::fail('Role should not exist anymore');
+        } catch (Exception $e) {
+            static::assertSame(404, $e->getCode());
+        }
+    }
+}