Skip to content

Commit

Permalink
Add roles on keycloak adapters
Browse files Browse the repository at this point in the history
  • Loading branch information
@kahummer
kahummer committed Sep 7, 2024
1 parent 14576dc commit 10072a1
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions packages/rbac/src/adapters/keycloakAdapter.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ const keycloakRoleMappings: Record<string, UserRole> = {
'manage-users': new UserRole(['iam_group', 'iam_role', 'iam_user'], Permit.MANAGE),
'query-groups': new UserRole(['iam_group'], Permit.READ),
'query-users': new UserRole(['iam_user'], Permit.READ),
VIEW_ROLES: new UserRole(['iam_user_role'], Permit.READ),
VIEW_USER_GROUPS: new UserRole(['iam_user_group'], Permit.READ),
};

export const parseKeycloakRoles = (stringRole: string) => {
Expand Down Expand Up @@ -76,9 +78,11 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData)
});

const allRoles: UserRole[] = [];

allRoleStrings.forEach((role) => {
// check if we can first get a hit from keycloak default roles.
let asRole = parseKeycloakRoles(role);

if (asRole === undefined) {
asRole = parseFHirRoles(role);
}
Expand All @@ -88,11 +92,9 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData)
invalidRoleStrings.push(role);
}
});

if (invalidRoleStrings.length > 0) {
/* eslint-disable no-console */
console.warn(`Could not understand the following roles: ${invalidRoleStrings.join(', ')}`);
}

return UserRole.combineRoles(allRoles);
};

0 comments on commit 10072a1

Please sign in to comment.