Skip to content

Commit

Permalink
Fix bugs
Browse files Browse the repository at this point in the history
  • Loading branch information
@daniel-pimenta-DME
daniel-pimenta-DME committed Dec 19, 2023
1 parent 30eb390 commit c38a1c5
Show file tree
Hide file tree
Showing 4 changed files with 103 additions and 50 deletions.
14 changes: 7 additions & 7 deletions app/models/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,12 @@ class ScopePermission(APIBaseModel):
description: Optional[str] = Field(description="Scope policy description")


class Group(APIBaseModel):
id: str = Field(description="Group id")
path: str = Field(description="Group path")


class GroupPermission(APIBaseModel):
logic: Optional[Logic] = Field(Logic.POSITIVE, description="Logic to apply, either POSITIVE or NEGATIVE")
decisionStrategy: Optional[DecisionStrategy] = Field(DecisionStrategy.UNANIMOUS.value,
description="Decision strategy to decide how to apply permissions")
name: str = Field(description="Group policy name")
groups: List[Group] = Field(description="Group policy groups")
groups: List[str] = Field(description="Group policy groups")
groupsClaim: Optional[str] = Field(description="Group policy groups claim")
description: Optional[str] = Field(description="Group policy description")

Expand All @@ -67,6 +62,7 @@ class RegexPermission(APIBaseModel):

class Role(APIBaseModel):
id: str = Field(description="Role id")
required: bool = Field(description="Required")


class RolePermission(APIBaseModel):
Expand Down Expand Up @@ -144,6 +140,7 @@ class UserPermission(APIBaseModel):
description="Decision strategy to decide how to apply permissions")
name: str = Field(description="User policy name")
users: List[str] = Field(description="User policy users list")
description: Optional[str] = Field(description="User policy description")


class ModifyClientPermission(ClientPermission):
Expand Down Expand Up @@ -204,4 +201,7 @@ class ResourceBasedPermission(APIBaseModel):
description="Decision strategy to decide how to apply permissions")
name: str = Field(description="Resource based permission name")
resources: List[str] = Field(description="Resource based permission resources")
policies: List[str] = Field(description="Resource based permission policies")
policies: List[str] = Field(description="Resource based permission policies")

class ManagementPermission(APIBaseModel):
enabled: bool = Field(description="Management enabled/disabled")
6 changes: 5 additions & 1 deletion app/routers/clients_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from fastapi import APIRouter

from app.keycloak_client import keycloak
from app.models.permissions import ResourceBasedPermission
from app.models.permissions import ResourceBasedPermission, ManagementPermission

router = APIRouter(
prefix="/{client_id}/permissions",
Expand All @@ -18,6 +18,10 @@ def get_client_authz_permissions(client_id: str):
def get_client_management_permissions(client_id: str):
return keycloak.get_client_management_permissions(client_id)

@router.put("/management")
def get_client_management_permissions(client_id: str, managementPermission: ManagementPermission):
return keycloak.update_client_management_permissions(client_id, managementPermission.model_dump())


@router.get("/resources")
def get_client_resource_permissions(client_id: str):
Expand Down
131 changes: 90 additions & 41 deletions app/routers/clients_policies.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,70 +23,119 @@ def get_client_authz_policies(client_id: str):


@router.post("/client")
def create_client_policy(client_id: str, client_policy: ClientPermission):
client_policy = client_policy.model_dump()
client_policy["type"] = "client"
return keycloak.register_client_policy(client_id, client_policy)
def create_client_policy(client_id: str, policy: ClientPermission):
policy = policy.model_dump()
policy["type"] = "client"
return keycloak.register_client_policy(client_id, policy)


@router.post("/aggregated")
def create_aggregated_policy(client_id: str, aggregated_policy: AggregatedPermission):
aggregated_policy = aggregated_policy.model_dump()
aggregated_policy["type"] = "aggregated"
return keycloak.register_aggregated_policy(client_id, aggregated_policy)
def create_aggregated_policy(client_id: str, policy: AggregatedPermission):
policy = policy.model_dump()
policy["type"] = "aggregated"
return keycloak.register_aggregated_policy(client_id, policy)


@router.post("/scope")
def create_client_scope_policy(client_id: str, scope_policy: ScopePermission):
scope_policy = scope_policy.model_dump()
scope_policy["type"] = "scope"
return keycloak.register_client_scope_policy(client_id, scope_policy)
def create_client_scope_policy(client_id: str, policy: ScopePermission):
policy = policy.model_dump()
policy["type"] = "scope"
return keycloak.register_client_scope_policy(client_id, policy)


@router.post("/group")
def create_group_policy(client_id: str, group_policy: GroupPermission):
group_policy = group_policy.model_dump()
group_policy["type"] = "group"
return keycloak.register_group_policy(client_id, group_policy)
def create_group_policy(client_id: str, policy: GroupPermission):
policy = policy.model_dump()
policy["type"] = "group"
return keycloak.register_group_policy(client_id, policy)


@router.post("/regex")
def create_regex_policy(client_id: str, regex_policy: RegexPermission):
regex_policy = regex_policy.model_dump()
regex_policy["type"] = "regex"
return keycloak.register_regex_policy(client_id, regex_policy)
def create_regex_policy(client_id: str, policy: RegexPermission):
policy = policy.model_dump()
policy["type"] = "regex"
return keycloak.register_regex_policy(client_id, policy)


@router.post("/role")
def create_role_policy(client_id: str, role_policy: RolePermission):
role_policy = role_policy.model_dump()
role_policy["type"] = "role"
return keycloak.register_role_policy(client_id, role_policy)
def create_role_policy(client_id: str, policy: RolePermission):
policy = policy.model_dump()
policy["type"] = "role"
return keycloak.register_role_policy(client_id, policy)


@router.post("/time")
def create_time_policy(client_id: str,
time_policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
YearTimePermission | HourTimePermission | MinuteTimePermission):
time_policy = time_policy.model_dump()
time_policy["type"] = "time"
return keycloak.register_time_policy(client_id, time_policy)
policy = policy.model_dump()
policy["type"] = "time"
return keycloak.register_time_policy(client_id, policy)


@router.post("/user")
def create_user_policy(client_id: str, user_policy: UserPermission):
user_policy = user_policy.model_dump()
user_policy["type"] = "user"
return keycloak.register_user_policy(client_id, user_policy)


@router.put("/{policy_id}")
def update_policy(client_id: str, policy_id: str,
policy: ModifyClientPermission | ModifyAggregatedPermission | ModifyScopePermission |
ModifyRegexPermission | ModifyRolePermission | ModifyRelativeTimePermission | ModifyDayMonthTimePermission |
ModifyMonthTimePermission | ModifyYearTimePermission | ModifyHourTimePermission | ModifyMinuteTimePermission |
ModifyUserPermission):
return keycloak.update_policy(client_id, policy_id, policy.model_dump())
def create_user_policy(client_id: str, policy: UserPermission):
policy = policy.model_dump()
policy["type"] = "user"
return keycloak.register_user_policy(client_id, policy)


@router.put("/client/{policy_id}")
def update_client_policy(client_id: str, policy_id: str, policy: ClientPermission):
policy = policy.model_dump()
policy["type"] = "client"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/aggregated/{policy_id}")
def update_aggregated_policy(client_id: str, policy_id: str, policy: AggregatedPermission):
policy = policy.model_dump()
policy["type"] = "aggregated"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/scope/{policy_id}")
def update_client_scope_policy(client_id: str, policy_id: str, policy: ScopePermission):
scope_policy = policy.model_dump()
scope_policy["type"] = "scope"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/group/{policy_id}")
def update_group_policy(client_id: str, policy_id: str, policy: GroupPermission):
group_policy = policy.model_dump()
group_policy["type"] = "group"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/regex/{policy_id}")
def update_regex_policy(client_id: str, policy_id: str, policy: RegexPermission):
policy = policy.model_dump()
policy["type"] = "regex"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/role/{policy_id}")
def update_role_policy(client_id: str, policy_id: str, policy: RolePermission):
policy = policy.model_dump()
policy["type"] = "role"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/time/{policy_id}")
def update_time_policy(client_id: str, policy_id: str,
policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
YearTimePermission | HourTimePermission | MinuteTimePermission):
policy = policy.model_dump()
policy["type"] = "time"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/user/{policy_id}")
def update_user_policy(client_id: str, policy_id: str, policy: UserPermission):
policy = policy.model_dump()
policy["type"] = "user"
return keycloak.update_policy(client_id, policy_id, policy)


@router.delete("/{policy_id}")
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ retry==0.9.2
urllib3==2.0.7
pydantic==2.5.0
pydantic-settings==2.1.0
identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.9
identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.10

0 comments on commit c38a1c5

Please sign in to comment.