<?php namespace Keycloak\API; use Exception; use Log; /** * RoleMapper class * * This class provide an easy to use interface for * the Keycloak RoleMapper REST API. */ class RoleMapper extends BaseKeycloakAPIEndpoint { /** * Get realm-level role mappings for a user * GET /admin/realms/{realm}/users/{id}/role-mappings/realm * * Returns Array of RoleRepresentations */ public function getRealmRoleMappingsForUser($realm, $user_id){ // curl -H "Authorization: bearer $access_token" https://149.165.156.62:8443/auth/admin/realms/airavata/users/2c9ad2c6-0212-4aef-a5fb-9df862578934/role-mappings/realm // get access token for admin API $access_token = $this->getAPIAccessToken($realm); $url = $this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users/' . rawurlencode($user_id) . '/role-mappings/realm'; // Log::debug("getRealmRoleMappingsForUser url", array($url)); $r = curl_init($url); curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); curl_setopt($r, CURLOPT_ENCODING, 1); curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer); if($this->verify_peer && $this->cafile_path){ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path); } curl_setopt($r, CURLOPT_HTTPHEADER, array( "Authorization: Bearer " . $access_token )); $response = curl_exec($r); if ($response == false) { Log::error("Failed to retrieve realm role mappings for user"); die("curl_exec() failed. Error: " . curl_error($r)); } $result = json_decode($response); // Log::debug("getRealmRoleMappingsForUser result", array($result)); return $result; } /** * Add realm-level role mappings for a user * POST /admin/realms/{realm}/users/{user_id}/role-mappings/realm */ public function addRealmRoleMappingsToUser($realm, $user_id, $role_representations) { // get access token for admin API $access_token = $this->getAPIAccessToken($realm); $url = $this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users/' . rawurlencode($user_id) . '/role-mappings/realm'; // Log::debug("addRealmRoleMappingsToUser", array($url, $role_representations)); $r = curl_init($url); curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); curl_setopt($r, CURLOPT_ENCODING, 1); curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer); if($this->verify_peer && $this->cafile_path){ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path); } curl_setopt($r, CURLOPT_POST, true); $data = json_encode($role_representations); // Log::debug("addRealmRoleMappingsToUser data=$data"); curl_setopt($r, CURLOPT_HTTPHEADER, array( "Authorization: Bearer " . $access_token, 'Content-Type: application/json', 'Content-Length: ' . strlen($data)) ); curl_setopt($r, CURLOPT_POSTFIELDS, $data); $response = curl_exec($r); $info = curl_getinfo($r); if ($info['http_code'] != 200 && $info['http_code'] != 204) { throw new Exception("Failed to add realm role mapping to user"); } return; } /* * Delete realm-level role mappings for a user * DELETE /admin/realms/{realm}/users/{user_id}/role-mappings/realm */ public function deleteRealmRoleMappingsToUser($realm, $user_id, $role_representations) { // get access token for admin API $access_token = $this->getAPIAccessToken($realm); $url = $this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users/' . rawurlencode($user_id) . '/role-mappings/realm'; // Log::debug("deleteRealmRoleMappingsToUser", array($url, $role_representations)); $r = curl_init($url); curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); curl_setopt($r, CURLOPT_ENCODING, 1); curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer); if($this->verify_peer && $this->cafile_path){ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path); } curl_setopt($r, CURLOPT_CUSTOMREQUEST, "DELETE"); curl_setopt($r, CURLOPT_POST, true); $data = json_encode($role_representations); // Log::debug("deleteRealmRoleMappingsToUser data=$data"); curl_setopt($r, CURLOPT_HTTPHEADER, array( "Authorization: Bearer " . $access_token, 'Content-Type: application/json', 'Content-Length: ' . strlen($data)) ); curl_setopt($r, CURLOPT_POSTFIELDS, $data); $response = curl_exec($r); $info = curl_getinfo($r); if ($info['http_code'] != 200 && $info['http_code'] != 204) { throw new Exception("Failed to delete realm role mapping to user"); } return; } }