Class ClientPermissionsV2
java.lang.Object
org.keycloak.services.resources.admin.permissions.ClientPermissionsV2
- All Implemented Interfaces:
ClientPermissionEvaluator,ClientPermissionManagement
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final AuthorizationProviderprotected final RealmModelprotected final ResourceStoreprotected final org.keycloak.services.resources.admin.permissions.MgmtPermissionsprotected final KeycloakSessionFields inherited from interface org.keycloak.services.resources.admin.permissions.ClientPermissionManagement
CONFIGURE_SCOPE, MAP_ROLES_CLIENT_SCOPE, MAP_ROLES_COMPOSITE_SCOPE, MAP_ROLES_SCOPE -
Constructor Summary
ConstructorsConstructorDescriptionClientPermissionsV2(KeycloakSession session, RealmModel realm, AuthorizationProvider authz, org.keycloak.services.resources.admin.permissions.MgmtPermissionsV2 root) -
Method Summary
Modifier and TypeMethodDescriptionbooleancanConfigure(ClientModel client) booleancanExchangeTo(ClientModel authorizedClient, ClientModel client) booleancanExchangeTo(ClientModel authorizedClient, ClientModel to, AccessToken token) booleancanList()booleancanList(ClientModel clientModel) booleanbooleanReturnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole.booleancanManage(ClientModel client) Returnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole.booleancanManage(ClientScopeModel clientScope) Returnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole.booleanReturnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole.booleanbooleancanMapClientScopeRoles(ClientModel client) Returnstrueif the caller has a permission toClientPermissionManagement.MAP_ROLES_CLIENT_SCOPEfor the client.booleancanMapCompositeRoles(ClientModel client) Returnstrueif the caller has a permission toClientPermissionManagement.MAP_ROLES_COMPOSITE_SCOPEfor the client.booleancanMapRoles(ClientModel client) Returnstrueif the caller has a permission toClientPermissionManagement.MAP_ROLES_SCOPEfor the client.booleancanView()Returnstrueif the caller has at least one of theAdminRoles.MANAGE_CLIENTSorAdminRoles.VIEW_CLIENTSroles.booleancanView(ClientModel client) ReturnstrueifClientPermissionEvaluator.canView()orClientPermissionEvaluator.canConfigure(ClientModel)returnstrue.booleancanView(ClientScopeModel clientScope) Returnstrueif the caller has at least one of theAdminRoles.VIEW_CLIENTSorAdminRoles.MANAGE_CLIENTSroles.booleanbooleanconfigurePermission(ClientModel client) exchangeToPermission(ClientModel client) getAccess(ClientModel client) getClientsWithPermission(String scope) getPermissions(ClientModel client) booleanisPermissionsEnabled(ClientModel client) managePermission(ClientModel client) mapRolesPermission(ClientModel client) voidrequireConfigure(ClientModel client) Throws ForbiddenException ifClientPermissionEvaluator.canConfigure(ClientModel)returnsfalse.voidThrows ForbiddenException ifClientPermissionEvaluator.canList()returnsfalse.voidThrows ForbiddenException ifClientPermissionEvaluator.canListClientScopes()returnsfalse.voidThrows ForbiddenException ifClientPermissionEvaluator.canManage()returnsfalse.voidrequireManage(ClientModel client) Throws ForbiddenException ifClientPermissionEvaluator.canManage(ClientModel)returnsfalse.voidrequireManage(ClientScopeModel clientScope) Throws ForbiddenException ifClientPermissionEvaluator.canManage(ClientScopeModel)returnsfalse.voidThrows ForbiddenException ifClientPermissionEvaluator.canManageClientScopes()returnsfalse.voidvoidrequireView(ClientModel client) Throws ForbiddenException ifClientPermissionEvaluator.canView(ClientModel)returnsfalse.voidrequireView(ClientScopeModel clientScope) Throws ForbiddenException ifClientPermissionEvaluator.canView(ClientScopeModel)returnsfalse.voidresource(ClientModel client) resourceServer(ClientModel client) voidsetPermissionsEnabled(ClientModel client, boolean enable) viewPermission(ClientModel client)
-
Field Details
-
session
-
realm
-
authz
-
root
protected final org.keycloak.services.resources.admin.permissions.MgmtPermissions root -
resourceStore
-
-
Constructor Details
-
ClientPermissionsV2
public ClientPermissionsV2(KeycloakSession session, RealmModel realm, AuthorizationProvider authz, org.keycloak.services.resources.admin.permissions.MgmtPermissionsV2 root)
-
-
Method Details
-
canConfigure
Description copied from interface:ClientPermissionEvaluatorReturnstrueifClientPermissionEvaluator.canManage(ClientModel)returnstrue. Or if the caller has a permission toClientPermissionManagement.CONFIGURE_SCOPEthe client. For V2 only: Also if the caller has a permission toAdminPermissionsSchema.CONFIGUREall clients.- Specified by:
canConfigurein interfaceClientPermissionEvaluator
-
canManage
Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole. Or if the caller has a permission toAdminPermissionManagement.MANAGE_SCOPEthe client. For V2 only: Also if the caller has a permission toAdminPermissionsSchema.MANAGEall clients.- Specified by:
canManagein interfaceClientPermissionEvaluator
-
canManage
public boolean canManage()Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole. For V2 only: Also if it has permission toAdminPermissionsSchema.MANAGE.- Specified by:
canManagein interfaceClientPermissionEvaluator
-
canView
Description copied from interface:ClientPermissionEvaluatorReturnstrueifClientPermissionEvaluator.canView()orClientPermissionEvaluator.canConfigure(ClientModel)returnstrue. Or if the caller has a permission toAdminPermissionManagement.VIEW_SCOPEthe client. For V2 only: Also if the caller has a permission toAdminPermissionsSchema.VIEWall clients.- Specified by:
canViewin interfaceClientPermissionEvaluator
-
canView
public boolean canView()Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller has at least one of theAdminRoles.MANAGE_CLIENTSorAdminRoles.VIEW_CLIENTSroles. For V2 only: Also if it has permission toAdminPermissionsSchema.VIEW.- Specified by:
canViewin interfaceClientPermissionEvaluator
-
canMapRoles
Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller has a permission toClientPermissionManagement.MAP_ROLES_SCOPEfor the client. For V2 only: Also if the caller has a permission toAdminPermissionsSchema.MAP_ROLESfor all clients.- Specified by:
canMapRolesin interfaceClientPermissionEvaluator
-
canMapCompositeRoles
Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller has a permission toClientPermissionManagement.MAP_ROLES_COMPOSITE_SCOPEfor the client. For V2 only: Also if the caller has a permission toAdminPermissionsSchema.MAP_ROLES_COMPOSITEfor all clients.- Specified by:
canMapCompositeRolesin interfaceClientPermissionEvaluator
-
canMapClientScopeRoles
Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller has a permission toClientPermissionManagement.MAP_ROLES_CLIENT_SCOPEfor the client. For V2 only: Also if the caller has a permission toAdminPermissionsSchema.MAP_ROLES_CLIENT_SCOPEfor all clients.- Specified by:
canMapClientScopeRolesin interfaceClientPermissionEvaluator
-
canManageClientScopes
public boolean canManageClientScopes()Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole. For V2 only: Also if it has permission toAdminPermissionsSchema.MANAGE.- Specified by:
canManageClientScopesin interfaceClientPermissionEvaluator
-
canManage
Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller hasAdminRoles.MANAGE_CLIENTSrole. For V2 only: Also if it has permission toAdminPermissionsSchema.MANAGE.- Specified by:
canManagein interfaceClientPermissionEvaluator
-
canView
Description copied from interface:ClientPermissionEvaluatorReturnstrueif the caller has at least one of theAdminRoles.VIEW_CLIENTSorAdminRoles.MANAGE_CLIENTSroles. For V2 only: Also if it has permission toAdminPermissionsSchema.VIEWorAdminPermissionsSchema.MANAGE.- Specified by:
canViewin interfaceClientPermissionEvaluator
-
getClientsWithPermission
- Specified by:
getClientsWithPermissionin interfaceClientPermissionEvaluator
-
canExchangeTo
- Specified by:
canExchangeToin interfaceClientPermissionManagement
-
exchangeToPermission
- Specified by:
exchangeToPermissionin interfaceClientPermissionManagement
-
mapRolesPermission
- Specified by:
mapRolesPermissionin interfaceClientPermissionManagement
-
mapRolesClientScopePermission
- Specified by:
mapRolesClientScopePermissionin interfaceClientPermissionManagement
-
mapRolesCompositePermission
- Specified by:
mapRolesCompositePermissionin interfaceClientPermissionManagement
-
managePermission
- Specified by:
managePermissionin interfaceClientPermissionManagement
-
configurePermission
- Specified by:
configurePermissionin interfaceClientPermissionManagement
-
viewPermission
- Specified by:
viewPermissionin interfaceClientPermissionManagement
-
isPermissionsEnabled
- Specified by:
isPermissionsEnabledin interfaceClientPermissionEvaluator- Specified by:
isPermissionsEnabledin interfaceClientPermissionManagement
-
setPermissionsEnabled
- Specified by:
setPermissionsEnabledin interfaceClientPermissionEvaluator- Specified by:
setPermissionsEnabledin interfaceClientPermissionManagement
-
resource
- Specified by:
resourcein interfaceClientPermissionManagement
-
getPermissions
- Specified by:
getPermissionsin interfaceClientPermissionManagement
-
canList
public boolean canList()Description copied from interface:ClientPermissionEvaluatorReturnstrueifClientPermissionEvaluator.canView()returnstrue. Or if the caller has at least one of theAdminRoles.QUERY_CLIENTSorAdminRoles.QUERY_USERSroles.- Specified by:
canListin interfaceClientPermissionEvaluator
-
canList
-
requireList
public void requireList()Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canList()returnsfalse.- Specified by:
requireListin interfaceClientPermissionEvaluator
-
canListClientScopes
public boolean canListClientScopes()Description copied from interface:ClientPermissionEvaluatorReturnstrueifClientPermissionEvaluator.canView()returnstrue. Or if the caller hasAdminRoles.QUERY_CLIENTSrole.- Specified by:
canListClientScopesin interfaceClientPermissionEvaluator
-
requireListClientScopes
public void requireListClientScopes()Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canListClientScopes()returnsfalse.- Specified by:
requireListClientScopesin interfaceClientPermissionEvaluator
-
canManageClientsDefault
public boolean canManageClientsDefault() -
canViewClientDefault
public boolean canViewClientDefault() -
requireManage
public void requireManage()Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canManage()returnsfalse.- Specified by:
requireManagein interfaceClientPermissionEvaluator
-
requireView
public void requireView()Description copied from interface:ClientPermissionEvaluator- Specified by:
requireViewin interfaceClientPermissionEvaluator
-
canExchangeTo
- Specified by:
canExchangeToin interfaceClientPermissionManagement
-
requireConfigure
Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canConfigure(ClientModel)returnsfalse.- Specified by:
requireConfigurein interfaceClientPermissionEvaluator
-
requireManage
Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canManage(ClientModel)returnsfalse.- Specified by:
requireManagein interfaceClientPermissionEvaluator
-
requireView
Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canView(ClientModel)returnsfalse.- Specified by:
requireViewin interfaceClientPermissionEvaluator
-
canViewClientScopes
public boolean canViewClientScopes()Description copied from interface:ClientPermissionEvaluator- Specified by:
canViewClientScopesin interfaceClientPermissionEvaluator
-
requireManageClientScopes
public void requireManageClientScopes()Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canManageClientScopes()returnsfalse.- Specified by:
requireManageClientScopesin interfaceClientPermissionEvaluator
-
requireViewClientScopes
public void requireViewClientScopes()Description copied from interface:ClientPermissionEvaluator- Specified by:
requireViewClientScopesin interfaceClientPermissionEvaluator
-
requireManage
Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canManage(ClientScopeModel)returnsfalse.- Specified by:
requireManagein interfaceClientPermissionEvaluator
-
requireView
Description copied from interface:ClientPermissionEvaluatorThrows ForbiddenException ifClientPermissionEvaluator.canView(ClientScopeModel)returnsfalse.- Specified by:
requireViewin interfaceClientPermissionEvaluator
-
resourceServer
- Specified by:
resourceServerin interfaceClientPermissionManagement
-
getAccess
- Specified by:
getAccessin interfaceClientPermissionEvaluator
-