def delete_region(keycloak: KeycloakClient, region_id, user): region = model.Region.query.get(region_id) if not region: return problem(404, 'Not Found', f'Region {region_id} does not exist') if not keycloak.user_check_role(user, ADMIN_ROLE): if not keycloak.user_check_group(user, region.owner_group): raise Forbidden("You don't have write access to this region.") q = model.RegionProduct.query.filter( model.RegionProduct.region_id == region.id, ) if q.count() > 0: for relation in q.all(): db.session.delete(relation) db.session.flush() db.session.delete(region) try: owner_group = keycloak.group_get(region.owner_group) keycloak.group_delete(owner_group['id']) logger.info(f'Deleted owners group {owner_group["id"]}') except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', f'Failed to delete owner group in Keycloak, {e}') db.session.commit() logger.info( f'Region {region.name} (id {region.id}) deleted by user {user}')
def get_current_user(user): try: return get_keycloak().user_get(user), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def list_user_groups(id): try: return get_keycloak().user_group_list(id), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def get_role(id): try: return get_keycloak().role_get(id), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def get_user(keycloak: KeycloakClient, user_id): try: user_data = keycloak.user_get(user_id) return user_data | {'_href': _user_href(user_data)} except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def add_user_group(id, body): try: get_keycloak().group_user_add(id, body['id']) return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def get_role(keycloak: KeycloakClient, role_id): try: role_data = keycloak.role_get(role_id) return role_data | {'_href': _role_href(role_data)} except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def add_user_group(keycloak: KeycloakClient, user_id, body, user): try: keycloak.group_user_add(user_id, body['id']) return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def delete_user_group(id): try: get_keycloak().group_user_remove(id, request.json['id']) return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def get_group(keycloak: KeycloakClient, group_id): try: group_data = keycloak.group_get(group_id) return group_data | {'_href': _group_href(group_data)} except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def delete_role(keycloak: KeycloakClient, role_id, user): try: keycloak.role_delete(role_id) logger.info(f'Deleted role {role_id}') return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def update_user(id, body): try: get_keycloak().user_update(id, body) logger.info(f'Updated user {id}') return get_keycloak().user_get(id), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def create_role(body): try: role_id = get_keycloak().role_create(body) logger.info(f'Create role {role_id}') return get_keycloak().role_get(role_id), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def delete_user(id): try: get_keycloak().user_delete(id) logger.info(f'Deleted user {id}') return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def delete_group(keycloak: KeycloakClient, group_id, user): try: keycloak.group_delete(group_id) logger.info(f'Deleted group {group_id}') return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def create_user(body): try: user_id = get_keycloak().user_create(body) logger.info(f'Created user {user_id}') return get_keycloak().user_get(user_id), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def create_group(body): try: group_id = get_keycloak().group_create(body) logger.info(f'Created group {id}') return get_keycloak().group_get(group_id), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def update_user(keycloak: KeycloakClient, user_id, body, user): try: keycloak.user_update(user_id, body) logger.info(f'Updated user {user_id}') user_data = keycloak.user_get(user_id) return user_data | {'_href': _user_href(user_data)} except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def list_groups(keycloak: KeycloakClient): try: return [ group | {'_href': _group_href(group)} for group in keycloak.group_list() ] except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def update_role(id, body): try: get_keycloak().role_update(id, body) role_name = body['name'] logger.info(f'Updated role {id}') return get_keycloak().role_get(role_name), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def update_group(keycloak: KeycloakClient, group_id, body, user): try: keycloak.group_update(group_id, body) logger.info(f'Updated group {group_id}') group_data = keycloak.group_get(group_id) return group_data | {'_href': _group_href(group_data)} except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def create_role(keycloak: KeycloakClient, body, user): try: role_id = keycloak.role_create(body) logger.info(f'Create role {role_id}') role_data = keycloak.role_get(role_id) return role_data | {'_href': _role_href(role_data)} except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def get_token_info(): # Bearer auth is enforced by connexion (see openapi spec) _, access_token = request.headers['Authorization'].split() try: return get_keycloak().token_info(access_token), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def list_roles(keycloak: KeycloakClient): try: return [ role | { '_href': _role_href(role) } for role in keycloak.role_list() ] except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def list_group_users(keycloak: KeycloakClient, group_id): try: from rhub.api.auth.user import _user_href return [ user | {'_href': _user_href(user)} for user in keycloak.group_user_list(group_id) ] except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def update_role(keycloak: KeycloakClient, role_id, body, user): try: keycloak.role_update(role_id, body) role_name = body['name'] logger.info(f'Updated role {role_id}') role_data = keycloak.role_get(role_name) return role_data | {'_href': _role_href(role_data)} except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def list_user_groups(keycloak: KeycloakClient, user_id): try: from rhub.api.auth.group import _group_href return [ group | { '_href': _group_href(group) } for group in keycloak.user_group_list(user_id) ] except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def create_token(): if not request.authorization: return problem(401, 'Unauthorized', 'Missing basic auth credentials') username = request.authorization['username'] password = request.authorization['password'] try: return get_keycloak().login(username, password), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def refresh_token(): if 'Authorization' not in request.headers: return problem(401, 'Unauthorized', 'Missing refresh token') try: _, refresh_token = request.headers['Authorization'].split() except Exception: return problem(401, 'Unauthorized', 'Invalid token') try: return get_keycloak().token_refresh(refresh_token), 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def list_users(keycloak: KeycloakClient, filter_, page=0, limit=DEFAULT_PAGE_LIMIT): try: return [ user | { '_href': _user_href(user) } for user in keycloak.user_list({ 'first': page * limit, 'max': limit, **filter_, }) ] except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))