Package org.keycloak.services.resources.admin.permissions

Interface ClientPermissionEvaluator

public interface ClientPermissionEvaluator

Version:

$Revision: 1 $

Author:

Bill Burke

Method Summary

Modifier and Type	Method	Description
boolean	canConfigure(ClientModel client)	Returns true if canManage(ClientModel) returns true.
boolean	canList()	Returns true if canView() returns true.
boolean	canListClientScopes()	Returns true if canView() returns true.
boolean	canManage()	Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.
boolean	canManage(ClientModel client)	Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.
boolean	canManage(ClientScopeModel clientScope)	Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.
boolean	canManageClientScopes()	Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.
boolean	canMapClientScopeRoles(ClientModel client)	Returns true if the caller has a permission to ClientPermissionManagement.MAP_ROLES_CLIENT_SCOPE for the client.
boolean	canMapCompositeRoles(ClientModel client)	Returns true if the caller has a permission to ClientPermissionManagement.MAP_ROLES_COMPOSITE_SCOPE for the client.
boolean	canMapRoles(ClientModel client)	Returns true if the caller has a permission to ClientPermissionManagement.MAP_ROLES_SCOPE for the client.
boolean	canView()	Returns true if the caller has at least one of the AdminRoles.MANAGE_CLIENTS or AdminRoles.VIEW_CLIENTS roles.
boolean	canView(ClientModel client)	Returns true if canView() or canConfigure(ClientModel) returns true.
boolean	canView(ClientScopeModel clientScope)	Returns true if the caller has at least one of the AdminRoles.VIEW_CLIENTS or AdminRoles.MANAGE_CLIENTS roles.
boolean	canViewClientScopes()	Returns true if canView() returns true.
Map<String,Boolean>	getAccess(ClientModel client)
Set<String>	getClientIdsByScope(String scope)	Returns the IDs of the clients that the current user can perform based on scope.
boolean	isPermissionsEnabled(ClientModel client)
void	requireConfigure(ClientModel client)	Throws ForbiddenException if canConfigure(ClientModel) returns false.
void	requireList()	Throws ForbiddenException if canList() returns false.
void	requireListClientScopes()	Throws ForbiddenException if canListClientScopes() returns false.
void	requireManage()	Throws ForbiddenException if canManage() returns false.
void	requireManage(ClientModel client)	Throws ForbiddenException if canManage(ClientModel) returns false.
void	requireManage(ClientScopeModel clientScope)	Throws ForbiddenException if canManage(ClientScopeModel) returns false.
void	requireManageClientScopes()	Throws ForbiddenException if canManageClientScopes() returns false.
void	requireView()	Returns true if canView() returns true.
void	requireView(ClientModel client)	Throws ForbiddenException if canView(ClientModel) returns false.
void	requireView(ClientScopeModel clientScope)	Throws ForbiddenException if canView(ClientScopeModel) returns false.
void	requireViewClientScopes()	Returns true if canViewClientScopes() returns true.
void	setPermissionsEnabled(ClientModel client, boolean enable)

Method Details

isPermissionsEnabled

boolean isPermissionsEnabled(ClientModel client)

setPermissionsEnabled

void setPermissionsEnabled(ClientModel client,
 boolean enable)

requireListClientScopes

void requireListClientScopes()

Throws ForbiddenException if canListClientScopes() returns false.

canManage

boolean canManage()

Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.

For V2 only: Also if it has permission to AdminPermissionsSchema.MANAGE.

requireManage

void requireManage()

Throws ForbiddenException if canManage() returns false.

canManageClientScopes

boolean canManageClientScopes()

Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.

For V2 only: Also if it has permission to AdminPermissionsSchema.MANAGE.

requireManageClientScopes

void requireManageClientScopes()

Throws ForbiddenException if canManageClientScopes() returns false.

canView

boolean canView()

Returns true if the caller has at least one of the AdminRoles.MANAGE_CLIENTS or AdminRoles.VIEW_CLIENTS roles.

For V2 only: Also if it has permission to AdminPermissionsSchema.VIEW.

canList

boolean canList()

Returns true if canView() returns true.

Or if the caller has at least one of the AdminRoles.QUERY_CLIENTS role.

V1: or AdminRoles.QUERY_USERS roles.

canViewClientScopes

boolean canViewClientScopes()

Returns true if canView() returns true.

requireList

void requireList()

Throws ForbiddenException if canList() returns false.

canListClientScopes

boolean canListClientScopes()

Returns true if canView() returns true.

Or if the caller has AdminRoles.QUERY_CLIENTS role.

requireView

void requireView()

Returns true if canView() returns true.

requireViewClientScopes

void requireViewClientScopes()

Returns true if canViewClientScopes() returns true.

canManage

boolean canManage(ClientModel client)

Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.

Or if the caller has a permission to AdminPermissionManagement.MANAGE_SCOPE the client.

For V2 only: Also if the caller has a permission to AdminPermissionsSchema.MANAGE all clients.

canConfigure

boolean canConfigure(ClientModel client)

Returns true if canManage(ClientModel) returns true.

Or if the caller has a permission to ClientPermissionManagement.CONFIGURE_SCOPE the client.

For V2 only: the call is redirected to canManage(ClientModel).

requireConfigure

void requireConfigure(ClientModel client)

Throws ForbiddenException if canConfigure(ClientModel) returns false.

For V2 only: the call is redirected to requireManage(ClientModel).

requireManage

void requireManage(ClientModel client)

Throws ForbiddenException if canManage(ClientModel) returns false.

canView

boolean canView(ClientModel client)

Returns true if canView() or canConfigure(ClientModel) returns true.

Or if the caller has a permission to AdminPermissionManagement.VIEW_SCOPE the client.

For V2 only: Also if the caller has a permission to AdminPermissionsSchema.VIEW all clients.

requireView

void requireView(ClientModel client)

Throws ForbiddenException if canView(ClientModel) returns false.

canManage

boolean canManage(ClientScopeModel clientScope)

Returns true if the caller has AdminRoles.MANAGE_CLIENTS role.

For V2 only: Also if it has permission to AdminPermissionsSchema.MANAGE.

requireManage

void requireManage(ClientScopeModel clientScope)

Throws ForbiddenException if canManage(ClientScopeModel) returns false.

canView

boolean canView(ClientScopeModel clientScope)

Returns true if the caller has at least one of the AdminRoles.VIEW_CLIENTS or AdminRoles.MANAGE_CLIENTS roles.

For V2 only: Also if it has permission to AdminPermissionsSchema.VIEW.

requireView

void requireView(ClientScopeModel clientScope)

Throws ForbiddenException if canView(ClientScopeModel) returns false.

canMapRoles

boolean canMapRoles(ClientModel client)

Returns true if the caller has a permission to ClientPermissionManagement.MAP_ROLES_SCOPE for the client.

For V2 only: Also if the caller has a permission to AdminPermissionsSchema.MAP_ROLES for all clients.

canMapCompositeRoles

boolean canMapCompositeRoles(ClientModel client)

Returns true if the caller has a permission to ClientPermissionManagement.MAP_ROLES_COMPOSITE_SCOPE for the client.

For V2 only: Also if the caller has a permission to AdminPermissionsSchema.MAP_ROLES_COMPOSITE for all clients.

canMapClientScopeRoles

boolean canMapClientScopeRoles(ClientModel client)

Returns true if the caller has a permission to ClientPermissionManagement.MAP_ROLES_CLIENT_SCOPE for the client.

For V2 only: Also if the caller has a permission to AdminPermissionsSchema.MAP_ROLES_CLIENT_SCOPE for all clients.

getAccess

Map<String,Boolean> getAccess(ClientModel client)

getClientIdsByScope

Set<String> getClientIdsByScope(String scope)

Returns the IDs of the clients that the current user can perform based on scope.

Returns:

Stream of IDs of clients with scope permission.