Skip to content

Commit

Permalink
Policy Enforcer Updates
Browse files Browse the repository at this point in the history 
- Fixed issues related to RPTResponse when response mode is set on RPTRequest
- Permissions are encapsulated in a ResponsePermission class.
  • Loading branch information
@cloudcogsio
cloudcogsio committed Sep 14, 2022
1 parent bd5430f commit c50fedf
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 4 deletions.
10 changes: 7 additions & 3 deletions src/Provider/Keycloak/PolicyEnforcer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@ public function isGranted() : ResponseInterface {
// No permitted resources/permissions returned from keycloak, return 403
if ($permissions == null) return new EmptyResponse(StatusCodeInterface::STATUS_FORBIDDEN);

/** @var $permission ResourcePermission */
foreach ($permissions as $permission) {
if ($permission->getResourceId() == $kcResourceId) {
$this->permission = $permission;
Expand Down Expand Up @@ -95,10 +94,15 @@ public function getGrantedKeycloakResourcePermission() : ?ResourcePermission {
public function getKeycloakPermissions(): ?array
{
$RPTRequest = new RequestingPartyTokenRequest($this->Keycloak, $this->bearerToken);
$RPTRequest->setAudience($this->Keycloak->getAudienceFromKeycloakConfig())->setResponseMode();
$RPTRequest->setAudience($this->Keycloak->getAudienceFromKeycloakConfig())->setResponseMode('permissions');

$RPTResponse = $this->Keycloak->getAuthorizationToken($RPTRequest);
return $RPTResponse->getPermissions();
$permissions = $RPTResponse->getPermissions();
array_walk($permissions, function(&$permission, $i){
$permission = new ResourcePermission((array) $permission);
});

return $permissions;
}

/**
Expand Down
7 changes: 6 additions & 1 deletion src/Provider/Keycloak/ResourcePermission.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
class ResourcePermission
{
const SCOPE = "scope";
const RESOURCE_SCOPES = "resource_scopes";
const RESOURCE_ID = "rsid";
const RESOURCE_NAME = "rsname";

Expand All @@ -23,10 +24,14 @@ public function getResourceId() : string {
return $this->permission[self::RESOURCE_ID];
}

public function getResourceScopes() : array {
public function getScopes() : array {
return $this->permission[self::SCOPE];
}

public function getResourceScopes() : ?array {
return $this->permission[self::RESOURCE_SCOPES];
}

public function hasScope(string $scope) : bool {
return in_array($scope, $this->getResourceScopes());
}
Expand Down

0 comments on commit c50fedf

Please sign in to comment.