98 lines
2.7 KiB
TypeScript
98 lines
2.7 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import { getServerSession } from "next-auth";
|
|
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
|
|
import { getKeycloakAdminClient } from "@/lib/keycloak";
|
|
import { RoleRepresentation } from "@keycloak/keycloak-admin-client/lib/defs/roleRepresentation";
|
|
|
|
export async function GET(
|
|
request: Request,
|
|
{ params }: { params: { userId: string } }
|
|
) {
|
|
try {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
const { userId } = params;
|
|
const kcAdminClient = await getKeycloakAdminClient();
|
|
|
|
// Get all available roles
|
|
const availableRoles = await kcAdminClient.roles.find();
|
|
|
|
// Get user's current roles
|
|
const userRoles = await kcAdminClient.users.listRoleMappings({
|
|
id: userId,
|
|
});
|
|
|
|
return NextResponse.json({
|
|
availableRoles,
|
|
userRoles,
|
|
});
|
|
} catch (error) {
|
|
console.error("Error fetching roles:", error);
|
|
return NextResponse.json(
|
|
{ error: "Failed to fetch roles" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|
|
|
|
export async function PUT(
|
|
request: Request,
|
|
{ params }: { params: { userId: string } }
|
|
) {
|
|
try {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
const { userId } = params;
|
|
const { roles } = await request.json();
|
|
const kcAdminClient = await getKeycloakAdminClient();
|
|
|
|
// Get all available roles
|
|
const availableRoles = await kcAdminClient.roles.find();
|
|
|
|
// Get current user roles
|
|
const currentRoles = await kcAdminClient.users.listRoleMappings({
|
|
id: userId,
|
|
});
|
|
|
|
// Find roles to add and remove
|
|
const rolesToAdd = roles.filter(
|
|
(role: string) => !currentRoles.realmMappings?.some((r: RoleRepresentation) => r.name === role)
|
|
);
|
|
const rolesToRemove = currentRoles.realmMappings?.filter(
|
|
(role: RoleRepresentation) => !roles.includes(role.name)
|
|
);
|
|
|
|
// Add new roles
|
|
for (const roleName of rolesToAdd) {
|
|
const role = availableRoles.find((r: RoleRepresentation) => r.name === roleName);
|
|
if (role) {
|
|
await kcAdminClient.users.addRealmRoleMappings({
|
|
id: userId,
|
|
roles: [role],
|
|
});
|
|
}
|
|
}
|
|
|
|
// Remove old roles
|
|
if (rolesToRemove && rolesToRemove.length > 0) {
|
|
await kcAdminClient.users.delRealmRoleMappings({
|
|
id: userId,
|
|
roles: rolesToRemove,
|
|
});
|
|
}
|
|
|
|
return NextResponse.json({ success: true });
|
|
} catch (error) {
|
|
console.error("Error updating roles:", error);
|
|
return NextResponse.json(
|
|
{ error: "Failed to update roles" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|