alma/NeahFront3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update api users and groups and users 11

Browse Source
This commit is contained in:
Alma 2025-04-09 21:32:19 +02:00
parent 992d5ec2a0
commit 159ad9cbdf
3 changed files with 194 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
app/api/groups/[groupId]/members/route.ts Normal file
View File

@ -0,0 +1,121 @@
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
import { NextResponse } from "next/server";
export async function GET(
req: Request,
{ params }: { params: { groupId: string } }
) {
const session = await getServerSession(authOptions);
if (!session) {
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
}
try {
// Get client credentials token
const tokenResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: process.env.KEYCLOAK_CLIENT_ID!,
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
}),
}
);
const tokenData = await tokenResponse.json();
if (!tokenResponse.ok) {
console.error("Failed to get token:", tokenData);
return NextResponse.json({ error: "Failed to get token" }, { status: 500 });
}
// Get group members
const membersResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/groups/${params.groupId}/members`,
{
headers: {
'Authorization': `Bearer ${tokenData.access_token}`,
},
}
);
if (!membersResponse.ok) {
const errorData = await membersResponse.json();
console.error("Failed to get group members:", errorData);
return NextResponse.json({ error: "Failed to get group members" }, { status: membersResponse.status });
}
const members = await membersResponse.json();
return NextResponse.json(members);
} catch (error) {
console.error("Error in get group members:", error);
return NextResponse.json({ error: "Internal server error" }, { status: 500 });
}
}
export async function POST(
req: Request,
{ params }: { params: { groupId: string } }
) {
const session = await getServerSession(authOptions);
if (!session) {
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
}
try {
const { userId } = await req.json();
// Get client credentials token
const tokenResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: process.env.KEYCLOAK_CLIENT_ID!,
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
}),
}
);
const tokenData = await tokenResponse.json();
if (!tokenResponse.ok) {
console.error("Failed to get token:", tokenData);
return NextResponse.json({ error: "Failed to get token" }, { status: 500 });
}
// Add user to group
const addResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${userId}/groups/${params.groupId}`,
{
method: 'PUT',
headers: {
'Authorization': `Bearer ${tokenData.access_token}`,
},
}
);
if (!addResponse.ok) {
const errorData = await addResponse.json();
console.error("Failed to add user to group:", errorData);
return NextResponse.json({ error: "Failed to add user to group" }, { status: addResponse.status });
}
return NextResponse.json({ success: true });
} catch (error) {
console.error("Error in add user to group:", error);
return NextResponse.json({ error: "Internal server error" }, { status: 500 });
}
}

214
app/api/users/[userId]/roles/route.ts
View File

@ -1,149 +1,97 @@
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
import { NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
import { getKeycloakAdminClient } from "@/lib/keycloak";
import { RoleRepresentation } from "@keycloak/keycloak-admin-client/lib/defs/roleRepresentation";
async function getAdminToken() {
try {
const tokenResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: process.env.KEYCLOAK_CLIENT_ID!,
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
}),
}
);
const data = await tokenResponse.json();
if (!tokenResponse.ok || !data.access_token) {
console.error('Token Error:', data);
return null;
}
return data.access_token;
} catch (error) {
console.error('Token Error:', error);
return null;
}
}
export async function PUT(
req: Request,
export async function GET(
request: Request,
{ params }: { params: { userId: string } }
) {
const session = await getServerSession(authOptions);
if (!session) {
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
}
try {
const { roles } = await req.json();
const token = await getAdminToken();
if (!token) {
return NextResponse.json({ error: "Erreur d'authentification" }, { status: 401 });
const session = await getServerSession(authOptions);
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
// First, get all available roles from Keycloak
const rolesResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/roles`,
{
headers: {
Authorization: `Bearer ${token}`,
},
}
);
const { userId } = params;
const kcAdminClient = await getKeycloakAdminClient();
if (!rolesResponse.ok) {
const errorData = await rolesResponse.json();
console.error("Failed to fetch roles:", errorData);
return NextResponse.json({ error: "Erreur lors de la récupération des rôles" }, { status: rolesResponse.status });
}
// Get all available roles
const availableRoles = await kcAdminClient.roles.find();
const availableRoles = await rolesResponse.json();
console.log("Available roles:", availableRoles);
// Map role names to role objects
const roleObjects = roles.map((roleName: string) => {
const role = availableRoles.find((r: any) => r.name === roleName);
if (!role) {
throw new Error(`Role ${roleName} not found in Keycloak`);
}
return role;
// Get user's current roles
const userRoles = await kcAdminClient.users.listRoleMappings({
id: userId,
});
// First, get current role mappings
const currentMappingsResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
{
headers: {
Authorization: `Bearer ${token}`,
},
}
);
if (!currentMappingsResponse.ok) {
const errorData = await currentMappingsResponse.json();
console.error("Failed to fetch current role mappings:", errorData);
return NextResponse.json({ error: "Erreur lors de la récupération des rôles actuels" }, { status: currentMappingsResponse.status });
}
const currentMappings = await currentMappingsResponse.json();
// Remove all current role mappings
if (currentMappings.length > 0) {
const deleteResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
{
method: 'DELETE',
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(currentMappings),
}
);
if (!deleteResponse.ok) {
const errorData = await deleteResponse.json();
console.error("Failed to remove current roles:", errorData);
return NextResponse.json({ error: "Erreur lors de la suppression des rôles actuels" }, { status: deleteResponse.status });
}
}
// Add new role mappings
if (roleObjects.length > 0) {
const addResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
{
method: 'POST',
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(roleObjects),
}
);
if (!addResponse.ok) {
const errorData = await addResponse.json();
console.error("Failed to add new roles:", errorData);
return NextResponse.json({ error: "Erreur lors de l'ajout des nouveaux rôles" }, { status: addResponse.status });
}
}
return NextResponse.json({ success: true, roles });
return NextResponse.json({
availableRoles,
userRoles,
});
} catch (error) {
console.error("Error in update roles:", error);
console.error("Error fetching roles:", error);
return NextResponse.json(
{ error: error instanceof Error ? error.message : "Une erreur est survenue" },
{ error: "Failed to fetch roles" },
{ status: 500 }
);
}
}
export async function PUT(
request: Request,
{ params }: { params: { userId: string } }
) {
try {
const session = await getServerSession(authOptions);
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const { userId } = params;
const { roles } = await request.json();
const kcAdminClient = await getKeycloakAdminClient();
// Get all available roles
const availableRoles = await kcAdminClient.roles.find();
// Get current user roles
const currentRoles = await kcAdminClient.users.listRoleMappings({
id: userId,
});
// Find roles to add and remove
const rolesToAdd = roles.filter(
(role: string) => !currentRoles.clientMappings?.some((r: RoleRepresentation) => r.name === role)
);
const rolesToRemove = currentRoles.clientMappings?.filter(
(role: RoleRepresentation) => !roles.includes(role.name)
);
// Add new roles
for (const roleName of rolesToAdd) {
const role = availableRoles.find((r: RoleRepresentation) => r.name === roleName);
if (role) {
await kcAdminClient.users.addRealmRoleMappings({
id: userId,
roles: [role],
});
}
}
// Remove old roles
if (rolesToRemove && rolesToRemove.length > 0) {
await kcAdminClient.users.delRealmRoleMappings({
id: userId,
roles: rolesToRemove,
});
}
return NextResponse.json({ success: true });
} catch (error) {
console.error("Error updating roles:", error);
return NextResponse.json(
{ error: "Failed to update roles" },
{ status: 500 }
);
}

6
components/users/users-table.tsx
View File

@ -551,6 +551,7 @@ export function UsersTable({ userRole = [] }: UsersTableProps) {
variant="ghost"
className="h-8 w-8 p-0"
onClick={(e) => {
e.preventDefault();
e.stopPropagation();
}}
>
@ -562,6 +563,7 @@ export function UsersTable({ userRole = [] }: UsersTableProps) {
<DropdownMenuLabel>Actions</DropdownMenuLabel>
<DropdownMenuItem
onClick={(e) => {
e.preventDefault();
e.stopPropagation();
handleEdit(user.id);
}}
@ -571,6 +573,7 @@ export function UsersTable({ userRole = [] }: UsersTableProps) {
</DropdownMenuItem>
<DropdownMenuItem
onClick={(e) => {
e.preventDefault();
e.stopPropagation();
handleManageRoles(user.id);
}}
@ -580,6 +583,7 @@ export function UsersTable({ userRole = [] }: UsersTableProps) {
</DropdownMenuItem>
<DropdownMenuItem
onClick={(e) => {
e.preventDefault();
e.stopPropagation();
handleChangePassword(user.id);
}}
@ -589,6 +593,7 @@ export function UsersTable({ userRole = [] }: UsersTableProps) {
</DropdownMenuItem>
<DropdownMenuItem
onClick={(e) => {
e.preventDefault();
e.stopPropagation();
handleToggleUserStatus(user.id, user.enabled);
}}
@ -609,6 +614,7 @@ export function UsersTable({ userRole = [] }: UsersTableProps) {
<DropdownMenuItem
className="text-red-600"
onClick={(e) => {
e.preventDefault();
e.stopPropagation();
handleDelete(user.id);
}}