From 4657feaf6ed3938c277ea90d4e78314b51ac3d5c Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 9 Apr 2024 12:42:43 +0200
Subject: [PATCH] fix: [keycloak] user enrollment now syncs permissions
 correctly

---
 src/Model/Behavior/AuthKeycloakBehavior.php | 13 ++++++++++---
 src/Model/Table/UsersTable.php              |  7 -------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 2678711..1ad6362 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -199,6 +199,9 @@ class AuthKeycloakBehavior extends Behavior
                 'model_title' => __('Successful Keycloak enrollment for user {0}', $user['username']),
                 'changed' => $logChange
             ]);
+            $saved_user = $this->getCerebrateUsers($user['id']);
+            $clientId = $this->getClientId();
+            $this->syncUsers($saved_user, $clientId);
             $response = $this->restApiRequest(
                 '%s/admin/realms/%s/users/' . urlencode($newUserId) . '/execute-actions-email',
                 ['UPDATE_PASSWORD'],
@@ -357,10 +360,10 @@ class AuthKeycloakBehavior extends Behavior
         return $keycloakUsersParsed;
     }
 
-    private function getCerebrateUsers(): array
+    private function getCerebrateUsers($id = null): array
     {
         $metaFieldsSelector = ['fields' => ['MetaFields.field', 'MetaFields.parent_id', 'MetaFields.value']];
-        $results = $this->_table->find()->contain(['Individuals', 'Organisations', 'Roles', 'MetaFields' => $metaFieldsSelector])->select([
+        $query = $this->_table->find()->contain(['Individuals', 'Organisations', 'Roles', 'MetaFields' => $metaFieldsSelector])->select([
             'id',
             'uuid',
             'username',
@@ -373,7 +376,11 @@ class AuthKeycloakBehavior extends Behavior
             'Roles.uuid',
             'Organisations.name',
             'Organisations.uuid'
-        ])->disableHydration()->toArray();
+        ]);
+        if ($id) {
+            $query->where(['User.id' => $id]);
+        }
+        $results = $query->disableHydration()->toArray();
         foreach ($results as &$result) {
             if (!empty($result['meta_fields'])) {
                 $temp = [];
diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index e8781af..e7bcb1f 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -80,13 +80,6 @@ class UsersTable extends AppTable
         return $success;
     }
 
-    public function afterSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
-    {
-        if ($entity->isNew()) {
-            $this->handleUserUpdateRouter($entity);
-        }
-    }
-
     private function checkPermissionRestrictions(EntityInterface $entity)
     {
         if (!isset($this->PermissionLimitations)) {