fix: [keycloak] user enrollment now syncs permissions correctly

2024-04-09 12:42:43 +02:00 · 2024-04-09 12:42:43 +02:00 · 4657feaf6e
parent 91be9ddeda
commit 4657feaf6e
2 changed files with 10 additions and 10 deletions
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@ -199,6 +199,9 @@ class AuthKeycloakBehavior extends Behavior
                'model_title' => __('Successful Keycloak enrollment for user {0}', $user['username']),
                'changed' => $logChange
            ]);
+            $saved_user = $this->getCerebrateUsers($user['id']);
+            $clientId = $this->getClientId();
+            $this->syncUsers($saved_user, $clientId);
            $response = $this->restApiRequest(
                '%s/admin/realms/%s/users/' . urlencode($newUserId) . '/execute-actions-email',
                ['UPDATE_PASSWORD'],
@ -357,10 +360,10 @@ class AuthKeycloakBehavior extends Behavior
        return $keycloakUsersParsed;
    }

-    private function getCerebrateUsers(): array
+    private function getCerebrateUsers($id = null): array
    {
        $metaFieldsSelector = ['fields' => ['MetaFields.field', 'MetaFields.parent_id', 'MetaFields.value']];
-        $results = $this->_table->find()->contain(['Individuals', 'Organisations', 'Roles', 'MetaFields' => $metaFieldsSelector])->select([
+        $query = $this->_table->find()->contain(['Individuals', 'Organisations', 'Roles', 'MetaFields' => $metaFieldsSelector])->select([
            'id',
            'uuid',
            'username',
@ -373,7 +376,11 @@ class AuthKeycloakBehavior extends Behavior
            'Roles.uuid',
            'Organisations.name',
            'Organisations.uuid'
-        ])->disableHydration()->toArray();
+        ]);
+        if ($id) {
+            $query->where(['User.id' => $id]);
+        }
+        $results = $query->disableHydration()->toArray();
        foreach ($results as &$result) {
            if (!empty($result['meta_fields'])) {
                $temp = [];
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@ -80,13 +80,6 @@ class UsersTable extends AppTable
        return $success;
    }

-    public function afterSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
-    {
-        if ($entity->isNew()) {
-            $this->handleUserUpdateRouter($entity);
-        }
-    }
-
    private function checkPermissionRestrictions(EntityInterface $entity)
    {
        if (!isset($this->PermissionLimitations)) {