Keycloak enhancements

#90 — hide logout button option for Keycloak users #91 — control “add space” permission for newly sync’ed Keycloak users
2025-07-19 13:19:43 +02:00 · 2017-04-16 14:56:00 +01:00 · 2017-04-16 14:56:00 +01:00 · d9cdedad60
commit d9cdedad60
parent 6f98db5c29
5 changed files with 56 additions and 22 deletions
--- a/app/app/components/customize/auth-settings.js
+++ b/app/app/components/customize/auth-settings.js
@ -35,7 +35,9 @@ export default Ember.Component.extend(NotifierMixin, {
 		publicKey: '',
 		adminUser: '',
 		adminPassword: '',
-		group: ''
+		group: '',
+		disableLogout: false,
+		defaultPermissionAddSpace: false
 	},

 	didReceiveAttrs() {
@ -55,6 +57,8 @@ export default Ember.Component.extend(NotifierMixin, {
 				} else {
 					config = JSON.parse(config);
 					config.publicKey = encoding.Base64.decode(config.publicKey);
+					config.defaultPermissionAddSpace = config.hasOwnProperty('defaultPermissionAddSpace') ? config.defaultPermissionAddSpace : false;
+					config.disableLogout = config.hasOwnProperty('disableLogout') ? config.disableLogout : true;
 				}

 				this.set('keycloakConfig', config);
@ -113,6 +117,8 @@ export default Ember.Component.extend(NotifierMixin, {
 					config.group = is.undefined(config.group) ? '' : config.group.trim();
 					config.adminUser = config.adminUser.trim();
 					config.adminPassword = config.adminPassword.trim();
+					config.defaultPermissionAddSpace = config.hasOwnProperty('defaultPermissionAddSpace') ? config.defaultPermissionAddSpace : true;
+					config.disableLogout = config.hasOwnProperty('disableLogout') ? config.disableLogout : true;

 					if (is.endWith(config.url, '/')) {
 						config.url = config.url.substring(0, config.url.length-1);
--- a/app/app/components/layout/zone-navigation.js
+++ b/app/app/components/layout/zone-navigation.js
@ -11,6 +11,7 @@

 import Ember from 'ember';
 import netUtil from '../../utils/net';
+import constants from '../../utils/constants';
 import TooltipMixin from '../../mixins/tooltip';

 const {
@ -31,18 +32,25 @@ export default Ember.Component.extend(TooltipMixin, {
 	},
 	pinned: service(),
 	pins: [],
+	enableLogout: true,

 	init() {
 		this._super(...arguments);

-		if (this.get("session.authenticated")) {
-			this.get("session.session.content.authenticated.user.accounts").forEach((account) => {
+		if (this.get("session.authenticated") && this.get("session.user.id") !== '0') {
+			this.get("session.user.accounts").forEach((account) => {
 				// TODO: do not mutate account.active here
 				account.active = account.orgId === this.get("appMeta.orgId");
 			});
 		}

 		this.set('pins', this.get('pinned').get('pins'));
+
+		if (this.get('appMeta.authProvider') === constants.AuthProvider.Keycloak) {
+			let config = this.get('appMeta.authConfig');
+			config = JSON.parse(config);
+			this.set('enableLogout', !config.disableLogout);
+		}
 	},

 	didReceiveAttrs() {
@ -88,7 +96,7 @@ export default Ember.Component.extend(TooltipMixin, {
 		if (this.get('session.isAdmin')) {
 			this.addTooltip(document.getElementById("workspace-settings"));
 		}
-		if (this.get("session.authenticated")) {
+		if (this.get("session.authenticated") && this.get('enableLogout')) {
 			this.addTooltip(document.getElementById("workspace-logout"));
 		} else {
 			this.addTooltip(document.getElementById("workspace-login"));
--- a/app/app/templates/components/customize/auth-settings.hbs
+++ b/app/app/templates/components/customize/auth-settings.hbs
@ -50,6 +50,22 @@
            <div class="tip">Used to connect with Keycloak and sync users with Documize</div>
            {{input id="keycloak-admin-password" type="password" value=keycloakConfig.adminPassword class=(if KeycloakAdminPasswordError 'error')}}
        </div>
+        <div class="input-control">
+            <label>Disable Logout</label>
+            <div class="tip">Hide the logout button for Keycloak users</div>
+            <div class="checkbox">
+                {{input type="checkbox" checked=keycloakConfig.disableLogout}}
+                <label for="allowAnonymousAccess">Do not show logout button</label>
+            </div>            
+        </div>
+        <div class="input-control">
+            <label>Grant Add Space Permission</label>
+            <div class="tip">Determine if Keycloak sync'ed users permission to add new spaces</div>
+            <div class="checkbox">
+                {{input type="checkbox" checked=keycloakConfig.defaultPermissionAddSpace}}
+                <label for="allowAnonymousAccess">Can add spaces</label>
+            </div>            
+        </div>
    {{/if}}

    <div class="regular-button button-blue" {{action 'onSave'}}>save</div>
--- a/app/app/templates/components/layout/zone-navigation.hbs
+++ b/app/app/templates/components/layout/zone-navigation.hbs
@ -51,13 +51,15 @@
 					</div>
 	            {{/link-to}}
 			</li>
-			<li id="workspace-logout" data-tooltip="Logout" data-tooltip-position="right center">
-	            {{#link-to 'auth.logout'}}
-					<div class="round-button-mono button-white">
-		                <i class="material-icons icon-tool">exit_to_app</i>
-					</div>
-	            {{/link-to}}
-			</li>
+			{{#if enableLogout}}
+				<li id="workspace-logout" data-tooltip="Logout" data-tooltip-position="right center">
+					{{#link-to 'auth.logout'}}
+						<div class="round-button-mono button-white">
+							<i class="material-icons icon-tool">exit_to_app</i>
+						</div>
+					{{/link-to}}
+				</li>
+			{{/if}}
        {{else}}
 			<li id="workspace-login" data-tooltip="Login" data-tooltip-position="right center">
                {{#link-to 'auth.login'}}
--- a/core/api/endpoint/keycloak.go
+++ b/core/api/endpoint/keycloak.go
@ -122,7 +122,7 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
 		user.Salt = util.GenerateSalt()
 		user.Password = util.GeneratePassword(util.GenerateRandomPassword(), user.Salt)

-		err = addUser(p, &user)
+		err = addUser(p, &user, ac.DefaultPermissionAddSpace)
 		if err != nil {
 			writeServerError(w, method, err)
 			return
@ -256,7 +256,7 @@ func SyncKeycloak(w http.ResponseWriter, r *http.Request) {

 	// Insert new users into Documize
 	for _, u := range insert {
-		err = addUser(p, &u)
+		err = addUser(p, &u, c.DefaultPermissionAddSpace)
 	}

 	result.Message = fmt.Sprintf("Keycloak sync'ed %d users, %d new additions", len(kcUsers), len(insert))
@ -265,7 +265,7 @@ func SyncKeycloak(w http.ResponseWriter, r *http.Request) {
 }

 // Helper method to setup user account in Documize using Keycloak provided user data.
-func addUser(p request.Persister, u *entity.User) (err error) {
+func addUser(p request.Persister, u *entity.User, addSpace bool) (err error) {
 	// only create account if not dupe
 	addUser := true
 	addAccount := true
@ -312,7 +312,7 @@ func addUser(p request.Persister, u *entity.User) (err error) {
 		var a entity.Account
 		a.UserID = userID
 		a.OrgID = p.Context.OrgID
-		a.Editor = true
+		a.Editor = addSpace
 		a.Admin = false
 		accountID := util.UniqueID()
 		a.RefID = accountID
@ -483,13 +483,15 @@ type keycloakAuthRequest struct {

 // Keycloak server configuration
 type keycloakConfig struct {
-	URL           string `json:"url"`
-	Realm         string `json:"realm"`
-	ClientID      string `json:"clientId"`
-	PublicKey     string `json:"publicKey"`
-	AdminUser     string `json:"adminUser"`
-	AdminPassword string `json:"adminPassword"`
-	Group         string `json:"group"`
+	URL                       string `json:"url"`
+	Realm                     string `json:"realm"`
+	ClientID                  string `json:"clientId"`
+	PublicKey                 string `json:"publicKey"`
+	AdminUser                 string `json:"adminUser"`
+	AdminPassword             string `json:"adminPassword"`
+	Group                     string `json:"group"`
+	DisableLogout             bool   `json:"disableLogout"`
+	DefaultPermissionAddSpace bool   `json:"defaultPermissionAddSpace"`
 }

 // keycloakAPIAuth is returned when authenticating with Keycloak REST API.