Skip to content

ristekusdi/rbac-connector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
helpers.php
helpers.php
 
 

Repository files navigation

RBAC Connector

IMISSU2 RBAC Connector with Keycloak.

Requirements

  1. Your client type MUST BE confidential to get client secret.
  2. Enable Service Account in IMISSU2 to get data from RBAC Connector.
  3. Assign roles in Service Accounts tab in client page IMISSU2.

What is Service Account?

A service account is a special type of provider account (e.g. Google, Keycloak, etc) intended to represent a non-human user that needs to authenticate and be authorized to access data in provider APIs.

Setup

  1. Create file .env and set value of RBAC_CONNECTOR_HOST_URL, KEYCLOAK_CLIENT_ID, and KEYCLOAK_CLIENT_SECRET.
RBAC_CONNECTOR_HOST_URL=<imissu2-website>
KEYCLOAK_CLIENT_ID=<keycloak-client-id>
KEYCLOAK_CLIENT_SECRET=<keycloak-client-secret>
  1. Install package with command below.
composer require ristekusdi/rbac-connector

Common Use Cases

Here are common use cases that you need to use this package.

Get Users and Total Users

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * $users_raw return data type array of users with field id, firstName, lastName, email, username, and attributes.
 * 
 * Params: first, max, search, q. All parameters are optional
 * 
 * $start = pagination offset (default 0)
 * $max = maximum result size (default 10)
 * $search = you can search by firstName, lastName, email, and username
 * 
 * Values of parameter 'q' are:
 * - unud_user_type_id:1
 * - unud_user_type_id:2
 * - unud_user_type_id:3
 *
*/
$users_raw = (new Connector())->getUsers(array(
    'first' => $start,
    'max' => $length,
    'search' => $search,
    // key "q" is optional
    'q' => 'unud_user_type_id:2 unud_user_type_id:3'
));

/**
 * $total_users return data type integer
 * 
 * Parameters: search, q. All parameters are optional.
 * 
 * $search = you can search by firstName, lastName, email, and username
 * Values of parameter 'q' are:
 * - unud_user_type_id:1
 * - unud_user_type_id:2
 * - unud_user_type_id:3
 * 
*/
$total_users = (new Connector())->totalUsers(array(
    'search' => $search,
    // key "q" is optional
    'q' => 'unud_user_type_id:2 unud_user_type_id:3'
));

Store user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Store user
 * @param $data (user entity)
*/
(new Connector())->storeUser($data);

Show user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Show user by username
 * 
 * */
$user = (new Connector())->showUser($username);

Update user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Update user by username
 * @param $username, $data (user entity)
 * */
$user = (new Connector())->showUser($username, $data);

Assigned User to Client Role

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * 
 * Params: user_id, client_id, and roles. All parameters are required.
 * 
 * $user_id = id of user NOT id_sso
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $roles = array of role_name
 * 
*/
(new Connector())->syncAssignedUserClientRoles($user_id, $client_id, $roles);

Get client roles

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Get client roles.
 * 
 * @param $clientId string (required)
 * @param $roles array (optional)
 * 
 * Note: $roles array come from your DB app.
 * Example: $roles = ['Administrator', 'Mahasiswa', 'Dosen', 'Pegawai'];
 *
*/
(new Connector())->getClientRoles($clientId, $roles = array());

Create a role in a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Store role into client.
 * 
 * Parameters: client_id, role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $role_name = role name
 *
*/
(new Connector())->storeClientRole($client_id, $role_name);

Update role name in a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Update role name in a client.
 * 
 * Parameters: client_id, previous_role_name, current_role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $previous_role_name = previous role name
 * $current_role_name = current role name
 *
*/
(new Connector())->updateClientRoleName($client_id, $previous_role_name, $current_role_name);

Delete role from a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Delete role from client.
 * 
 * Parameters: client_id, role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $role_name = role name
 *
*/
(new Connector())->deleteClientRole($client_id, $role_name);

About

IMISSU2 RBAC Connector

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 10

v2.0.6 Latest
Dec 27, 2022
+ 9 releases

Packages

No packages published

Languages