ristekusdi/connector

This package is abandoned and no longer maintained. The author suggests using the ristekusdi/rbac-connector package instead.

IMISSU2 RBAC Connector

Maintainers

Details

github.com/ristekusdi/rbac-connector

Source

Issues

Installs: 15

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

v2.0.6 2022-12-27 07:36 UTC

Requires

  • php: ^7.2.5|^8.0.2

MIT 6bd36a5c20045a75f515970cda63993020ed0ab3

  • Riset dan Teknologi USDI <usdi.woop@unud.ac.id>

This package is auto-updated.

Last update: 2022-12-27 07:36:40 UTC

README

IMISSU2 RBAC Connector with Keycloak.

Requirements

  1. Your client type MUST BE confidential to get client secret.
  2. Enable Service Account in IMISSU2 to get data from RBAC Connector.
  3. Assign roles in Service Accounts tab in client page IMISSU2.

What is Service Account?

A service account is a special type of provider account (e.g. Google, Keycloak, etc) intended to represent a non-human user that needs to authenticate and be authorized to access data in provider APIs.

Setup

  1. Create file .env and set value of RBAC_CONNECTOR_HOST_URL, KEYCLOAK_CLIENT_ID, and KEYCLOAK_CLIENT_SECRET.
RBAC_CONNECTOR_HOST_URL=<imissu2-website>
KEYCLOAK_CLIENT_ID=<keycloak-client-id>
KEYCLOAK_CLIENT_SECRET=<keycloak-client-secret>
  1. Install package with command below.
composer require ristekusdi/rbac-connector

Common Use Cases

Here are common use cases that you need to use this package.

Get Users and Total Users

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * $users_raw return data type array of users with field id, firstName, lastName, email, username, and attributes.
 * 
 * Params: first, max, search, q. All parameters are optional
 * 
 * $start = pagination offset (default 0)
 * $max = maximum result size (default 10)
 * $search = you can search by firstName, lastName, email, and username
 * 
 * Values of parameter 'q' are:
 * - unud_user_type_id:1
 * - unud_user_type_id:2
 * - unud_user_type_id:3
 *
*/
$users_raw = (new Connector())->getUsers(array(
    'first' => $start,
    'max' => $length,
    'search' => $search,
    // key "q" is optional
    'q' => 'unud_user_type_id:2 unud_user_type_id:3'
));

/**
 * $total_users return data type integer
 * 
 * Parameters: search, q. All parameters are optional.
 * 
 * $search = you can search by firstName, lastName, email, and username
 * Values of parameter 'q' are:
 * - unud_user_type_id:1
 * - unud_user_type_id:2
 * - unud_user_type_id:3
 * 
*/
$total_users = (new Connector())->totalUsers(array(
    'search' => $search,
    // key "q" is optional
    'q' => 'unud_user_type_id:2 unud_user_type_id:3'
));

Store user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Store user
 * @param $data (user entity)
*/
(new Connector())->storeUser($data);

Show user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Show user by username
 * 
 * */
$user = (new Connector())->showUser($username);

Update user

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Update user by username
 * @param $username, $data (user entity)
 * */
$user = (new Connector())->showUser($username, $data);

Assigned User to Client Role

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * 
 * Params: user_id, client_id, and roles. All parameters are required.
 * 
 * $user_id = id of user NOT id_sso
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $roles = array of role_name
 * 
*/
(new Connector())->syncAssignedUserClientRoles($user_id, $client_id, $roles);

Get client roles

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Get client roles.
 * 
 * @param $clientId string (required)
 * @param $roles array (optional)
 * 
 * Note: $roles array come from your DB app.
 * Example: $roles = ['Administrator', 'Mahasiswa', 'Dosen', 'Pegawai'];
 *
*/
(new Connector())->getClientRoles($clientId, $roles = array());

Create a role in a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Store role into client.
 * 
 * Parameters: client_id, role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $role_name = role name
 *
*/
(new Connector())->storeClientRole($client_id, $role_name);

Update role name in a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Update role name in a client.
 * 
 * Parameters: client_id, previous_role_name, current_role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $previous_role_name = previous role name
 * $current_role_name = current role name
 *
*/
(new Connector())->updateClientRoleName($client_id, $previous_role_name, $current_role_name);

Delete role from a client

<?php

use RistekUSDI\RBAC\Connector\Connector;

/**
 * Delete role from client.
 * 
 * Parameters: client_id, role_name. All parameters are required.
 * 
 * $client_id = client_id from value $_SERVER['KEYCLOAK_CLIENT_ID'] or config('sso.client_id')
 * $role_name = role name
 *
*/
(new Connector())->deleteClientRole($client_id, $role_name);