diff --git a/lib/PiTube.pm b/lib/PiTube.pm
index 112864a444f37fa3049e48bd51a9e09bf4f98ce5..8160bcbd3edec89145aef777051b2c8e848194cc 100644
--- a/lib/PiTube.pm
+++ b/lib/PiTube.pm
@@ -55,8 +55,6 @@ sub startup {
return 0 if ! $c->session->{user};
my %user_roles = map { $_ => 1 } @{ $c->session->{user}{roles} };
- $role .= '@' . $cfg->{oauth2}{client_id} if $role !~ /\@/;
-
return exists $user_roles{$role} ? 1 : 0;
},
user_privs => sub {},
diff --git a/lib/PiTube/Controller/OAuth2.pm b/lib/PiTube/Controller/OAuth2.pm
index c680a82c5ad2ef8bd48264d010817a9aef14de3b..70d4db0a422eec22d2ae1aeea94eefb76a1f3fd6 100644
--- a/lib/PiTube/Controller/OAuth2.pm
+++ b/lib/PiTube/Controller/OAuth2.pm
@@ -9,9 +9,10 @@ sub callback {
# TODO: ERROR HANDLING
- $c->session->{refresh_token} = $token->refresh_token;
my $claims = $c->oauth_claims( $token->access_token );
+ $c->session->{refresh_token} = $token->refresh_token;
+
$c->session->{user} = {
uuid => $claims->{sub},
name => $claims->{name},
@@ -24,10 +25,11 @@ sub callback {
);
$user->set_token();
- $c->session->{user}{id} = $user->id;
- $c->session->{user}{token} = $user->token;
- $c->session->{user}{roles} = $c->oauth_roles($claims);
- $c->session->{user}{acl} = $c->schema->resultset('ACL')->user_acl(
+ $c->session->{user}{id} = $user->id;
+ $c->session->{user}{token} = $user->token;
+ $c->session->{user}{roles} = $c->oauth_roles($claims);
+ $c->session->{user}{groups} = $c->oauth_groups($claims);
+ $c->session->{user}{acl} = $c->schema->resultset('ACL')->user_acl(
$c->session->{user}
);
diff --git a/lib/PiTube/Helpers/OAuth2.pm b/lib/PiTube/Helpers/OAuth2.pm
index cca75a61fa3d0ac9d20dade9bcc28d601719aa55..6d385abcf67d579274ed69d461a9c83ee5a04c5c 100644
--- a/lib/PiTube/Helpers/OAuth2.pm
+++ b/lib/PiTube/Helpers/OAuth2.pm
@@ -8,6 +8,7 @@ use constant KEY_FORMAT => "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-
use base 'Mojolicious::Plugin';
use Mojo::JWT;
use Mojo::UserAgent;
+use YAML;
sub register {
my ($class, $self) = @_;
@@ -70,20 +71,29 @@ sub register {
my $c = shift;
my $claims = shift;
- my @roles = ();
+ return $claims->{resource_access}{$self->cfg->{oauth2}{client_id}}{roles};
+ });
- CLIENT:
- foreach my $client ( keys %{ $claims->{resource_access} } ) {
- ROLE:
- foreach my $role ( @{ $claims->{resource_access}{$client}{roles} } ) {
- push @roles, $role . '@' . $client;
- }
- }
+ $self->helper( oauth_groups => sub {
+ my $c = shift;
+ my $claims = shift;
- return \@roles;
+ return $claims->{groups} // [] ;
- });
+ # JEN Z DUVODU KOMPATIBLITY SE STARYM KEYCLOAK
+# my @groups = ();
+
+# CLIENT:
+# foreach my $client ( keys %{ $claims->{resource_access} } ) {
+# ROLE:
+# foreach my $role ( @{ $claims->{resource_access}{$client}{roles} } ) {
+# push @groups, $role . '@' . $client;
+# }
+# }
+# return \@groups;
+
+ });
}
1;