onaio · dubdabasoduba · Oct 7, 2024 · Oct 7, 2024 · Oct 28, 2024 · Oct 28, 2024
diff --git a/importer/csv/setup/roles.csv b/importer/csv/setup/roles.csv
@@ -116,7 +116,7 @@ PUT_STRUCTUREMAP,,
 PUT_TASK,,
 WEB_CLIENT,,
 ANDROID_CLIENT,,
-EDIT_KEYCLOAK_USERS,TRUE,manage-users|query-users
-VIEW_KEYCLOAK_USERS,TRUE,view-users|query-users|query-groups
+EDIT_KEYCLOAK_USERS,TRUE,manage-users|query-users|query-groups
+VIEW_KEYCLOAK_USERS,TRUE,view-users|view-groups
 VIEW_USER_GROUPS,,
 VIEW_ROLES,,
diff --git a/importer/importer/users.py b/importer/importer/users.py
@@ -4,7 +4,7 @@
 import uuid
 
 from importer.builder import get_base_url
-from importer.config.settings import api_service, keycloak_url
+from importer.config.settings import api_service
 from importer.request import handle_request
 
 dir_path = str(pathlib.Path(__file__).parent.resolve())
@@ -260,21 +260,22 @@ def confirm_practitioner(user, user_id):
             return True, obj
 
 
-def create_roles(role_list, roles_max):
+def create_roles(role_list):
     for role in role_list:
         current_role = str(role[0])
+        _keycloak_url = get_keycloak_url()
         logging.debug("The current role is: " + current_role)
 
         # check if role already exists
         role_response = handle_request(
-            "GET", "", keycloak_url + "/roles/" + current_role
+            "GET", "", _keycloak_url + "/roles/" + current_role
         )
         logging.debug(role_response)
         if current_role in role_response[0]:
             logging.error("A role already exists with the name " + current_role)
         else:
             role_payload = '{"name": "' + current_role + '"}'
-            create_role = handle_request("POST", role_payload, keycloak_url + "/roles")
+            create_role = handle_request("POST", role_payload, _keycloak_url + "/roles")
             if create_role.status_code == 201:
                 logging.info("Successfully created role: " + current_role)
 
@@ -284,7 +285,7 @@ def create_roles(role_list, roles_max):
                 logging.debug("Role has composite roles")
                 # get roled id
                 full_role = handle_request(
-                    "GET", "", keycloak_url + "/roles/" + current_role
+                    "GET", "", _keycloak_url + "/roles/" + current_role
                 )
                 json_resp = json.loads(full_role[0])
                 role_id = json_resp["id"]
@@ -294,51 +295,45 @@ def create_roles(role_list, roles_max):
                 available_roles = handle_request(
                     "GET",
                     "",
-                    keycloak_url
-                    + "/admin-ui-available-roles/roles/"
-                    + role_id
-                    + "?first=0&max="
-                    + str(roles_max)
-                    + "&search=",
+                    _keycloak_url
+                    + "/roles-by-id/" + role_id
+                    + "/composites",
                 )
                 json_roles = json.loads(available_roles[0])
                 logging.debug("json_roles: " + str(json_roles))
 
                 rolesMap = {}
 
                 for jrole in json_roles:
-                    # remove client and clientId, then rename role to name
-                    # to build correct payload
-                    del jrole["client"]
-                    del jrole["clientId"]
-                    jrole["name"] = jrole["role"]
-                    del jrole["role"]
                     rolesMap[str(jrole["name"])] = jrole
 
                 associated_roles = str(role[2])
-                logging.debug("Associated roles: " + associated_roles)
                 associated_role_array = associated_roles.split("|")
                 arr = []
                 for arole in associated_role_array:
-                    if arole in rolesMap.keys():
-                        arr.append(rolesMap[arole])
+                    if arole not in rolesMap.keys():
+                        role_payload = '{"name": "' + arole + '"}'
+                        arr.append(role_payload)
                     else:
-                        logging.error("Role " + arole + "does not exist")
+                        logging.info("Role " + arole + " exists")
+
 
                 payload_arr = json.dumps(arr)
+                logging.info("Payload array: " + payload_arr)
                 handle_request(
                     "POST",
                     payload_arr,
-                    keycloak_url + "/roles-by-id/" + role_id + "/composites",
+                    _keycloak_url + "/roles-by-id/" + role_id + "/composites",
                 )
 
         except IndexError:
             pass
 
 
 def get_group_id(group):
+    _keycloak_url = get_keycloak_url()
     # check if group exists
-    all_groups = handle_request("GET", "", keycloak_url + "/groups")
+    all_groups = handle_request("GET", "", _keycloak_url + "/groups")
     json_groups = json.loads(all_groups[0])
     group_obj = {}
 
@@ -354,21 +349,21 @@ def get_group_id(group):
         logging.info("Group does not exists, lets create it")
         # create the group
         create_group_payload = '{"name":"' + group + '"}'
-        handle_request("POST", create_group_payload, keycloak_url + "/groups")
+        handle_request("POST", create_group_payload, _keycloak_url + "/groups")
         return get_group_id(group)
 
 
 def assign_group_roles(role_list, group, roles_max):
+    _keycloak_url = get_keycloak_url()
     group_id = get_group_id(group)
     logging.debug("The groupID is: " + group_id)
 
     # get available roles
     available_roles_for_group = handle_request(
         "GET",
         "",
-        keycloak_url
-        + "/groups/"
-        + group_id
+        _keycloak_url
+        + "/groups/" + group_id
         + "/role-mappings/realm/available?first=0&max="
         + str(roles_max),
     )
@@ -387,7 +382,7 @@ def assign_group_roles(role_list, group, roles_max):
     handle_request(
         "POST",
         json_assign_payload,
-        keycloak_url + "/groups/" + group_id + "/role-mappings/realm",
+        _keycloak_url + "/groups/" + group_id + "/role-mappings/realm",
     )
 
 

diff --git a/importer/main.py b/importer/main.py
@@ -194,7 +194,7 @@ def main(
             logging.info("Processing complete!")
         elif setup == "roles":
             logging.info("Setting up keycloak roles")
-            create_roles(resource_list, roles_max)
+            create_roles(resource_list)
             if group:
                 assign_group_roles(resource_list, group, roles_max)
             logging.info("Processing complete")