Initialize Role

.github/workflows/test.yml

@@ -91,7 +91,7 @@ jobs:
         working-directory: ../
 
       - name: Checkout specific commit to ensure reproducibility
-        run: git checkout bd6ce1bc64caaee29fe1fb4afb2785b705d57067
+        run: git checkout f156901098a55639ea8c9496d6c8b38ce1b1c8d7
         working-directory: ../shogun-docker
 
       - name: Set environment variables

shogun-boot/src/main/resources/db/migration/V0.14.0__Init_Role.sql

@@ -0,0 +1,75 @@
+CREATE TABLE IF NOT EXISTS shogun.roles (
+    id BIGINT PRIMARY KEY,
+    created TIMESTAMP WITHOUT TIME ZONE,
+    modified TIMESTAMP WITHOUT TIME ZONE,
+    auth_provider_id TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS shogun.roleclasspermissions (
+    id BIGINT PRIMARY KEY,
+    created TIMESTAMP WITHOUT TIME ZONE,
+    modified TIMESTAMP WITHOUT TIME ZONE,
+    class_name TEXT,
+    permission_id BIGINT NOT NULL REFERENCES shogun.permissions (id),
+    role_id BIGINT NOT NULL REFERENCES shogun.roles (id)
+);
+
+CREATE TABLE IF NOT EXISTS shogun.roleinstancepermissions (
+    id BIGINT PRIMARY KEY,
+    created TIMESTAMP WITHOUT TIME ZONE,
+    modified TIMESTAMP WITHOUT TIME ZONE,
+    entity_id bigint NOT NULL,
+    permission_id bigint NOT NULL REFERENCES shogun.permissions (id),
+    role_id BIGINT NOT NULL REFERENCES shogun.roles (id)
+);
+
+CREATE TABLE IF NOT EXISTS shogun_rev.roles_rev (
+    id BIGINT,
+    rev INTEGER REFERENCES shogun_rev.revinfo (rev),
+    revtype SMALLINT,
+    created TIMESTAMP WITHOUT TIME ZONE,
+    modified TIMESTAMP WITHOUT TIME ZONE,
+    auth_provider_id TEXT,
+    created_mod BOOLEAN,
+    modified_mod BOOLEAN,
+    auth_provider_id_mod BOOLEAN,
+    PRIMARY KEY (id, rev)
+);
+
+CREATE TABLE IF NOT EXISTS shogun_rev.roleclasspermissions_rev (
+    id BIGINT,
+    rev INTEGER REFERENCES shogun_rev.revinfo (rev),
+    revtype SMALLINT,
+    created TIMESTAMP WITHOUT TIME ZONE,
+    modified TIMESTAMP WITHOUT TIME ZONE,
+    class_name TEXT,
+    permission_id BIGINT,
+    role_id BIGINT,
+    created_mod BOOLEAN,
+    modified_mod BOOLEAN,
+    class_name_mod BOOLEAN,
+    permission_id_mod BOOLEAN,
+    permission_mod BOOLEAN,
+    role_id_mod BOOLEAN,
+    role_mod BOOLEAN,
+    PRIMARY KEY (id, rev)
+);
+
+CREATE TABLE IF NOT EXISTS shogun_rev.roleinstancepermissions_rev (
+    id BIGINT,
+    rev INTEGER REFERENCES shogun_rev.revinfo (rev),
+    revtype SMALLINT,
+    created TIMESTAMP WITHOUT TIME ZONE,
+    modified TIMESTAMP WITHOUT TIME ZONE,
+    entity_id BIGINT,
+    permission_id BIGINT,
+    role_id bigint,
+    created_mod BOOLEAN,
+    modified_mod BOOLEAN,
+    entity_id_mod BOOLEAN,
+    permission_id_mod BOOLEAN,
+    permission_mod BOOLEAN,
+    role_id_mod BOOLEAN,
+    role_mod BOOLEAN,
+    PRIMARY KEY (id, rev)
+);

shogun-config/src/main/resources/application-base.yml

@@ -137,6 +137,8 @@ controller:
     enabled: true
   resource:
     enabled: true
+  roles:
+    enabled: true
 
 upload:
   file:

shogun-lib/src/main/java/de/terrestris/shogun/lib/controller/BaseFileController.java

@@ -39,9 +39,6 @@
 @Log4j2
 public abstract class BaseFileController<T extends BaseFileService<?, S>, S extends File> extends BasePermissionController<T, S> {
 
-    @Value("${upload.basePath}")
-    protected String uploadBasePath;
-
     @GetMapping
     @ResponseStatus(HttpStatus.OK)
     public Page<S> findAll(@PageableDefault(Integer.MAX_VALUE) @ParameterObject Pageable pageable) {

shogun-lib/src/main/java/de/terrestris/shogun/lib/controller/RoleController.java

@@ -0,0 +1,35 @@
+/* SHOGun, https://terrestris.github.io/shogun/
+ *
+ * Copyright © 2024-present terrestris GmbH & Co. KG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0.txt
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.terrestris.shogun.lib.controller;
+
+import de.terrestris.shogun.lib.model.Role;
+import de.terrestris.shogun.lib.service.RoleService;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/roles")
+@ConditionalOnExpression("${controller.roles.enabled:true}")
+@Tag(
+    name = "Roles",
+    description = "The endpoints to manage roles"
+)
+@SecurityRequirement(name = "bearer-key")
+public class RoleController extends BaseController<RoleService, Role> { }

shogun-lib/src/main/java/de/terrestris/shogun/lib/controller/WebhookController.java

@@ -85,6 +85,21 @@ public void handleKeyCloakEvent(@RequestBody KeycloakEventDto event) {
                     ));
                 }
             }
+            case "REALM_ROLE" -> {
+                if (StringUtils.equals(eventType, "CREATE")) {
+                    applicationEventPublisher.publishEvent(new KeycloakEvent(
+                        this,
+                        KeycloakEventType.REALM_ROLE_CREATED,
+                        split[1]
+                    ));
+                } else if (StringUtils.equals(eventType, "DELETE")) {
+                    applicationEventPublisher.publishEvent(new KeycloakEvent(
+                        this,
+                        KeycloakEventType.REALM_ROLE_DELETED,
+                        split[1]
+                    ));
+                }
+            }
             case "REALM_ROLE_MAPPING", "CLIENT_ROLE_MAPPING" -> {
                 if (split[0].equals("users")) {
                     applicationEventPublisher.publishEvent(new KeycloakEvent(