Fixed roles removed from Keycloak that were still being listed in /se…

…ttings/roles
orthanc-team · Sep 20, 2024 · b1dc4f3 · b1dc4f3
1 parent 2891f9f
commit b1dc4f3
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/release-notes.md b/release-notes.md
@@ -9,6 +9,7 @@ Pending changes
 
 - Fixed typo in `KEYCLOAK_ADMIN_URI` that was not read correctly.
 - Fixed special characters that were not allowed in API keys.
+- Fixed roles removed from Keycloak that were still being listed in /settings/roles
 
 
 v 24.7.2

diff --git a/sources/orthanc_auth_service/app.py b/sources/orthanc_auth_service/app.py
@@ -80,6 +80,13 @@ def ingest_keycloak_roles(roles_config: RolesConfigurationModel):
         for keycloak_role in all_keycloak_roles:
             if keycloak_role not in roles_config.roles:
                 roles_configuration.get_configured_roles().roles[keycloak_role] = RolePermissions()
+
+        # keep only the roles that are defined in Keycloak:
+        roles_to_remove_from_json = set(roles_configuration.get_configured_roles().roles.keys()).difference(set(all_keycloak_roles))
+        for role in roles_to_remove_from_json:
+            logging.info(f"Role was configured but does not exist in Keycloak: {role}")
+            del roles_configuration.get_configured_roles().roles[role]
+
     else:
         logging.error(f"No Keycloack admin client defined, you probably should define KEYCLOAK_CLIENT_SECRET")
         raise HTTPException(status_code=404, detail="No Keycloack admin client defined, you probably should define KEYCLOAK_CLIENT_SECRET")