From 67c5a3aedb3d9b8726ac50933e0a3689d45f3fc6 Mon Sep 17 00:00:00 2001
From: Giuliano Mele <giuliano.mele@verdigado.com>
Date: Wed, 13 Nov 2024 15:02:59 +0100
Subject: [PATCH] Grant API-mapped team members admin privileges

---
 src/Security/KeycloakAuthenticator.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Security/KeycloakAuthenticator.php b/src/Security/KeycloakAuthenticator.php
index a9c13cf3..7cf8d3c7 100644
--- a/src/Security/KeycloakAuthenticator.php
+++ b/src/Security/KeycloakAuthenticator.php
@@ -204,6 +204,8 @@ private function persistUser(User $user, ResourceOwnerInterface $keycloakUser):
                     $teams = $this->syncApiGroups($keycloakUser);
                     foreach ($teams as $team) {
                         $user->addTeam($team);
+                        $team->addAdmin($user);
+                        $this->em->persist($team);
                     }
                     break;
             }
@@ -214,6 +216,10 @@ private function persistUser(User $user, ResourceOwnerInterface $keycloakUser):
         return $user;
     }
 
+    /**
+     * @param ResourceOwnerInterface $keycloakUser
+     * @return Collection<Team>
+     */
     private function syncApiGroups(ResourceOwnerInterface $keycloakUser): Collection {
         try {
             $userId = $keycloakUser->toArray()[$this->groupApiUserId];