private void applyAuthorizationRules(RealmResource realm, User user, UserResource userResource) {
Set<String> desiredGroups = createDesiredGroupsSet(user.getSpec().getAuthorization());
List<GroupRepresentation> groups = realm.groups().groups();
Set<String> existingGroups = userResource.groups()
.stream()
.map(GroupRepresentation::getName)
.collect(Collectors.toSet());
log.info("Changing for user {} from {} to {}", user.getMetadata().getName(), existingGroups, desiredGroups);
Set<String> membershipsToRemove = new HashSet<>(existingGroups);
membershipsToRemove.removeAll(desiredGroups);
log.debug("Removing groups {} from user {}", membershipsToRemove, user.getMetadata().getName());
for (String group : membershipsToRemove) {
getGroupId(groups, group).ifPresent(userResource::leaveGroup);
}
Set<String> membershipsToAdd = new HashSet<>(desiredGroups);
membershipsToAdd.removeAll(existingGroups);
log.debug("Adding groups {} to user {}", membershipsToRemove, user.getMetadata().getName());
for (String group : membershipsToAdd) {
String groupId = createGroupIfNotExists(realm, group);
userResource.joinGroup(groupId);
}
}