From 04d76b005262abcc300297cfad7b3b720a4370c3 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Wed, 20 Apr 2016 09:09:58 +0200 Subject: [PATCH] KEYCLOAK-2491 Fix permissions in admin console to match permissions in admin endpoints --- .../admin/AttackDetectionResource.java | 5 +- .../AuthenticationManagementResource.java | 77 ++++++++++++------- .../ClientAttributeCertificateResource.java | 7 ++ .../admin/ClientInitialAccessResource.java | 4 + .../resources/admin/ClientResource.java | 12 +++ .../admin/ClientTemplateResource.java | 2 + .../admin/ClientTemplatesResource.java | 2 +- .../resources/admin/GroupsResource.java | 9 ++- .../admin/ProtocolMappersResource.java | 15 +++- .../resources/admin/RealmAdminResource.java | 31 +++++++- .../resources/admin/RoleByIdResource.java | 25 ++++-- .../admin/UserFederationProviderResource.java | 15 +++- .../UserFederationProvidersResource.java | 4 + .../resources/admin/UsersResource.java | 9 +++ .../testsuite/admin/ImpersonationTest.java | 7 ++ .../admin/resources/js/controllers/realm.js | 9 +++ .../partials/client-initial-access.html | 2 +- .../admin/resources/partials/client-list.html | 2 +- .../resources/partials/client-mappers.html | 2 +- .../resources/partials/client-revocation.html | 2 +- .../resources/partials/client-role-list.html | 2 +- .../identity-provider-mapper-detail.html | 8 +- .../partials/identity-provider-mappers.html | 2 +- .../partials/protocol-mapper-detail.html | 8 +- .../realm-identity-provider-oidc.html | 2 +- .../realm-identity-provider-saml.html | 2 +- .../realm-identity-provider-social.html | 2 +- .../partials/realm-identity-provider.html | 4 +- .../admin/resources/partials/user-detail.html | 2 +- .../admin/resources/templates/kc-menu.html | 4 +- .../templates/kc-tabs-group-list.html | 2 +- .../resources/templates/kc-tabs-realm.html | 2 +- 32 files changed, 206 insertions(+), 75 deletions(-) diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java index 432aae15f4..0ade972527 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java @@ -80,7 +80,8 @@ public class AttackDetectionResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public Map bruteForceUserStatus(@PathParam("username") String username) { - auth.hasView(); + auth.requireView(); + Map data = new HashMap<>(); data.put("disabled", false); data.put("numFailures", 0); @@ -110,6 +111,7 @@ public class AttackDetectionResource { @DELETE public void clearBruteForceForUser(@PathParam("username") String username) { auth.requireManage(); + UsernameLoginFailureModel model = session.sessions().getUserLoginFailure(realm, username.toLowerCase()); if (model != null) { session.sessions().removeUserLoginFailure(realm, username); @@ -127,6 +129,7 @@ public class AttackDetectionResource { @DELETE public void clearAllBruteForce() { auth.requireManage(); + session.sessions().removeAllUserLoginFailures(realm); adminEvent.operation(OperationType.DELETE).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java index 1e42aad8bf..a0034e90af 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java @@ -101,7 +101,8 @@ public class AuthenticationManagementResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public List> getFormProviders() { - this.auth.requireView(); + auth.requireView(); + List factories = session.getKeycloakSessionFactory().getProviderFactories(FormAuthenticator.class); return buildProviderMetadata(factories); } @@ -116,7 +117,8 @@ public class AuthenticationManagementResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public List> getAuthenticatorProviders() { - this.auth.requireView(); + auth.requireView(); + List factories = session.getKeycloakSessionFactory().getProviderFactories(Authenticator.class); return buildProviderMetadata(factories); } @@ -131,7 +133,8 @@ public class AuthenticationManagementResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public List> getClientAuthenticatorProviders() { - this.auth.requireView(); + auth.requireAny(); + List factories = session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class); return buildProviderMetadata(factories); } @@ -160,7 +163,8 @@ public class AuthenticationManagementResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public List> getFormActionProviders() { - this.auth.requireView(); + auth.requireView(); + List factories = session.getKeycloakSessionFactory().getProviderFactories(FormAction.class); return buildProviderMetadata(factories); } @@ -176,7 +180,8 @@ public class AuthenticationManagementResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public List getFlows() { - this.auth.requireView(); + auth.requireAny(); + List flows = new LinkedList<>(); for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) { if (flow.isTopLevel()) { @@ -197,7 +202,7 @@ public class AuthenticationManagementResource { @NoCache @Consumes(MediaType.APPLICATION_JSON) public Response createFlow(AuthenticationFlowRepresentation flow) { - this.auth.requireManage(); + auth.requireManage(); if (flow.getAlias() == null || flow.getAlias().isEmpty()) { return ErrorResponse.exists("Failed to create flow with empty alias name"); @@ -222,7 +227,7 @@ public class AuthenticationManagementResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public AuthenticationFlowRepresentation getFlow(@PathParam("id") String id) { - this.auth.requireView(); + auth.requireView(); AuthenticationFlowModel flow = realm.getAuthenticationFlowById(id); if (flow == null) { @@ -240,7 +245,7 @@ public class AuthenticationManagementResource { @DELETE @NoCache public void deleteFlow(@PathParam("id") String id) { - this.auth.requireView(); + auth.requireManage(); AuthenticationFlowModel flow = realm.getAuthenticationFlowById(id); if (flow == null) { @@ -273,7 +278,7 @@ public class AuthenticationManagementResource { @NoCache @Consumes(MediaType.APPLICATION_JSON) public Response copy(@PathParam("flowAlias") String flowAlias, Map data) { - this.auth.requireManage(); + auth.requireManage(); String newName = data.get("newName"); if (realm.getFlowByAlias(newName) != null) { @@ -329,7 +334,7 @@ public class AuthenticationManagementResource { @NoCache @Consumes(MediaType.APPLICATION_JSON) public void addExecutionFlow(@PathParam("flowAlias") String flowAlias, Map data) { - this.auth.requireManage(); + auth.requireManage(); AuthenticationFlowModel parentFlow = realm.getFlowByAlias(flowAlias); if (parentFlow == null) { @@ -377,7 +382,7 @@ public class AuthenticationManagementResource { @NoCache @Consumes(MediaType.APPLICATION_JSON) public void addExecution(@PathParam("flowAlias") String flowAlias, Map data) { - this.auth.requireManage(); + auth.requireManage(); AuthenticationFlowModel parentFlow = realm.getFlowByAlias(flowAlias); if (parentFlow == null) { @@ -419,7 +424,7 @@ public class AuthenticationManagementResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public Response getExecutions(@PathParam("flowAlias") String flowAlias) { - this.auth.requireView(); + auth.requireView(); AuthenticationFlowModel flow = realm.getFlowByAlias(flowAlias); if (flow == null) { @@ -495,7 +500,7 @@ public class AuthenticationManagementResource { @NoCache @Consumes(MediaType.APPLICATION_JSON) public void updateExecutions(@PathParam("flowAlias") String flowAlias, AuthenticationExecutionInfoRepresentation rep) { - this.auth.requireManage(); + auth.requireManage(); AuthenticationFlowModel flow = realm.getFlowByAlias(flowAlias); if (flow == null) { @@ -525,7 +530,8 @@ public class AuthenticationManagementResource { @NoCache @Consumes(MediaType.APPLICATION_JSON) public Response addExecution(AuthenticationExecutionRepresentation execution) { - this.auth.requireManage(); + auth.requireManage(); + AuthenticationExecutionModel model = RepresentationToModel.toModel(realm, execution); AuthenticationFlowModel parentFlow = getParentFlow(model); if (parentFlow.isBuiltIn()) { @@ -557,7 +563,7 @@ public class AuthenticationManagementResource { @POST @NoCache public void raisePriority(@PathParam("executionId") String execution) { - this.auth.requireManage(); + auth.requireManage(); AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution); if (model == null) { @@ -601,7 +607,7 @@ public class AuthenticationManagementResource { @POST @NoCache public void lowerPriority(@PathParam("executionId") String execution) { - this.auth.requireManage(); + auth.requireManage(); AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution); if (model == null) { @@ -639,7 +645,7 @@ public class AuthenticationManagementResource { @DELETE @NoCache public void removeExecution(@PathParam("executionId") String execution) { - this.auth.requireManage(); + auth.requireManage(); AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution); if (model == null) { @@ -673,7 +679,7 @@ public class AuthenticationManagementResource { @NoCache @Consumes(MediaType.APPLICATION_JSON) public Response newExecutionConfig(@PathParam("executionId") String execution, AuthenticatorConfigRepresentation json) { - this.auth.requireManage(); + auth.requireManage(); AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution); if (model == null) { @@ -699,7 +705,8 @@ public class AuthenticationManagementResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public AuthenticatorConfigRepresentation getAuthenticatorConfig(@PathParam("executionId") String execution,@PathParam("id") String id) { - this.auth.requireView(); + auth.requireView(); + AuthenticatorConfigModel config = realm.getAuthenticatorConfigById(id); if (config == null) { throw new NotFoundException("Could not find authenticator config"); @@ -718,6 +725,8 @@ public class AuthenticationManagementResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public List> getUnregisteredRequiredActions() { + auth.requireManage(); + List factories = session.getKeycloakSessionFactory().getProviderFactories(RequiredActionProvider.class); List> unregisteredList = new LinkedList<>(); for (ProviderFactory factory : factories) { @@ -750,6 +759,8 @@ public class AuthenticationManagementResource { @Consumes(MediaType.APPLICATION_JSON) @NoCache public void registereRequiredAction(Map data) { + auth.requireManage(); + String providerId = data.get("providerId"); String name = data.get("name"); RequiredActionProviderModel requiredAction = new RequiredActionProviderModel(); @@ -772,6 +783,8 @@ public class AuthenticationManagementResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public List getRequiredActions() { + auth.requireAny(); + List list = new LinkedList<>(); for (RequiredActionProviderModel model : realm.getRequiredActionProviders()) { RequiredActionProviderRepresentation rep = toRepresentation(model); @@ -799,6 +812,8 @@ public class AuthenticationManagementResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public RequiredActionProviderRepresentation getRequiredAction(@PathParam("alias") String alias) { + auth.requireView(); + RequiredActionProviderModel model = realm.getRequiredActionProviderByAlias(alias); if (model == null) { throw new NotFoundException("Failed to find required action"); @@ -817,7 +832,8 @@ public class AuthenticationManagementResource { @PUT @Consumes(MediaType.APPLICATION_JSON) public void updateRequiredAction(@PathParam("alias") String alias, RequiredActionProviderRepresentation rep) { - this.auth.requireManage(); + auth.requireManage(); + RequiredActionProviderModel model = realm.getRequiredActionProviderByAlias(alias); if (model == null) { throw new NotFoundException("Failed to find required action"); @@ -840,7 +856,8 @@ public class AuthenticationManagementResource { @Path("required-actions/{alias}") @DELETE public void updateRequiredAction(@PathParam("alias") String alias) { - this.auth.requireManage(); + auth.requireManage(); + RequiredActionProviderModel model = realm.getRequiredActionProviderByAlias(alias); if (model == null) { throw new NotFoundException("Failed to find required action."); @@ -856,7 +873,8 @@ public class AuthenticationManagementResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public AuthenticatorConfigInfoRepresentation getAuthenticatorConfigDescription(@PathParam("providerId") String providerId) { - this.auth.requireView(); + auth.requireView(); + ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId); if (factory == null) { throw new NotFoundException("Could not find authenticator provider"); @@ -892,7 +910,8 @@ public class AuthenticationManagementResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public Map> getPerClientConfigDescription() { - this.auth.requireView(); + auth.requireAny(); + List factories = session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class); Map> toReturn = new HashMap<>(); @@ -921,7 +940,8 @@ public class AuthenticationManagementResource { @POST @NoCache public Response createAuthenticatorConfig(AuthenticatorConfigRepresentation rep) { - this.auth.requireManage(); + auth.requireManage(); + AuthenticatorConfigModel config = realm.addAuthenticatorConfig(RepresentationToModel.toModel(rep)); return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build(); } @@ -935,7 +955,8 @@ public class AuthenticationManagementResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public AuthenticatorConfigRepresentation getAuthenticatorConfig(@PathParam("id") String id) { - this.auth.requireView(); + auth.requireView(); + AuthenticatorConfigModel config = realm.getAuthenticatorConfigById(id); if (config == null) { throw new NotFoundException("Could not find authenticator config"); @@ -952,7 +973,8 @@ public class AuthenticationManagementResource { @DELETE @NoCache public void removeAuthenticatorConfig(@PathParam("id") String id) { - this.auth.requireManage(); + auth.requireManage(); + AuthenticatorConfigModel config = realm.getAuthenticatorConfigById(id); if (config == null) { throw new NotFoundException("Could not find authenticator config"); @@ -981,7 +1003,8 @@ public class AuthenticationManagementResource { @Consumes(MediaType.APPLICATION_JSON) @NoCache public void updateAuthenticatorConfig(@PathParam("id") String id, AuthenticatorConfigRepresentation rep) { - this.auth.requireManage(); + auth.requireManage(); + AuthenticatorConfigModel exists = realm.getAuthenticatorConfigById(id); if (exists == null) { throw new NotFoundException("Could not find authenticator config"); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java index bea79a018a..09186f1867 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java @@ -91,6 +91,8 @@ public class ClientAttributeCertificateResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public CertificateRepresentation getKeyInfo() { + auth.requireView(); + CertificateRepresentation info = new CertificateRepresentation(); info.setCertificate(client.getAttribute(certificateAttribute)); info.setPrivateKey(client.getAttribute(privateAttribute)); @@ -132,6 +134,8 @@ public class ClientAttributeCertificateResource { @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) public CertificateRepresentation uploadJks(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException { + auth.requireManage(); + CertificateRepresentation info = getCertFromRequest(uriInfo, input); if (info.getPrivateKey() != null) { @@ -163,6 +167,8 @@ public class ClientAttributeCertificateResource { @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) public CertificateRepresentation uploadJksCertificate(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException { + auth.requireManage(); + CertificateRepresentation info = getCertFromRequest(uriInfo, input); if (info.getCertificate() != null) { @@ -239,6 +245,7 @@ public class ClientAttributeCertificateResource { @Consumes(MediaType.APPLICATION_JSON) public byte[] getKeystore(final KeyStoreConfig config) { auth.requireView(); + if (config.getFormat() != null && !config.getFormat().equals("JKS") && !config.getFormat().equals("PKCS12")) { throw new NotAcceptableException("Only support jks or pkcs12 format."); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java index 3be39f829e..ff766d6174 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java @@ -91,6 +91,8 @@ public class ClientInitialAccessResource { @GET @Produces(MediaType.APPLICATION_JSON) public List list() { + auth.requireView(); + List models = session.sessions().listClientInitialAccess(realm); List reps = new LinkedList<>(); for (ClientInitialAccessModel m : models) { @@ -103,6 +105,8 @@ public class ClientInitialAccessResource { @DELETE @Path("{id}") public void delete(final @PathParam("id") String id) { + auth.requireManage(); + session.sessions().removeClientInitialAccessModel(realm, id); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index 09c3deec81..2d83e84ebe 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -147,6 +147,7 @@ public class ClientResource { @Produces(MediaType.APPLICATION_JSON) public ClientRepresentation getClient() { auth.requireView(); + return ModelToRepresentation.toRepresentation(client); } @@ -165,6 +166,8 @@ public class ClientResource { @NoCache @Path("installation/providers/{providerId}") public Response getInstallationProvider(@PathParam("providerId") String providerId) { + auth.requireView(); + ClientInstallationProvider provider = session.getProvider(ClientInstallationProvider.class, providerId); if (provider == null) throw new NotFoundException("Unknown Provider"); return provider.generateInstallation(session, realm, client, keycloak.getBaseUri(uriInfo)); @@ -178,6 +181,7 @@ public class ClientResource { @NoCache public void deleteClient() { auth.requireManage(); + new ClientManager(new RealmManager(session)).removeClient(realm, client); adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); } @@ -290,6 +294,7 @@ public class ClientResource { @POST public GlobalRequestResult pushRevocation() { auth.requireManage(); + adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); return new ResourceAdminManager(session).pushClientRevocationPolicy(uriInfo.getRequestUri(), realm, client); @@ -312,6 +317,7 @@ public class ClientResource { @Produces(MediaType.APPLICATION_JSON) public Map getApplicationSessionCount() { auth.requireView(); + Map map = new HashMap<>(); map.put("count", session.sessions().getActiveUserSessions(client.getRealm(), client)); return map; @@ -332,6 +338,7 @@ public class ClientResource { @Produces(MediaType.APPLICATION_JSON) public List getUserSessions(@QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults) { auth.requireView(); + firstResult = firstResult != null ? firstResult : -1; maxResults = maxResults != null ? maxResults : -1; List sessions = new ArrayList(); @@ -359,6 +366,7 @@ public class ClientResource { @Produces(MediaType.APPLICATION_JSON) public Map getOfflineSessionCount() { auth.requireView(); + Map map = new HashMap<>(); map.put("count", session.sessions().getOfflineSessionsCount(client.getRealm(), client)); return map; @@ -379,6 +387,7 @@ public class ClientResource { @Produces(MediaType.APPLICATION_JSON) public List getOfflineUserSessions(@QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults) { auth.requireView(); + firstResult = firstResult != null ? firstResult : -1; maxResults = maxResults != null ? maxResults : -1; List sessions = new ArrayList(); @@ -412,6 +421,7 @@ public class ClientResource { @Consumes(MediaType.APPLICATION_JSON) public void registerNode(Map formParams) { auth.requireManage(); + String node = formParams.get("node"); if (node == null) { throw new BadRequestException("Node not found in params"); @@ -431,6 +441,7 @@ public class ClientResource { @NoCache public void unregisterNode(final @PathParam("node") String node) { auth.requireManage(); + if (logger.isDebugEnabled()) logger.debug("Unregister node: " + node); Integer time = client.getRegisteredNodes().get(node); @@ -453,6 +464,7 @@ public class ClientResource { @NoCache public GlobalRequestResult testNodesAvailable() { auth.requireManage(); + logger.debug("Test availability of cluster nodes"); adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); return new ResourceAdminManager(session).testNodesAvailability(uriInfo.getRequestUri(), realm, client); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java index 9acca03a3d..768bf1a748 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java @@ -123,6 +123,7 @@ public class ClientTemplateResource { @Produces(MediaType.APPLICATION_JSON) public ClientTemplateRepresentation getClient() { auth.requireView(); + return ModelToRepresentation.toRepresentation(template); } @@ -134,6 +135,7 @@ public class ClientTemplateResource { @NoCache public void deleteClientTemplate() { auth.requireManage(); + realm.removeClientTemplate(template.getId()); adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java index 429ba5e56e..36e01791a8 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java @@ -75,7 +75,7 @@ public class ClientTemplatesResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public List getClientTemplates() { - auth.requireAny(); + auth.requireView(); List rep = new ArrayList<>(); List clientModels = realm.getClientTemplates(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java index fb0b104e5d..39e3d4ad73 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java @@ -69,7 +69,8 @@ public class GroupsResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public List getGroups() { - this.auth.requireView(); + auth.requireView(); + return ModelToRepresentation.toGroupHierarchy(realm, false); } @@ -81,7 +82,8 @@ public class GroupsResource { */ @Path("{id}") public GroupResource getGroupById(@PathParam("id") String id) { - this.auth.requireView(); + auth.requireView(); + GroupModel group = realm.getGroupById(id); if (group == null) { throw new NotFoundException("Could not find group by id"); @@ -101,7 +103,8 @@ public class GroupsResource { @POST @Consumes(MediaType.APPLICATION_JSON) public Response addTopLevelGroup(GroupRepresentation rep) { - this.auth.requireManage(); + auth.requireManage(); + GroupModel child = null; Response.ResponseBuilder builder = Response.status(204); if (rep.getId() != null) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java index b673d83079..9e2470b973 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java @@ -28,6 +28,7 @@ import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.services.ErrorResponse; import org.keycloak.services.ServicesLogger; +import org.keycloak.services.resources.admin.RealmAuth.Resource; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -71,7 +72,7 @@ public class ProtocolMappersResource { this.client = client; this.adminEvent = adminEvent; - auth.init(RealmAuth.Resource.USER); + auth.init(Resource.CLIENT); } /** @@ -85,7 +86,8 @@ public class ProtocolMappersResource { @Path("protocol/{protocol}") @Produces(MediaType.APPLICATION_JSON) public List getMappersPerProtocol(@PathParam("protocol") String protocol) { - auth.requireView(); + auth.requireAny(); + List mappers = new LinkedList(); for (ProtocolMapperModel mapper : client.getProtocolMappers()) { if (mapper.getProtocol().equals(protocol)) mappers.add(ModelToRepresentation.toRepresentation(mapper)); @@ -127,6 +129,7 @@ public class ProtocolMappersResource { @Consumes(MediaType.APPLICATION_JSON) public void createMapper(List reps) { auth.requireManage(); + ProtocolMapperModel model = null; for (ProtocolMapperRepresentation rep : reps) { model = RepresentationToModel.toModel(rep); @@ -145,7 +148,8 @@ public class ProtocolMappersResource { @Path("models") @Produces(MediaType.APPLICATION_JSON) public List getMappers() { - auth.requireView(); + auth.requireAny(); + List mappers = new LinkedList(); for (ProtocolMapperModel mapper : client.getProtocolMappers()) { mappers.add(ModelToRepresentation.toRepresentation(mapper)); @@ -164,7 +168,8 @@ public class ProtocolMappersResource { @Path("models/{id}") @Produces(MediaType.APPLICATION_JSON) public ProtocolMapperRepresentation getMapperById(@PathParam("id") String id) { - auth.requireView(); + auth.requireAny(); + ProtocolMapperModel model = client.getProtocolMapperById(id); if (model == null) throw new NotFoundException("Model not found"); return ModelToRepresentation.toRepresentation(model); @@ -182,6 +187,7 @@ public class ProtocolMappersResource { @Consumes(MediaType.APPLICATION_JSON) public void update(@PathParam("id") String id, ProtocolMapperRepresentation rep) { auth.requireManage(); + ProtocolMapperModel model = client.getProtocolMapperById(id); if (model == null) throw new NotFoundException("Model not found"); model = RepresentationToModel.toModel(rep); @@ -199,6 +205,7 @@ public class ProtocolMappersResource { @Path("models/{id}") public void delete(@PathParam("id") String id) { auth.requireManage(); + ProtocolMapperModel model = client.getProtocolMapperById(id); if (model == null) throw new NotFoundException("Model not found"); client.removeProtocolMapper(model); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index 058b6e4c46..67bd7a3f23 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -54,6 +54,7 @@ import org.keycloak.representations.idm.AdminEventRepresentation; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.GroupRepresentation; +import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.PartialImportRepresentation; import org.keycloak.representations.idm.RealmEventsConfigRepresentation; import org.keycloak.representations.idm.RealmRepresentation; @@ -64,6 +65,7 @@ import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.ServicesLogger; import org.keycloak.services.managers.UsersSyncManager; import org.keycloak.services.ErrorResponse; +import org.keycloak.services.resources.admin.RealmAuth.Resource; import org.keycloak.timer.TimerProvider; import javax.ws.rs.Consumes; @@ -127,6 +129,7 @@ public class RealmAdminResource { this.adminEvent = adminEvent.realm(realm); auth.init(RealmAuth.Resource.REALM); + auth.requireAny(); } /** @@ -139,6 +142,8 @@ public class RealmAdminResource { @POST @Produces(MediaType.APPLICATION_JSON) public ClientRepresentation convertClientDescription(String description) { + auth.requireManage(); + for (ProviderFactory factory : session.getKeycloakSessionFactory().getProviderFactories(ClientDescriptionConverter.class)) { if (((ClientDescriptionConverterFactory) factory).isSupported(description)) { return factory.create(session).convertToInternal(description); @@ -224,6 +229,13 @@ public class RealmAdminResource { RealmRepresentation rep = new RealmRepresentation(); rep.setRealm(realm.getName()); + + if (auth.init(Resource.IDENTITY_PROVIDER).hasView()) { + RealmRepresentation r = ModelToRepresentation.toRepresentation(realm, false); + rep.setIdentityProviders(r.getIdentityProviders()); + rep.setIdentityProviderMappers(r.getIdentityProviderMappers()); + } + return rep; } } @@ -337,6 +349,7 @@ public class RealmAdminResource { @POST public GlobalRequestResult pushRevocation() { auth.requireManage(); + adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); return new ResourceAdminManager(session).pushRealmRevocationPolicy(uriInfo.getRequestUri(), realm); } @@ -350,6 +363,7 @@ public class RealmAdminResource { @POST public GlobalRequestResult logoutAll() { auth.init(RealmAuth.Resource.USER).requireManage(); + session.sessions().removeUserSessions(realm); adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); return new ResourceAdminManager(session).logoutAll(uriInfo.getRequestUri(), realm); @@ -365,6 +379,7 @@ public class RealmAdminResource { @DELETE public void deleteSession(@PathParam("session") String sessionId) { auth.init(RealmAuth.Resource.USER).requireManage(); + UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId); if (userSession == null) throw new NotFoundException("Sesssion not found"); AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, connection, headers, true); @@ -386,6 +401,7 @@ public class RealmAdminResource { @Produces(MediaType.APPLICATION_JSON) public List> getClientSessionStats() { auth.requireView(); + List> data = new LinkedList>(); for (ClientModel client : realm.getClients()) { long size = session.sessions().getActiveUserSessions(client.getRealm(), client); @@ -691,7 +707,8 @@ public class RealmAdminResource { @Produces(MediaType.APPLICATION_JSON) @Path("default-groups") public List getDefaultGroups() { - this.auth.requireView(); + auth.requireView(); + List defaults = new LinkedList<>(); for (GroupModel group : realm.getDefaultGroups()) { defaults.add(ModelToRepresentation.toRepresentation(group, false)); @@ -702,7 +719,8 @@ public class RealmAdminResource { @NoCache @Path("default-groups/{groupId}") public void addDefaultGroup(@PathParam("groupId") String groupId) { - this.auth.requireManage(); + auth.requireManage(); + GroupModel group = realm.getGroupById(groupId); if (group == null) { throw new NotFoundException("Group not found"); @@ -714,7 +732,8 @@ public class RealmAdminResource { @NoCache @Path("default-groups/{groupId}") public void removeDefaultGroup(@PathParam("groupId") String groupId) { - this.auth.requireManage(); + auth.requireManage(); + GroupModel group = realm.getGroupById(groupId); if (group == null) { throw new NotFoundException("Group not found"); @@ -736,7 +755,8 @@ public class RealmAdminResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public GroupRepresentation getGroupByPath(@PathParam("path") String path) { - this.auth.requireView(); + auth.requireView(); + GroupModel found = KeycloakModelUtils.findGroupByPath(realm, path); if (found == null) { throw new NotFoundException("Group path does not exist"); @@ -756,6 +776,7 @@ public class RealmAdminResource { @Consumes(MediaType.APPLICATION_JSON) public Response partialImport(PartialImportRepresentation rep) { auth.requireManage(); + PartialImportManager partialImport = new PartialImportManager(rep, session, realm, adminEvent); return partialImport.saveResources(); } @@ -768,6 +789,7 @@ public class RealmAdminResource { @POST public void clearRealmCache() { auth.requireManage(); + adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); CacheRealmProvider cache = session.getProvider(CacheRealmProvider.class); if (cache != null) { @@ -783,6 +805,7 @@ public class RealmAdminResource { @POST public void clearUserCache() { auth.requireManage(); + adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); CacheUserProvider cache = session.getProvider(CacheUserProvider.class); if (cache != null) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java index 07efd0507e..26b1a4a7dd 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java @@ -79,8 +79,9 @@ public class RoleByIdResource extends RoleResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public RoleRepresentation getRole(final @PathParam("role-id") String id) { + auth.requireAny(); + RoleModel roleModel = getRoleModel(id); - auth.requireView(); return getRole(roleModel); } @@ -111,8 +112,9 @@ public class RoleByIdResource extends RoleResource { @DELETE @NoCache public void deleteRole(final @PathParam("role-id") String id) { - RoleModel role = getRoleModel(id); auth.requireManage(); + + RoleModel role = getRoleModel(id); deleteRole(role); adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); } @@ -127,8 +129,9 @@ public class RoleByIdResource extends RoleResource { @PUT @Consumes(MediaType.APPLICATION_JSON) public void updateRole(final @PathParam("role-id") String id, final RoleRepresentation rep) { - RoleModel role = getRoleModel(id); auth.requireManage(); + + RoleModel role = getRoleModel(id); updateRole(rep, role); adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); } @@ -143,8 +146,9 @@ public class RoleByIdResource extends RoleResource { @POST @Consumes(MediaType.APPLICATION_JSON) public void addComposites(final @PathParam("role-id") String id, List roles) { - RoleModel role = getRoleModel(id); auth.requireManage(); + + RoleModel role = getRoleModel(id); addComposites(adminEvent, uriInfo, roles, role); } @@ -161,6 +165,7 @@ public class RoleByIdResource extends RoleResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public Set getRoleComposites(final @PathParam("role-id") String id) { + auth.requireAny(); if (logger.isDebugEnabled()) logger.debug("*** getRoleComposites: '" + id + "'"); RoleModel role = getRoleModel(id); @@ -179,8 +184,9 @@ public class RoleByIdResource extends RoleResource { @NoCache @Produces(MediaType.APPLICATION_JSON) public Set getRealmRoleComposites(final @PathParam("role-id") String id) { + auth.requireAny(); + RoleModel role = getRoleModel(id); - auth.requireView(); return getRealmRoleComposites(role); } @@ -197,8 +203,9 @@ public class RoleByIdResource extends RoleResource { @Produces(MediaType.APPLICATION_JSON) public Set getClientRoleComposites(final @PathParam("role-id") String id, final @PathParam("client") String client) { + auth.requireAny(); + RoleModel role = getRoleModel(id); - auth.requireView(); ClientModel clientModel = realm.getClientById(client); if (clientModel == null) { throw new NotFoundException("Could not find client"); @@ -219,8 +226,9 @@ public class RoleByIdResource extends RoleResource { @Produces(MediaType.APPLICATION_JSON) public Set getClientByIdRoleComposites(final @PathParam("role-id") String role, final @PathParam("client") String client) { + auth.requireAny(); + RoleModel roleModel = getRoleModel(role); - auth.requireView(); ClientModel clientModel = realm.getClientById(client); if (clientModel == null) { throw new NotFoundException("Could not find client"); @@ -239,8 +247,9 @@ public class RoleByIdResource extends RoleResource { @DELETE @Consumes(MediaType.APPLICATION_JSON) public void deleteComposites(final @PathParam("role-id") String id, List roles) { - RoleModel role = getRoleModel(id); auth.requireManage(); + + RoleModel role = getRoleModel(id); deleteComposites(roles, role); adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java index 29b4ae6715..ecfc307331 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java @@ -100,6 +100,7 @@ public class UserFederationProviderResource { @Consumes(MediaType.APPLICATION_JSON) public void updateProviderInstance(UserFederationProviderRepresentation rep) { auth.requireManage(); + String displayName = rep.getDisplayName(); if (displayName != null && displayName.trim().equals("")) { displayName = null; @@ -129,6 +130,7 @@ public class UserFederationProviderResource { @Produces(MediaType.APPLICATION_JSON) public UserFederationProviderRepresentation getProviderInstance() { auth.requireView(); + return ModelToRepresentation.toRepresentation(this.federationProviderModel); } @@ -157,9 +159,10 @@ public class UserFederationProviderResource { @Path("sync") @NoCache public UserFederationSyncResult syncUsers(@QueryParam("action") String action) { - logger.debug("Syncing users"); auth.requireManage(); + logger.debug("Syncing users"); + UsersSyncManager syncManager = new UsersSyncManager(); UserFederationSyncResult syncResult; if ("triggerFullSync".equals(action)) { @@ -183,7 +186,8 @@ public class UserFederationProviderResource { @Path("mapper-types") @NoCache public Map getMapperTypes() { - this.auth.requireView(); + auth.requireView(); + KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); Map types = new HashMap<>(); List factories = sessionFactory.getProviderFactories(UserFederationMapper.class); @@ -226,7 +230,8 @@ public class UserFederationProviderResource { @Produces(MediaType.APPLICATION_JSON) @NoCache public List getMappers() { - this.auth.requireView(); + auth.requireView(); + List mappers = new LinkedList<>(); for (UserFederationMapperModel model : realm.getUserFederationMappersByFederationProvider(this.federationProviderModel.getId())) { mappers.add(ModelToRepresentation.toRepresentation(realm, model)); @@ -265,6 +270,7 @@ public class UserFederationProviderResource { @Consumes(MediaType.APPLICATION_JSON) public Response addMapper(UserFederationMapperRepresentation mapper) { auth.requireManage(); + UserFederationMapperModel model = RepresentationToModel.toModel(realm, mapper); validateModel(model); @@ -290,6 +296,7 @@ public class UserFederationProviderResource { @Produces(MediaType.APPLICATION_JSON) public UserFederationMapperRepresentation getMapperById(@PathParam("id") String id) { auth.requireView(); + UserFederationMapperModel model = realm.getUserFederationMapperById(id); if (model == null) throw new NotFoundException("Model not found"); return ModelToRepresentation.toRepresentation(realm, model); @@ -307,6 +314,7 @@ public class UserFederationProviderResource { @Consumes(MediaType.APPLICATION_JSON) public void update(@PathParam("id") String id, UserFederationMapperRepresentation rep) { auth.requireManage(); + UserFederationMapperModel model = realm.getUserFederationMapperById(id); if (model == null) throw new NotFoundException("Model not found"); model = RepresentationToModel.toModel(realm, rep); @@ -328,6 +336,7 @@ public class UserFederationProviderResource { @Path("mappers/{id}") public void delete(@PathParam("id") String id) { auth.requireManage(); + UserFederationMapperModel model = realm.getUserFederationMapperById(id); if (model == null) throw new NotFoundException("Model not found"); realm.removeUserFederationMapper(model); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java index 9c9ac5143f..d7e66b1353 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java @@ -134,6 +134,7 @@ public class UserFederationProvidersResource { @Produces(MediaType.APPLICATION_JSON) public List getProviders() { auth.requireView(); + List providers = new LinkedList(); for (ProviderFactory factory : session.getKeycloakSessionFactory().getProviderFactories(UserFederationProvider.class)) { UserFederationProviderFactoryRepresentation rep = new UserFederationProviderFactoryRepresentation(); @@ -155,6 +156,7 @@ public class UserFederationProvidersResource { @Produces(MediaType.APPLICATION_JSON) public UserFederationProviderFactoryRepresentation getProvider(@PathParam("id") String id) { auth.requireView(); + for (ProviderFactory factory : session.getKeycloakSessionFactory().getProviderFactories(UserFederationProvider.class)) { if (!factory.getId().equals(id)) { continue; @@ -192,6 +194,7 @@ public class UserFederationProvidersResource { @Consumes(MediaType.APPLICATION_JSON) public Response createProviderInstance(UserFederationProviderRepresentation rep) { auth.requireManage(); + String displayName = rep.getDisplayName(); if (displayName != null && displayName.trim().equals("")) { displayName = null; @@ -225,6 +228,7 @@ public class UserFederationProvidersResource { @NoCache public List getUserFederationInstances() { auth.requireManage(); + List reps = new LinkedList(); for (UserFederationProviderModel model : realm.getUserFederationProviders()) { UserFederationProviderRepresentation rep = ModelToRepresentation.toRepresentation(model); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index 5427a1a665..169eef7d87 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -313,6 +313,7 @@ public class UsersResource { public Map impersonate(final @PathParam("id") String id) { auth.init(RealmAuth.Resource.IMPERSONATION); auth.requireManage(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -357,6 +358,7 @@ public class UsersResource { @Produces(MediaType.APPLICATION_JSON) public List getSessions(final @PathParam("id") String id) { auth.requireView(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -382,6 +384,7 @@ public class UsersResource { @Produces(MediaType.APPLICATION_JSON) public List getSessions(final @PathParam("id") String id, final @PathParam("clientId") String clientId) { auth.requireView(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -420,6 +423,7 @@ public class UsersResource { @Produces(MediaType.APPLICATION_JSON) public List getFederatedIdentity(final @PathParam("id") String id) { auth.requireView(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -456,6 +460,7 @@ public class UsersResource { @NoCache public Response addFederatedIdentity(final @PathParam("id") String id, final @PathParam("provider") String provider, FederatedIdentityRepresentation rep) { auth.requireManage(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -481,6 +486,7 @@ public class UsersResource { @NoCache public void removeFederatedIdentity(final @PathParam("id") String id, final @PathParam("provider") String provider) { auth.requireManage(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -503,6 +509,7 @@ public class UsersResource { @Produces(MediaType.APPLICATION_JSON) public List> getConsents(final @PathParam("id") String id) { auth.requireView(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -555,6 +562,7 @@ public class UsersResource { @NoCache public void revokeConsent(final @PathParam("id") String id, final @PathParam("client") String clientId) { auth.requireManage(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -586,6 +594,7 @@ public class UsersResource { @POST public void logout(final @PathParam("id") String id) { auth.requireManage(); + UserModel user = session.users().getUserById(id, realm); if (user == null) { throw new NotFoundException("User not found"); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java index aebc6c1c59..35f3849a14 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java @@ -72,6 +72,9 @@ public class ImpersonationTest { UserModel masterImpersonator = manager.getSession().users().addUser(adminstrationRealm, "master-impersonator"); masterImpersonator.setEnabled(true); ClientModel adminRealmClient = adminstrationRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(appRealm.getName())); + RoleModel masterManageUsersRole = adminRealmClient.getRole(AdminRoles.MANAGE_USERS); + masterImpersonator.grantRole(masterManageUsersRole); + RoleModel masterImpersonatorRole = adminRealmClient.getRole(ImpersonationConstants.IMPERSONATION_ROLE); masterImpersonator.grantRole(masterImpersonatorRole); } @@ -84,6 +87,10 @@ public class ImpersonationTest { UserModel impersonator = manager.getSession().users().addUser(appRealm, "impersonator"); impersonator.setEnabled(true); ClientModel appRealmClient = appRealm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID); + + RoleModel masterManageUsersRole = appRealmClient.getRole(AdminRoles.MANAGE_USERS); + impersonator.grantRole(masterManageUsersRole); + RoleModel realmImpersonatorRole = appRealmClient.getRole(ImpersonationConstants.IMPERSONATION_ROLE); impersonator.grantRole(realmImpersonatorRole); } diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js index 539401643f..a8da2ac68a 100755 --- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js @@ -40,6 +40,10 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, Current, $location return getAccess('view-events') || getAccess('manage-events') || this.manageClients; }, + get viewIdentityProviders() { + return getAccess('view-identity-providers') || getAccess('manage-identity-providers') || this.manageIdentityProviders; + }, + get manageRealm() { return getAccess('manage-realm'); }, @@ -55,6 +59,11 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, Current, $location get manageEvents() { return getAccess('manage-events'); }, + + get manageIdentityProviders() { + return getAccess('manage-identity-providers'); + }, + get impersonation() { return getAccess('impersonation'); } diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-initial-access.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-initial-access.html index 97c1fbbffa..11b3dcf2ef 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/client-initial-access.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-initial-access.html @@ -15,7 +15,7 @@ -
+
{{:: 'create' | translate}}
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-list.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-list.html index 9347274f1f..7f796e9960 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/client-list.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-list.html @@ -42,7 +42,7 @@ {{:: 'edit' | translate}} {{:: 'export' | translate}} - {{:: 'delete' | translate}} + {{:: 'delete' | translate}} {{:: 'no-results' | translate}} diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html index c07e732d09..ba9b9bf5cc 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html @@ -55,7 +55,7 @@ {{mapperTypes[mapper.protocolMapper].category}} {{mapperTypes[mapper.protocolMapper].name}} {{:: 'edit' | translate}} - {{:: 'delete' | translate}} + {{:: 'delete' | translate}} {{:: 'no-mappers-available' | translate}} diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html index 37dde5c3c1..38560e825f 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html @@ -7,7 +7,7 @@ -
+
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html index 52154d7d56..da4d49d482 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html @@ -29,7 +29,7 @@ {{role.description}} {{:: 'edit' | translate}} - {{:: 'delete' | translate}} + {{:: 'delete' | translate}} {{:: 'no-client-roles-available' | translate}} diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html index 5852634061..cd2964d632 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html @@ -7,11 +7,11 @@
  • {{mapper.name|capitalize}}
    • -

    {{mapper.name|capitalize}}{{mapper.name|capitalize}}

    {{:: 'add-identity-provider-mapper' | translate}}

    - +
    @@ -48,14 +48,14 @@
    -
    +
    -
    +
    diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html b/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html index 7950d6fd84..a2f7effb59 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html @@ -19,7 +19,7 @@
    -
    +
    {{:: 'create' | translate}}
    diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html index 29aa6888ff..fe781c22db 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html @@ -1,8 +1,8 @@

    {{:: 'create-protocol-mapper' | translate}}

    -

    {{model.mapper.name|capitalize}}{{model.mapper.name|capitalize}}

    - +
    @@ -64,14 +64,14 @@
    -
    +
    -
    +
    diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html index 86c010219b..1db4c6af62 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html @@ -6,7 +6,7 @@ - + diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html index 2abfeb8b85..aa94559e03 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html @@ -6,7 +6,7 @@ - +
    diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html index 29e85afcc9..9599d98905 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html @@ -6,7 +6,7 @@ - + diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html index 71a8c5a8e0..1b1ae9611a 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html @@ -9,7 +9,7 @@ -
    +