KEYCLOAK-5878
This commit is contained in:
parent
8e53ccf5ab
commit
06762ba13d
3 changed files with 37 additions and 3 deletions
|
@ -49,8 +49,17 @@ public interface UsersResource {
|
|||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
List<UserRepresentation> search(@QueryParam("search") String search,
|
||||
@QueryParam("first") Integer firstResult,
|
||||
@QueryParam("max") Integer maxResults);
|
||||
@QueryParam("first") Integer firstResult,
|
||||
@QueryParam("max") Integer maxResults);
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
List<UserRepresentation> list(@QueryParam("first") Integer firstResult,
|
||||
@QueryParam("max") Integer maxResults);
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
List<UserRepresentation> list();
|
||||
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
|
@ -67,4 +76,6 @@ public interface UsersResource {
|
|||
@Path("{id}")
|
||||
@DELETE
|
||||
Response delete(@PathParam("id") String id);
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -98,6 +98,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
|||
Set<Scope> scopeset = new HashSet<>();
|
||||
scopeset.add(manageScope);
|
||||
scopeset.add(viewScope);
|
||||
scopeset.add(viewMembersScope);
|
||||
scopeset.add(manageMembershipScope);
|
||||
scopeset.add(manageMembersScope);
|
||||
groupResource.updateScopes(scopeset);
|
||||
|
|
|
@ -294,8 +294,18 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
clientConfigurePolicy.addAssociatedPolicy(userPolicy);
|
||||
|
||||
|
||||
UserModel groupViewer = session.users().addUser(realm, "groupViewer");
|
||||
groupViewer.grantRole(queryGroupsRole);
|
||||
groupViewer.grantRole(queryUsersRole);
|
||||
groupViewer.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, groupViewer, UserCredentialModel.password("password"));
|
||||
|
||||
|
||||
UserPolicyRepresentation groupViewMembersRep = new UserPolicyRepresentation();
|
||||
groupViewMembersRep.setName("groupMemberViewers");
|
||||
groupViewMembersRep.addUser("groupViewer");
|
||||
Policy groupViewMembersPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(groupViewMembersRep, server);
|
||||
Policy groupViewMembersPermission = permissions.groups().viewMembersPermission(group);
|
||||
groupViewMembersPermission.addAssociatedPolicy(groupViewMembersPolicy);
|
||||
|
||||
|
||||
}
|
||||
|
@ -600,7 +610,19 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
}
|
||||
}
|
||||
|
||||
// KEYCLOAK-5878
|
||||
|
||||
{
|
||||
Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
|
||||
TEST, "groupViewer", "password", Constants.ADMIN_CLI_CLIENT_ID, null);
|
||||
// Should only return the list of users that belong to "top" group
|
||||
List<UserRepresentation> queryUsers = realmClient.realm(TEST).users().list();
|
||||
Assert.assertEquals(queryUsers.size(), 1);
|
||||
Assert.assertEquals("groupmember", queryUsers.get(0).getUsername());
|
||||
for (UserRepresentation user : queryUsers) {
|
||||
System.out.println(user.getUsername());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
Loading…
Reference in a new issue