KEYCLOAK-5878
This commit is contained in:
parent
8e53ccf5ab
commit
06762ba13d
3 changed files with 37 additions and 3 deletions
|
@ -52,6 +52,15 @@ public interface UsersResource {
|
||||||
@QueryParam("first") Integer firstResult,
|
@QueryParam("first") Integer firstResult,
|
||||||
@QueryParam("max") Integer maxResults);
|
@QueryParam("max") Integer maxResults);
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
List<UserRepresentation> list(@QueryParam("first") Integer firstResult,
|
||||||
|
@QueryParam("max") Integer maxResults);
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
List<UserRepresentation> list();
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
Response create(UserRepresentation userRepresentation);
|
Response create(UserRepresentation userRepresentation);
|
||||||
|
@ -67,4 +76,6 @@ public interface UsersResource {
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
@DELETE
|
@DELETE
|
||||||
Response delete(@PathParam("id") String id);
|
Response delete(@PathParam("id") String id);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,6 +98,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
Set<Scope> scopeset = new HashSet<>();
|
Set<Scope> scopeset = new HashSet<>();
|
||||||
scopeset.add(manageScope);
|
scopeset.add(manageScope);
|
||||||
scopeset.add(viewScope);
|
scopeset.add(viewScope);
|
||||||
|
scopeset.add(viewMembersScope);
|
||||||
scopeset.add(manageMembershipScope);
|
scopeset.add(manageMembershipScope);
|
||||||
scopeset.add(manageMembersScope);
|
scopeset.add(manageMembersScope);
|
||||||
groupResource.updateScopes(scopeset);
|
groupResource.updateScopes(scopeset);
|
||||||
|
|
|
@ -294,8 +294,18 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
clientConfigurePolicy.addAssociatedPolicy(userPolicy);
|
clientConfigurePolicy.addAssociatedPolicy(userPolicy);
|
||||||
|
|
||||||
|
|
||||||
|
UserModel groupViewer = session.users().addUser(realm, "groupViewer");
|
||||||
|
groupViewer.grantRole(queryGroupsRole);
|
||||||
|
groupViewer.grantRole(queryUsersRole);
|
||||||
|
groupViewer.setEnabled(true);
|
||||||
|
session.userCredentialManager().updateCredential(realm, groupViewer, UserCredentialModel.password("password"));
|
||||||
|
|
||||||
|
UserPolicyRepresentation groupViewMembersRep = new UserPolicyRepresentation();
|
||||||
|
groupViewMembersRep.setName("groupMemberViewers");
|
||||||
|
groupViewMembersRep.addUser("groupViewer");
|
||||||
|
Policy groupViewMembersPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(groupViewMembersRep, server);
|
||||||
|
Policy groupViewMembersPermission = permissions.groups().viewMembersPermission(group);
|
||||||
|
groupViewMembersPermission.addAssociatedPolicy(groupViewMembersPolicy);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -600,7 +610,19 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// KEYCLOAK-5878
|
||||||
|
|
||||||
|
{
|
||||||
|
Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
|
||||||
|
TEST, "groupViewer", "password", Constants.ADMIN_CLI_CLIENT_ID, null);
|
||||||
|
// Should only return the list of users that belong to "top" group
|
||||||
|
List<UserRepresentation> queryUsers = realmClient.realm(TEST).users().list();
|
||||||
|
Assert.assertEquals(queryUsers.size(), 1);
|
||||||
|
Assert.assertEquals("groupmember", queryUsers.get(0).getUsername());
|
||||||
|
for (UserRepresentation user : queryUsers) {
|
||||||
|
System.out.println(user.getUsername());
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
Loading…
Reference in a new issue