KEYCLOAK-5878

This commit is contained in:
Bill Burke 2017-11-20 17:03:28 -05:00
parent 8e53ccf5ab
commit 06762ba13d
3 changed files with 37 additions and 3 deletions

View file

@ -52,6 +52,15 @@ public interface UsersResource {
@QueryParam("first") Integer firstResult,
@QueryParam("max") Integer maxResults);
@GET
@Produces(MediaType.APPLICATION_JSON)
List<UserRepresentation> list(@QueryParam("first") Integer firstResult,
@QueryParam("max") Integer maxResults);
@GET
@Produces(MediaType.APPLICATION_JSON)
List<UserRepresentation> list();
@POST
@Consumes(MediaType.APPLICATION_JSON)
Response create(UserRepresentation userRepresentation);
@ -67,4 +76,6 @@ public interface UsersResource {
@Path("{id}")
@DELETE
Response delete(@PathParam("id") String id);
}

View file

@ -98,6 +98,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
Set<Scope> scopeset = new HashSet<>();
scopeset.add(manageScope);
scopeset.add(viewScope);
scopeset.add(viewMembersScope);
scopeset.add(manageMembershipScope);
scopeset.add(manageMembersScope);
groupResource.updateScopes(scopeset);

View file

@ -294,8 +294,18 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
clientConfigurePolicy.addAssociatedPolicy(userPolicy);
UserModel groupViewer = session.users().addUser(realm, "groupViewer");
groupViewer.grantRole(queryGroupsRole);
groupViewer.grantRole(queryUsersRole);
groupViewer.setEnabled(true);
session.userCredentialManager().updateCredential(realm, groupViewer, UserCredentialModel.password("password"));
UserPolicyRepresentation groupViewMembersRep = new UserPolicyRepresentation();
groupViewMembersRep.setName("groupMemberViewers");
groupViewMembersRep.addUser("groupViewer");
Policy groupViewMembersPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(groupViewMembersRep, server);
Policy groupViewMembersPermission = permissions.groups().viewMembersPermission(group);
groupViewMembersPermission.addAssociatedPolicy(groupViewMembersPolicy);
}
@ -600,7 +610,19 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
}
}
// KEYCLOAK-5878
{
Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
TEST, "groupViewer", "password", Constants.ADMIN_CLI_CLIENT_ID, null);
// Should only return the list of users that belong to "top" group
List<UserRepresentation> queryUsers = realmClient.realm(TEST).users().list();
Assert.assertEquals(queryUsers.size(), 1);
Assert.assertEquals("groupmember", queryUsers.get(0).getUsername());
for (UserRepresentation user : queryUsers) {
System.out.println(user.getUsername());
}
}
}
@Test