KEYCLOAK-10663 Introducing Resource Type in scope based permissions.
Resource based and Scope Based permissions are not merged in single UI because Resource based permission requires resource as compulsory field. In case of Scope based permission, if Resource Type switch is on, Resource Type field is available and it is compulsory to be filled. If Resource Type switch is off, it is optional for user to fill Resource field.
This commit is contained in:
parent
016c28e7a5
commit
100827977e
9 changed files with 139 additions and 69 deletions
|
@ -1482,6 +1482,8 @@ authz-permission-resource-type.tooltip=このパーミッションが適用さ
|
|||
|
||||
# Authz Scope Permission Detail
|
||||
authz-add-scope-permission=スコープパーミッションの追加
|
||||
authz-permission-scope-apply-to-resource-type=リソースタイプに適用
|
||||
authz-permission-scope-apply-to-resource-type.tooltip=このパーミッションが、特定タイプの全リソースに適用されるべきかどうかを指定します。この場合、パーミッションは特定リソースタイプの全インスタンスに対して評価されます。
|
||||
authz-permission-scope-resource.tooltip=選択されたリソースに関連するスコープに制限します。選択されていない場合は、すべてのスコープが使用可能になります。
|
||||
authz-permission-scope-scope.tooltip=このパーミッションは1つまたは複数のスコープに適用されるように指定してください。
|
||||
|
||||
|
|
|
@ -1140,6 +1140,8 @@ authz-permission-resource-type.tooltip=Nurodykite, kad ši taisyklė turi būti
|
|||
|
||||
# Authz Scope Permission Detail
|
||||
authz-add-scope-permission=Pridėti taikymo srities leidimą
|
||||
authz-permission-scope-apply-to-resource-type=Pritaikyti resurso tipui
|
||||
authz-permission-scope-apply-to-resource-type.tooltip=Nurodykite ar šis leidimas turi būti pritaikomas visiems šio tipo resursams. Jei įgalinta, tuomet leidimo tikrinimas bus atliekamas visiems nurodyto tipo resursams.
|
||||
authz-permission-scope-resource.tooltip=Pasirinkdami resurą apribosite taikymo sričių sąrašą. Jei nepasirinkta, tuomet matysite visas galimas taikymo sritis.
|
||||
authz-permission-scope-scope.tooltip=Nurodo, kad šis leidimas turi būti pritaikytas vienai ar daugiau taikymo sričių.
|
||||
|
||||
|
|
|
@ -1098,6 +1098,8 @@ authz-permission-resource-type.tooltip=Spesifiserer at denne tillatelsen m\u00E5
|
|||
|
||||
# Authz Scope Permission Detail
|
||||
authz-add-scope-permission=Legg til tillatelse for scope
|
||||
authz-permission-scope-apply-to-resource-type=Bruk p\u00E5 ressurstype
|
||||
authz-permission-scope-apply-to-resource-type.tooltip=Spesifiserer om denne tillatelsen skal gjelde for alle ressurser med en gitt type. I dette tilfellet vil tillatelsen bli evaluert for alle instanser av gitt ressurstype.
|
||||
authz-permission-scope-resource.tooltip=Begrens scopes til de som er tilknyttet den valgte ressursen. Hvis dette ikke er valgt vil alle scopes v\u00E6re tilgjengelige.
|
||||
authz-permission-scope-scope.tooltip=Spesifiserer at denne tillatelse m\u00E5 anvendes p\u00E5 en eller flere scopes.
|
||||
|
||||
|
|
|
@ -805,6 +805,7 @@ authz-permission-resource-apply-to-resource-type=Aplicar ao tipo de recurso
|
|||
|
||||
# Authz Scope Permission Detail
|
||||
authz-add-scope-permission=Adicionar permissão de escopo
|
||||
authz-permission-scope-apply-to-resource-type=Aplicar ao tipo de recurso
|
||||
|
||||
# Authz Evaluation
|
||||
authz-evaluation-identity-information=Informação de identidade
|
||||
|
@ -1081,6 +1082,7 @@ authz-policy-js-code.tooltip=The JavaScript code providing the conditions for th
|
|||
authz-permission-name.tooltip=The name of this permission.
|
||||
authz-permission-description.tooltip=A description for this permission.
|
||||
authz-permission-resource-apply-to-resource-type.tooltip=Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
|
||||
authz-permission-scope-apply-to-resource-type.tooltip=Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
|
||||
authz-permission-resource-resource.tooltip=Specifies that this permission must be applied to a specific resource instance.
|
||||
authz-permission-resource-type.tooltip=Specifies that this permission must be applied to all resources instances of a given type.
|
||||
authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
|
||||
|
|
|
@ -1197,6 +1197,8 @@ authz-permission-resource-type.tooltip=Определяет, что это ра
|
|||
|
||||
# Authz Scope Permission Detail
|
||||
authz-add-scope-permission=Добавить разрешение области
|
||||
authz-permission-scope-apply-to-resource-type=Применить к типу ресурса
|
||||
authz-permission-scope-apply-to-resource-type.tooltip=Определяет, будет ли это разрешение будет применено ко всем ресурсам с данным типом. В этом случае это разрешение будет вычисляться для всех экземпляров с заданным типом ресурса.
|
||||
authz-permission-scope-resource.tooltip=Ограничевает области, с которыми связан выбранный ресурс. Если не выбрано, все области будут доступны.
|
||||
authz-permission-scope-scope.tooltip=Определяет, что разрешение должно быть применено к одной или нескольким областям.
|
||||
|
||||
|
|
|
@ -1142,6 +1142,8 @@ authz-permission-resource-type.tooltip =指定此权限必须应用于给定类
|
|||
|
||||
#Authz Scope Permission Detail
|
||||
authz-add-scope-permission =添加范围权限
|
||||
authz-permission-scope-apply-to-resource-type =应用于资源类型
|
||||
authz-permission-scope-apply-to-resource-type.tooltip =指定是否将此权限应用于具有给定类型的所有资源。 在这种情况下,将对给定资源类型的所有实例评估此权限。
|
||||
authz-permission-scope-resource.tooltip =将范围限制为与所选资源关联的范围。 如果未选择,则所有范围都可用。
|
||||
authz-permission-scope-scope.tooltip =指定此权限必须应用于一个或多个作用域。
|
||||
|
||||
|
|
|
@ -1794,6 +1794,8 @@ authz-permission-resource-type.tooltip=Specifies that this permission must be ap
|
|||
|
||||
# Authz Scope Permission Detail
|
||||
authz-add-scope-permission=Add Scope Permission
|
||||
authz-permission-scope-apply-to-resource-type=Apply to Resource Type
|
||||
authz-permission-scope-apply-to-resource-type.tooltip=Specifies if this permission should be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
|
||||
authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
|
||||
authz-permission-scope-scope.tooltip=Specifies that this permission must be applied to one or more scopes.
|
||||
|
||||
|
|
|
@ -1213,90 +1213,129 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
|||
});
|
||||
}
|
||||
}
|
||||
$scope.applyToResourceType = function() {
|
||||
if ($scope.applyToResourceTypeFlag) {
|
||||
$scope.selectedResource = null;
|
||||
} else {
|
||||
$scope.policy.resourceType = null;
|
||||
}
|
||||
$scope.selectedScopes = [];
|
||||
$scope.changed = true;
|
||||
}
|
||||
},
|
||||
|
||||
onInitUpdate : function(policy) {
|
||||
ResourceServerPolicy.resources({
|
||||
realm : $route.current.params.realm,
|
||||
client : client.id,
|
||||
id : policy.id
|
||||
}, function(resources) {
|
||||
if (resources.length > 0) {
|
||||
for (i = 0; i < resources.length; i++) {
|
||||
ResourceServerResource.get({
|
||||
realm: $route.current.params.realm,
|
||||
client: client.id,
|
||||
rsrid: resources[0]._id,
|
||||
}, function (resource) {
|
||||
ResourceServerResource.query({
|
||||
if (!policy.resourceType) {
|
||||
ResourceServerPolicy.resources({
|
||||
realm : $route.current.params.realm,
|
||||
client : client.id,
|
||||
id : policy.id
|
||||
}, function(resources) {
|
||||
if (resources.length > 0) {
|
||||
for (i = 0; i < resources.length; i++) {
|
||||
ResourceServerResource.get({
|
||||
realm: $route.current.params.realm,
|
||||
client: client.id,
|
||||
_id: resource._id,
|
||||
deep: false
|
||||
rsrid: resources[0]._id,
|
||||
}, function (resource) {
|
||||
resource[0].text = resource[0].name;
|
||||
$scope.selectedResource = resource[0];
|
||||
var copy = angular.copy($scope.selectedResource);
|
||||
$scope.$watch('selectedResource', function() {
|
||||
if (!angular.equals($scope.selectedResource, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
ResourceServerResource.scopes({
|
||||
ResourceServerResource.query({
|
||||
realm: $route.current.params.realm,
|
||||
client: client.id,
|
||||
rsrid: resource[0]._id
|
||||
}, function (scopes) {
|
||||
$scope.resourceScopes = scopes;
|
||||
_id: resource._id,
|
||||
deep: false
|
||||
}, function (resource) {
|
||||
resource[0].text = resource[0].name;
|
||||
$scope.selectedResource = resource[0];
|
||||
var copy = angular.copy($scope.selectedResource);
|
||||
$scope.$watch('selectedResource', function() {
|
||||
if (!angular.equals($scope.selectedResource, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
ResourceServerResource.scopes({
|
||||
realm: $route.current.params.realm,
|
||||
client: client.id,
|
||||
rsrid: resource[0]._id
|
||||
}, function (scopes) {
|
||||
$scope.resourceScopes = scopes;
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
ResourceServerPolicy.scopes({
|
||||
realm : $route.current.params.realm,
|
||||
client : client.id,
|
||||
id : policy.id
|
||||
}, function(scopes) {
|
||||
$scope.selectedScopes = [];
|
||||
for (i = 0; i < scopes.length; i++) {
|
||||
scopes[i].text = scopes[i].name;
|
||||
$scope.selectedScopes.push(scopes[i].id);
|
||||
}
|
||||
var copy = angular.copy($scope.selectedScopes);
|
||||
$scope.$watch('selectedScopes', function() {
|
||||
if (!angular.equals($scope.selectedScopes, copy)) {
|
||||
|
||||
ResourceServerPolicy.scopes({
|
||||
realm : $route.current.params.realm,
|
||||
client : client.id,
|
||||
id : policy.id
|
||||
}, function(scopes) {
|
||||
$scope.selectedScopes = [];
|
||||
for (i = 0; i < scopes.length; i++) {
|
||||
scopes[i].text = scopes[i].name;
|
||||
$scope.selectedScopes.push(scopes[i].id);
|
||||
}
|
||||
var copy = angular.copy($scope.selectedScopes);
|
||||
$scope.$watch('selectedScopes', function() {
|
||||
if (!angular.equals($scope.selectedScopes, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
});
|
||||
} else {
|
||||
$scope.selectedResource = null;
|
||||
var copy = angular.copy($scope.selectedResource);
|
||||
$scope.$watch('selectedResource', function() {
|
||||
if (!angular.equals($scope.selectedResource, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
});
|
||||
} else {
|
||||
$scope.selectedResource = null;
|
||||
var copy = angular.copy($scope.selectedResource);
|
||||
$scope.$watch('selectedResource', function() {
|
||||
if (!angular.equals($scope.selectedResource, copy)) {
|
||||
ResourceServerPolicy.scopes({
|
||||
realm : $route.current.params.realm,
|
||||
client : client.id,
|
||||
id : policy.id
|
||||
}, function(scopes) {
|
||||
$scope.selectedScopes = [];
|
||||
for (i = 0; i < scopes.length; i++) {
|
||||
scopes[i].text = scopes[i].name;
|
||||
$scope.selectedScopes.push(scopes[i]);
|
||||
}
|
||||
var copy = angular.copy($scope.selectedScopes);
|
||||
$scope.$watch('selectedScopes', function() {
|
||||
if (!angular.equals($scope.selectedScopes, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
});
|
||||
}
|
||||
});
|
||||
} else {
|
||||
$scope.selectedResource = null;
|
||||
var copy = angular.copy($scope.selectedResource);
|
||||
$scope.$watch('selectedResource', function() {
|
||||
if (!angular.equals($scope.selectedResource, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
ResourceServerPolicy.scopes({
|
||||
realm : $route.current.params.realm,
|
||||
client : client.id,
|
||||
id : policy.id
|
||||
}, function(scopes) {
|
||||
$scope.selectedScopes = [];
|
||||
for (i = 0; i < scopes.length; i++) {
|
||||
scopes[i].text = scopes[i].name;
|
||||
$scope.selectedScopes.push(scopes[i]);
|
||||
}
|
||||
|
||||
var copy = angular.copy($scope.selectedScopes);
|
||||
$scope.$watch('selectedScopes', function() {
|
||||
if (!angular.equals($scope.selectedScopes, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
ResourceServerPolicy.scopes({
|
||||
realm : $route.current.params.realm,
|
||||
client : client.id,
|
||||
id : policy.id
|
||||
}, function(scopes) {
|
||||
$scope.selectedScopes = [];
|
||||
for (i = 0; i < scopes.length; i++) {
|
||||
scopes[i].text = scopes[i].name;
|
||||
$scope.selectedScopes.push(scopes[i]);
|
||||
}
|
||||
var copy = angular.copy($scope.selectedScopes);
|
||||
$scope.$watch('selectedScopes', function() {
|
||||
if (!angular.equals($scope.selectedScopes, copy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
$scope.applyToResourceTypeFlag = true;
|
||||
}
|
||||
|
||||
ResourceServerPolicy.associatedPolicies({
|
||||
realm : $route.current.params.realm,
|
||||
|
@ -1400,12 +1439,15 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
|||
policyViewState.state.selectedScopes = $scope.selectedScopes;
|
||||
policyViewState.state.selectedResource = $scope.selectedResource;
|
||||
policyViewState.state.resourceScopes = $scope.resourceScopes;
|
||||
policyViewState.state.applyToResourceTypeFlag = $scope.applyToResourceTypeFlag;
|
||||
},
|
||||
|
||||
onRestoreState : function(policy) {
|
||||
$scope.selectedScopes = policyViewState.state.selectedScopes;
|
||||
$scope.selectedResource = policyViewState.state.selectedResource;
|
||||
$scope.resourceScopes = policyViewState.state.resourceScopes;
|
||||
$scope.applyToResourceTypeFlag = policyViewState.state.applyToResourceTypeFlag;
|
||||
policy.resourceType = policyViewState.state.policy.resourceType;
|
||||
}
|
||||
}, realm, client, $scope);
|
||||
});
|
||||
|
|
|
@ -28,14 +28,28 @@
|
|||
</div>
|
||||
<kc-tooltip>{{:: 'authz-permission-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="applyToResourceTypeFlag">{{:: 'authz-permission-scope-apply-to-resource-type' | translate}}</label>
|
||||
<div class="col-md-6">
|
||||
<input ng-model="applyToResourceTypeFlag" id="applyToResourceTypeFlag" onoffswitch data-ng-click="applyToResourceType()"/>
|
||||
</div>
|
||||
<kc-tooltip>{{:: 'authz-permission-scope-apply-to-resource-type.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-hide="applyToResourceTypeFlag">
|
||||
<label class="col-md-2 control-label" for="resources">{{:: 'authz-resource' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<input type="hidden" ui-select2="resourcesUiSelect" data-ng-change="selectResource()" id="resources" data-ng-model="selectedResource" data-placeholder="{{:: 'authz-any-resource' | translate}}..." />
|
||||
</div>
|
||||
<kc-tooltip>{{:: 'authz-permission-scope-resource.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="applyToResourceTypeFlag">
|
||||
<label class="col-md-2 control-label" for="resourceType">{{:: 'authz-resource-type' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-md-6">
|
||||
<input class="form-control" type="text" id="resourceType" name="policy.resourceType" data-ng-model="policy.resourceType" data-ng-required="applyToResourceTypeFlag">
|
||||
</div>
|
||||
|
||||
<kc-tooltip>{{:: 'authz-permission-resource-type.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="selectedResource">
|
||||
<label class="col-md-2 control-label" for="resourceScopes">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-md-6">
|
||||
|
|
Loading…
Reference in a new issue