Fixes access for credentials tab. (#19449)

Fixes #19134
This commit is contained in:
Stan Silvert 2023-03-31 12:55:40 -04:00 committed by GitHub
parent d857ea8ec2
commit 139b809f72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 7 deletions

View file

@ -194,11 +194,14 @@ export default function ClientDetails() {
const { profileInfo } = useServerInfo();
const { hasAccess } = useAccess();
const hasManageAuthorization = hasAccess("manage-authorization");
const permissionsEnabled =
!profileInfo?.disabledFeatures?.includes("ADMIN_FINE_GRAINED_AUTHZ") &&
hasAccess("manage-authorization");
hasManageAuthorization;
const hasManageClients = hasAccess("manage-clients");
const hasViewClients = hasAccess("view-clients");
const hasViewUsers = hasAccess("view-users");
const hasQueryUsers = hasAccess("query-users");
const navigate = useNavigate();
@ -452,7 +455,7 @@ export default function ClientDetails() {
)}
{!client.publicClient &&
!isRealmClient(client) &&
(hasManageClients || client.access?.configure) && (
(hasViewClients || client.access?.configure) && (
<Tab
id="credentials"
title={<TabTitleText>{t("credentials")}</TabTitleText>}
@ -488,7 +491,7 @@ export default function ClientDetails() {
isReadOnly={!(hasManageClients || client.access?.configure)}
/>
</Tab>
{!isRealmClient(client) && !client.bearerOnly && (
{!isRealmClient(client) && !client.bearerOnly && hasQueryUsers && (
<Tab
id="clientScopes"
data-testid="clientScopesTab"
@ -527,7 +530,7 @@ export default function ClientDetails() {
</RoutableTabs>
</Tab>
)}
{client!.authorizationServicesEnabled && (
{client!.authorizationServicesEnabled && hasManageAuthorization && (
<Tab
id="authorization"
data-testid="authorizationTab"

View file

@ -17,6 +17,7 @@ import { useConfirmDialog } from "../../components/confirm-dialog/ConfirmDialog"
import { useAdminClient } from "../../context/auth/AdminClient";
import { useAlerts } from "../../components/alert/Alerts";
import useFormatDate from "../../utils/useFormatDate";
import { useAccess } from "../../context/access/Access";
export type ClientSecretProps = {
client: ClientRepresentation;
@ -24,14 +25,22 @@ export type ClientSecretProps = {
toggle: () => void;
};
type SecretInputProps = Omit<ClientSecretProps, "client"> & {
type SecretInputProps = ClientSecretProps & {
id: string;
buttonLabel: string;
};
const SecretInput = ({ id, buttonLabel, secret, toggle }: SecretInputProps) => {
const SecretInput = ({
id,
buttonLabel,
client,
secret,
toggle,
}: SecretInputProps) => {
const { t } = useTranslation("clients");
const form = useFormContext<ClientRepresentation>();
const { hasAccess } = useAccess();
const isManager = hasAccess("manage-clients") || client.access?.configure;
return (
<Split hasGutter>
@ -49,7 +58,7 @@ const SecretInput = ({ id, buttonLabel, secret, toggle }: SecretInputProps) => {
<SplitItem>
<Button
variant="secondary"
isDisabled={form.formState.isDirty}
isDisabled={form.formState.isDirty || !isManager}
onClick={toggle}
>
{t(buttonLabel)}
@ -117,6 +126,7 @@ export const ClientSecret = ({ client, secret, toggle }: ClientSecretProps) => {
>
<SecretInput
id="kc-client-secret"
client={client}
secret={secret}
toggle={toggle}
buttonLabel="regenerate"
@ -130,6 +140,7 @@ export const ClientSecret = ({ client, secret, toggle }: ClientSecretProps) => {
<FormGroup label={t("secretRotated")} fieldId="secretRotated">
<SecretInput
id="secretRotated"
client={client}
secret={secretRotated}
toggle={toggleInvalidateConfirm}
buttonLabel="invalidateSecret"

View file

@ -140,6 +140,7 @@ export const Credentials = ({ client, save, refresh }: CredentialsProps) => {
isHorizontal
className="pf-u-mt-md"
role="manage-clients"
fineGrainedAccess={client.access?.configure}
>
<ClientSecretConfirm />
<AccessTokenConfirm />