libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Fixes access for credentials tab. (#19449)

Browse source 
Fixes #19134
This commit is contained in:
Stan Silvert 2023-03-31 12:55:40 -04:00 committed by GitHub
parent d857ea8ec2
commit 139b809f72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
js/apps/admin-ui/src/clients/ClientDetails.tsx
View file

@ -194,11 +194,14 @@ export default function ClientDetails() {
const { profileInfo } = useServerInfo(); const { profileInfo } = useServerInfo();
const { hasAccess } = useAccess(); const { hasAccess } = useAccess();
const hasManageAuthorization = hasAccess("manage-authorization");
const permissionsEnabled = const permissionsEnabled =
!profileInfo?.disabledFeatures?.includes("ADMIN_FINE_GRAINED_AUTHZ") && !profileInfo?.disabledFeatures?.includes("ADMIN_FINE_GRAINED_AUTHZ") &&
hasAccess("manage-authorization"); hasManageAuthorization;
const hasManageClients = hasAccess("manage-clients"); const hasManageClients = hasAccess("manage-clients");
const hasViewClients = hasAccess("view-clients");
const hasViewUsers = hasAccess("view-users"); const hasViewUsers = hasAccess("view-users");
const hasQueryUsers = hasAccess("query-users");
const navigate = useNavigate(); const navigate = useNavigate();
@ -452,7 +455,7 @@ export default function ClientDetails() {
)} )}
{!client.publicClient && {!client.publicClient &&
!isRealmClient(client) && !isRealmClient(client) &&
(hasManageClients || client.access?.configure) && ( (hasViewClients || client.access?.configure) && (
<Tab <Tab
id="credentials" id="credentials"
title={<TabTitleText>{t("credentials")}</TabTitleText>} title={<TabTitleText>{t("credentials")}</TabTitleText>}
@ -488,7 +491,7 @@ export default function ClientDetails() {
isReadOnly={!(hasManageClients || client.access?.configure)} isReadOnly={!(hasManageClients || client.access?.configure)}
/> />
</Tab> </Tab>
{!isRealmClient(client) && !client.bearerOnly && ( {!isRealmClient(client) && !client.bearerOnly && hasQueryUsers && (
<Tab <Tab
id="clientScopes" id="clientScopes"
data-testid="clientScopesTab" data-testid="clientScopesTab"
@ -527,7 +530,7 @@ export default function ClientDetails() {
</RoutableTabs> </RoutableTabs>
</Tab> </Tab>
)} )}
{client!.authorizationServicesEnabled && ( {client!.authorizationServicesEnabled && hasManageAuthorization && (
<Tab <Tab
id="authorization" id="authorization"
data-testid="authorizationTab" data-testid="authorizationTab"

17
js/apps/admin-ui/src/clients/credentials/ClientSecret.tsx
View file

@ -17,6 +17,7 @@ import { useConfirmDialog } from "../../components/confirm-dialog/ConfirmDialog"
import { useAdminClient } from "../../context/auth/AdminClient"; import { useAdminClient } from "../../context/auth/AdminClient";
import { useAlerts } from "../../components/alert/Alerts"; import { useAlerts } from "../../components/alert/Alerts";
import useFormatDate from "../../utils/useFormatDate"; import useFormatDate from "../../utils/useFormatDate";
import { useAccess } from "../../context/access/Access";
export type ClientSecretProps = { export type ClientSecretProps = {
client: ClientRepresentation; client: ClientRepresentation;
@ -24,14 +25,22 @@ export type ClientSecretProps = {
toggle: () => void; toggle: () => void;
}; };
type SecretInputProps = Omit<ClientSecretProps, "client"> & { type SecretInputProps = ClientSecretProps & {
id: string; id: string;
buttonLabel: string; buttonLabel: string;
}; };
const SecretInput = ({ id, buttonLabel, secret, toggle }: SecretInputProps) => { const SecretInput = ({
id,
buttonLabel,
client,
secret,
toggle,
}: SecretInputProps) => {
const { t } = useTranslation("clients"); const { t } = useTranslation("clients");
const form = useFormContext<ClientRepresentation>(); const form = useFormContext<ClientRepresentation>();
const { hasAccess } = useAccess();
const isManager = hasAccess("manage-clients") || client.access?.configure;
return ( return (
<Split hasGutter> <Split hasGutter>
@ -49,7 +58,7 @@ const SecretInput = ({ id, buttonLabel, secret, toggle }: SecretInputProps) => {
<SplitItem> <SplitItem>
<Button <Button
variant="secondary" variant="secondary"
isDisabled={form.formState.isDirty} isDisabled={form.formState.isDirty || !isManager}
onClick={toggle} onClick={toggle}
> >
{t(buttonLabel)} {t(buttonLabel)}
@ -117,6 +126,7 @@ export const ClientSecret = ({ client, secret, toggle }: ClientSecretProps) => {
> >
<SecretInput <SecretInput
id="kc-client-secret" id="kc-client-secret"
client={client}
secret={secret} secret={secret}
toggle={toggle} toggle={toggle}
buttonLabel="regenerate" buttonLabel="regenerate"
@ -130,6 +140,7 @@ export const ClientSecret = ({ client, secret, toggle }: ClientSecretProps) => {
<FormGroup label={t("secretRotated")} fieldId="secretRotated"> <FormGroup label={t("secretRotated")} fieldId="secretRotated">
<SecretInput <SecretInput
id="secretRotated" id="secretRotated"
client={client}
secret={secretRotated} secret={secretRotated}
toggle={toggleInvalidateConfirm} toggle={toggleInvalidateConfirm}
buttonLabel="invalidateSecret" buttonLabel="invalidateSecret"

1
js/apps/admin-ui/src/clients/credentials/Credentials.tsx
View file

@ -140,6 +140,7 @@ export const Credentials = ({ client, save, refresh }: CredentialsProps) => {
isHorizontal isHorizontal
className="pf-u-mt-md" className="pf-u-mt-md"
role="manage-clients" role="manage-clients"
fineGrainedAccess={client.access?.configure}
> >
<ClientSecretConfirm /> <ClientSecretConfirm />
<AccessTokenConfirm /> <AccessTokenConfirm />