KEYCLOAK-3105 Can't access single realm with the admin user from master realm
This commit is contained in:
parent
443772d5ec
commit
1510ac5eb4
2 changed files with 14 additions and 4 deletions
|
@ -105,15 +105,16 @@ public class RealmsAdminResource {
|
|||
ClientModel adminApp = auth.getRealm().getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm()));
|
||||
addRealmRep(reps, auth.getRealm(), adminApp);
|
||||
}
|
||||
|
||||
if (reps.isEmpty()) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
logger.debug(("getRealms()"));
|
||||
return reps;
|
||||
}
|
||||
|
||||
protected void addRealmRep(List<RealmRepresentation> reps, RealmModel realm, ClientModel realmManagementClient) {
|
||||
if (!auth.hasOneOfAppRole(realmManagementClient, AdminRoles.ALL_REALM_ROLES)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
if (auth.hasAppRole(realmManagementClient, AdminRoles.VIEW_REALM)) {
|
||||
reps.add(ModelToRepresentation.toRepresentation(realm, false));
|
||||
} else if (auth.hasOneOfAppRole(realmManagementClient, AdminRoles.ALL_REALM_ROLES)) {
|
||||
|
|
|
@ -182,6 +182,15 @@ public class PermissionsTest extends AbstractKeycloakTest {
|
|||
Assert.assertNames(realms, REALM_NAME);
|
||||
assertNotNull(realms.get(0).getAccessTokenLifespan());
|
||||
|
||||
// Check the same when access with users from 'master' realm
|
||||
realms = clients.get("master-" + AdminRoles.VIEW_USERS).realms().findAll();
|
||||
Assert.assertNames(realms, REALM_NAME);
|
||||
assertGettersEmpty(realms.get(0));
|
||||
|
||||
realms = clients.get("master-" + AdminRoles.VIEW_REALM).realms().findAll();
|
||||
Assert.assertNames(realms, REALM_NAME);
|
||||
assertNotNull(realms.get(0).getAccessTokenLifespan());
|
||||
|
||||
// Create realm
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
|
|
Loading…
Reference in a new issue