diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java index 149e52678b..b1e1b750a4 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java @@ -157,32 +157,32 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme ResourceServer server = root.realmResourceServer(); if (server == null) return; Policy policy = managePermission(); - if (policy == null) { + if (policy != null) { authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } policy = viewPermission(); - if (policy == null) { + if (policy != null) { authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } policy = mapRolesPermission(); - if (policy == null) { + if (policy != null) { authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } policy = manageGroupMembershipPermission(); - if (policy == null) { + if (policy != null) { authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } policy = adminImpersonatingPermission(); - if (policy == null) { + if (policy != null) { authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } policy = userImpersonatedPermission(); - if (policy == null) { + if (policy != null) { authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java index ea9937eda3..f95fe7f241 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java @@ -168,6 +168,10 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer user.setUsername("child"); user.setEnabled(true); childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password"); + UserRepresentation user2 = new UserRepresentation(); + user2.setUsername("child2"); + user2.setEnabled(true); + String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password"); // have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions realm.roles().create(new RoleRepresentation("user", null, false)); @@ -175,11 +179,13 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer List roles = new LinkedList<>(); roles.add(role); realm.users().get(childUserId).roles().realmLevel().add(roles); + realm.users().get(user2Id).roles().realmLevel().add(roles); ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0); role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation(); roles.clear(); roles.add(role); realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles); + realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles); } @@ -192,11 +198,6 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext); } -// @Test - public void testUi() throws Exception { - Thread.sleep(1000000000); - - } @Test public void testErrorConditions() throws Exception { @@ -388,6 +389,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer String linkUrl = linkBuilder.clone() .queryParam("realm", CHILD_IDP) .queryParam("provider", PARENT_IDP).build().toString(); + System.out.println("linkUrl: " + linkUrl); navigateTo(linkUrl); Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP)); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java index a1eef978a1..336d6b7e55 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java @@ -16,6 +16,7 @@ */ package org.keycloak.testsuite.adapter.undertow.servlet; +import org.junit.Test; import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; @@ -26,4 +27,15 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; @AppServerContainer("auth-server-undertow") public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest { + //@Test + public void testUi() throws Exception { + Thread.sleep(1000000000); + + } + + @Override + @Test + public void testAccountLink() throws Exception { + super.testAccountLink(); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java index d4fe55e779..6f463c9824 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java @@ -84,38 +84,21 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest { } public static void setupDemo(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); - ClientModel client = realm.addClient("sales-pipeline-application"); + realm.addRole("realm-role"); + ClientModel client = realm.addClient("sales-application"); RoleModel clientAdmin = client.addRole("admin"); client.addRole("leader-creator"); client.addRole("viewLeads"); - ClientModel client2 = realm.addClient("market-analysis-application"); - RoleModel client2Admin = client2.addRole("admin"); - client2.addRole("market-manager"); - client2.addRole("viewMarkets"); GroupModel sales = realm.createGroup("sales"); - RoleModel salesAppsAdminRole = realm.addRole("sales-apps-admin"); - salesAppsAdminRole.addCompositeRole(clientAdmin); - salesAppsAdminRole.addCompositeRole(client2Admin); - ClientModel realmManagementClient = realm.getClientByClientId("realm-management"); - RoleModel queryClient = realmManagementClient.getRole(AdminRoles.QUERY_CLIENTS); UserModel admin = session.users().addUser(realm, "salesManager"); admin.setEnabled(true); session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); - admin = session.users().addUser(realm, "sales-group-admin"); + + admin = session.users().addUser(realm, "sales-admin"); admin.setEnabled(true); session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); - admin = session.users().addUser(realm, "sales-it"); - admin.setEnabled(true); - session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); - admin = session.users().addUser(realm, "sales-pipeline-admin"); - admin.setEnabled(true); - session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); - admin = session.users().addUser(realm, "client-admin"); - admin.setEnabled(true); - admin.grantRole(queryClient); - session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); UserModel user = session.users().addUser(realm, "salesman"); user.setEnabled(true);