MapRoleProvider could return also client roles when searching for realm roles

Closes #9587
This commit is contained in:
vramik 2022-01-16 16:49:20 +01:00 committed by Hynek Mlnařík
parent 0a9387ff4f
commit 22bcdcb630
2 changed files with 10 additions and 1 deletions

View file

@ -70,6 +70,7 @@ public class MapRoleProvider implements RoleProvider {
entity.setId(id);
entity.setRealmId(realm.getId());
entity.setName(name);
entity.setClientRole(false);
if (tx.read(entity.getId()) != null) {
throw new ModelDuplicateException("Role exists: " + id);
}
@ -200,6 +201,7 @@ public class MapRoleProvider implements RoleProvider {
DefaultModelCriteria<RoleModel> mcb = criteria();
mcb = mcb.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.NE, true)
.compare(SearchableFields.NAME, Operator.EQ, name);
String roleId = tx.read(withCriteria(mcb))
@ -254,6 +256,7 @@ public class MapRoleProvider implements RoleProvider {
}
DefaultModelCriteria<RoleModel> mcb = criteria();
mcb = mcb.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.NE, true)
.or(
mcb.compare(SearchableFields.NAME, Operator.ILIKE, "%" + search + "%"),
mcb.compare(SearchableFields.DESCRIPTION, Operator.ILIKE, "%" + search + "%")

View file

@ -371,6 +371,12 @@ public class RealmRolesTest extends AbstractAdminTest {
assertThat(expectedMembers, containsInAnyOrder("test-role-member", "test-role-member2"));
}
// issue #9587
@Test
public void testSearchForRealmRoles() {
resource.list("role-", true).stream().forEach(role -> assertThat("There is client role '" + role.getName() + "' among realm roles.", role.getClientRole(), is(false)));
}
@Test
public void testSearchForRoles() {