KEYCLOAK-2408 KEYCLOAK-2330

2016-02-01 16:35:00 -05:00 · 2016-02-01 16:35:00 -05:00 · 37cf335247
commit 37cf335247
parent 9bc5a4592c
2 changed files with 15 additions and 7 deletions
--- a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java
@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
@ -88,14 +89,18 @@ public class GroupResource {
    @PUT
    @Consumes(MediaType.APPLICATION_JSON)
    public void updateGroup(GroupRepresentation rep) {
+        this.auth.requireManage();
        updateGroup(rep, group);
+        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();


    }

    @DELETE
    public void deleteGroup() {
+        this.auth.requireManage();
        realm.removeGroup(group);
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
    }


@ -111,6 +116,7 @@ public class GroupResource {
    @Produces(MediaType.APPLICATION_JSON)
    @Consumes(MediaType.APPLICATION_JSON)
    public Response addChild(GroupRepresentation rep) {
+        this.auth.requireManage();
        Response.ResponseBuilder builder = Response.status(204);
        GroupModel child = null;
        if (rep.getId() != null) {
@ -118,6 +124,7 @@ public class GroupResource {
            if (child == null) {
                throw new NotFoundException("Could not find child by id");
            }
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
        } else {
            child = realm.createGroup(rep.getName());
            updateGroup(rep, child);
@ -125,6 +132,7 @@ public class GroupResource {
                                           .path(uriInfo.getMatchedURIs().get(1))
                                           .path(child.getId()).build();
            builder.status(201).location(uri);
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();

        }
        realm.moveGroup(child, group);
--- a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java
@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
@ -53,17 +54,12 @@ public class GroupsResource {
        this.session = session;
        this.auth = auth;
        this.adminEvent = adminEvent;
+        auth.init(RealmAuth.Resource.USER);
+
    }

    @Context private UriInfo uriInfo;

-    public GroupsResource(RealmAuth auth, RealmModel realm, KeycloakSession session, AdminEventBuilder adminEvent) {
-        this.realm = realm;
-        this.session = session;
-        this.auth = auth;
-        this.adminEvent = adminEvent;
-    }
-
    /**
     * Get group hierarchy.  Only name and ids are returned.
     *
@ -85,6 +81,7 @@ public class GroupsResource {
     */
    @Path("{id}")
    public GroupResource getGroupById(@PathParam("id") String id) {
+        this.auth.requireView();
        GroupModel group = realm.getGroupById(id);
        if (group == null) {
            throw new NotFoundException("Could not find group by id");
@ -104,6 +101,7 @@ public class GroupsResource {
    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    public Response addTopLevelGroup(GroupRepresentation rep) {
+        this.auth.requireManage();
        GroupModel child = null;
        Response.ResponseBuilder builder = Response.status(204);
        if (rep.getId() != null) {
@ -111,12 +109,14 @@ public class GroupsResource {
            if (child == null) {
                throw new NotFoundException("Could not find child by id");
            }
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
        } else {
            child = realm.createGroup(rep.getName());
            GroupResource.updateGroup(rep, child);
            URI uri = uriInfo.getAbsolutePathBuilder()
                    .path(child.getId()).build();
            builder.status(201).location(uri);
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
        }
        realm.moveGroup(child, null);
        return builder.build();