libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge branch 'duplicate-groups' of https://github.com/ssilvert/keycloak into ssilvert-duplicate-groups

Browse source
This commit is contained in:
Stian Thorgersen 2016-12-19 13:07:39 +01:00
commit 3bd3d0285d
5 changed files with 46 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
model/jpa/src/main/resources/META-INF/jpa-changelog-2.5.0.xml
View file

@ -20,6 +20,8 @@
<changeSet author="bburke@redhat.com" id="2.5.0"> <changeSet author="bburke@redhat.com" id="2.5.0">
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.MigrateUserFedToComponent"/> <customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.MigrateUserFedToComponent"/>
<addUniqueConstraint columnNames="NAME,PARENT_GROUP,REALM_ID" constraintName="SIBLING_NAMES" tableName="KEYCLOAK_GROUP"/>
</changeSet> </changeSet>
<changeSet author="hmlnarik@redhat.com" id="2.5.0-unicode-oracle"> <changeSet author="hmlnarik@redhat.com" id="2.5.0-unicode-oracle">

7
services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java
View file

@ -48,6 +48,7 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.keycloak.services.ErrorResponse;
/** /**
* @author Bill Burke * @author Bill Burke
@ -138,6 +139,12 @@ public class GroupResource {
if (group == null) { if (group == null) {
throw new NotFoundException("Could not find group by id"); throw new NotFoundException("Could not find group by id");
} }
for (GroupModel group : group.getSubGroups()) {
if (group.getName().equals(rep.getName())) {
return ErrorResponse.exists("Parent already contains subgroup named '" + rep.getName() + "'");
}
}
Response.ResponseBuilder builder = Response.status(204); Response.ResponseBuilder builder = Response.status(204);
GroupModel child = null; GroupModel child = null;

7
services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java
View file

@ -39,6 +39,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo; import javax.ws.rs.core.UriInfo;
import java.net.URI; import java.net.URI;
import java.util.List; import java.util.List;
import org.keycloak.services.ErrorResponse;
/** /**
* @author Bill Burke * @author Bill Burke
@ -102,6 +103,12 @@ public class GroupsResource {
public Response addTopLevelGroup(GroupRepresentation rep) { public Response addTopLevelGroup(GroupRepresentation rep) {
auth.requireManage(); auth.requireManage();
for (GroupModel group : realm.getGroups()) {
if (group.getName().equals(rep.getName())) {
return ErrorResponse.exists("Top level group named '" + rep.getName() + "' already exists.");
}
}
GroupModel child = null; GroupModel child = null;
Response.ResponseBuilder builder = Response.status(204); Response.ResponseBuilder builder = Response.status(204);
if (rep.getId() != null) { if (rep.getId() != null) {

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
View file

@ -1173,7 +1173,9 @@ public class PermissionsTest extends AbstractKeycloakTest {
}, Resource.USER, false); }, Resource.USER, false);
invoke(new InvocationWithResponse() { invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) { public void invoke(RealmResource realm, AtomicReference<Response> response) {
response.set(realm.groups().add(new GroupRepresentation())); GroupRepresentation group = new GroupRepresentation();
group.setName("mygroup");
response.set(realm.groups().add(group));
} }
}, Resource.USER, true); }, Resource.USER, true);

28
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
View file

@ -151,6 +151,32 @@ public class GroupTest extends AbstractGroupTest {
return group; return group;
} }
@Test
public void doNotAllowSameGroupNameAtSameLevel() throws Exception {
RealmResource realm = adminClient.realms().realm("test");
GroupRepresentation topGroup = new GroupRepresentation();
topGroup.setName("top");
topGroup = createGroup(realm, topGroup);
GroupRepresentation anotherTopGroup = new GroupRepresentation();
anotherTopGroup.setName("top");
Response response = realm.groups().add(anotherTopGroup);
assertEquals(409, response.getStatus()); // conflict status 409 - same name not allowed
GroupRepresentation level2Group = new GroupRepresentation();
level2Group.setName("level2");
response = realm.groups().group(topGroup.getId()).subGroup(level2Group);
response.close();
assertEquals(201, response.getStatus()); // created status
GroupRepresentation anotherlevel2Group = new GroupRepresentation();
anotherlevel2Group.setName("level2");
response = realm.groups().group(topGroup.getId()).subGroup(anotherlevel2Group);
response.close();
assertEquals(409, response.getStatus()); // conflict status 409 - same name not allowed
}
@Test @Test
public void createAndTestGroups() throws Exception { public void createAndTestGroups() throws Exception {
RealmResource realm = adminClient.realms().realm("test"); RealmResource realm = adminClient.realms().realm("test");
@ -179,7 +205,7 @@ public class GroupTest extends AbstractGroupTest {
GroupRepresentation topGroup = new GroupRepresentation(); GroupRepresentation topGroup = new GroupRepresentation();
topGroup.setName("top"); topGroup.setName("top");
topGroup = createGroup(realm, topGroup); topGroup = createGroup(realm, topGroup);
List<RoleRepresentation> roles = new LinkedList<>(); List<RoleRepresentation> roles = new LinkedList<>();
roles.add(topRole); roles.add(topRole);
realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles); realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles);