libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Check whether CREATE_REALM role exists in realm role mappings before hasRole check for user.

Browse source 
Closes #20332
This commit is contained in:
Sazzad Hossain 2023-05-30 19:42:48 +06:00 committed by Marek Posolda
parent f526f7a091
commit 41e253c054
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
View file

@ -227,7 +227,10 @@ public class AdminConsole {
boolean createRealm = false; boolean createRealm = false;
if (realm.equals(masterRealm)) { if (realm.equals(masterRealm)) {
logger.debug("setting up realm access for a master realm user"); logger.debug("setting up realm access for a master realm user");
createRealm = user.hasRole(masterRealm.getRole(AdminRoles.CREATE_REALM)); RoleModel createRealmRole = masterRealm.getRole(AdminRoles.CREATE_REALM);
if (createRealmRole != null) {
createRealm = user.hasRole(createRealmRole);
}
addMasterRealmAccess(user, realmAccess); addMasterRealmAccess(user, realmAccess);
} else { } else {
logger.debug("setting up realm access for a realm user"); logger.debug("setting up realm access for a realm user");