[KEYCLOAK-8289] - Remove authorization services from product preview profile
This commit is contained in:
parent
723ba42264
commit
43f5983613
35 changed files with 27 additions and 220 deletions
|
@ -34,7 +34,7 @@ public class Profile {
|
|||
|
||||
public enum Feature {
|
||||
ACCOUNT2,
|
||||
AUTHORIZATION,
|
||||
ADMIN_FINE_GRAINED_AUTHZ,
|
||||
DOCKER,
|
||||
IMPERSONATION,
|
||||
OPENSHIFT_INTEGRATION,
|
||||
|
@ -54,7 +54,7 @@ public class Profile {
|
|||
}
|
||||
|
||||
private enum ProfileValue {
|
||||
PRODUCT(Feature.AUTHORIZATION, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
|
||||
PRODUCT(Feature.ADMIN_FINE_GRAINED_AUTHZ, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
|
||||
PREVIEW(Feature.ACCOUNT2),
|
||||
COMMUNITY(Feature.DOCKER, Feature.ACCOUNT2);
|
||||
|
||||
|
|
|
@ -547,13 +547,11 @@ public class ModelToRepresentation {
|
|||
rep.setProtocolMappers(mappings);
|
||||
}
|
||||
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
|
||||
|
||||
if (resourceServer != null) {
|
||||
rep.setAuthorizationServicesEnabled(true);
|
||||
}
|
||||
if (resourceServer != null) {
|
||||
rep.setAuthorizationServicesEnabled(true);
|
||||
}
|
||||
|
||||
return rep;
|
||||
|
|
|
@ -257,8 +257,6 @@ public class RealmsResource {
|
|||
|
||||
@Path("{realm}/authz")
|
||||
public Object getAuthorizationService(@PathParam("realm") String name) {
|
||||
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
init(name);
|
||||
AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class);
|
||||
AuthorizationService service = new AuthorizationService(authorization);
|
||||
|
|
|
@ -109,7 +109,7 @@ public class AccountConsole {
|
|||
|
||||
EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
|
||||
map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled());
|
||||
map.put("isAuthorizationEnabled", Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
|
||||
map.put("isAuthorizationEnabled", true);
|
||||
|
||||
FreeMarkerUtil freeMarkerUtil = new FreeMarkerUtil();
|
||||
String result = freeMarkerUtil.processTemplate(map, "index.ftl", theme);
|
||||
|
|
|
@ -172,7 +172,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
account.setUser(auth.getUser());
|
||||
}
|
||||
|
||||
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, Profile.isFeatureEnabled(Feature.AUTHORIZATION));
|
||||
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, true);
|
||||
}
|
||||
|
||||
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {
|
||||
|
|
|
@ -606,8 +606,6 @@ public class ClientResource {
|
|||
|
||||
@Path("/authz")
|
||||
public AuthorizationService authorization() {
|
||||
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
|
||||
|
||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
||||
|
@ -691,12 +689,10 @@ public class ClientResource {
|
|||
}
|
||||
|
||||
private void updateAuthorizationSettings(ClientRepresentation rep) {
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
authorization().enable(false);
|
||||
} else {
|
||||
authorization().disable();
|
||||
}
|
||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
authorization().enable(false);
|
||||
} else {
|
||||
authorization().disable();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -177,17 +177,15 @@ public class ClientsResource {
|
|||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
|
||||
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
AuthorizationService authorizationService = getAuthorizationService(clientModel);
|
||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
AuthorizationService authorizationService = getAuthorizationService(clientModel);
|
||||
|
||||
authorizationService.enable(true);
|
||||
authorizationService.enable(true);
|
||||
|
||||
ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
|
||||
ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
|
||||
|
||||
if (authorizationSettings != null) {
|
||||
authorizationService.resourceServer().importSettings(authorizationSettings);
|
||||
}
|
||||
if (authorizationSettings != null) {
|
||||
authorizationService.resourceServer().importSettings(authorizationSettings);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -55,9 +55,6 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
|
|||
protected static final String REALM_NAME = "servlet-authz";
|
||||
protected static final String RESOURCE_SERVER_ID = "servlet-authz-app";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
||||
|
||||
@ArquillianResource
|
||||
private Deployer deployer;
|
||||
|
||||
|
|
|
@ -122,9 +122,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
testRealmPage.setAuthRealm(REALM_NAME);
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
||||
|
||||
@Before
|
||||
public void beforePhotozExampleAdapterTest() throws Exception {
|
||||
DroneUtils.addWebDriver(jsDriver);
|
||||
|
|
|
@ -57,9 +57,6 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
|
|||
private static final String REALM_NAME = "hello-world-authz";
|
||||
private static final String RESOURCE_SERVER_ID = "hello-world-authz-service";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
||||
|
||||
@ArquillianResource
|
||||
private Deployer deployer;
|
||||
|
||||
|
|
|
@ -63,9 +63,6 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
|
|||
protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
|
||||
protected static final String RESOURCE_SERVER_ID = "servlet-policy-enforcer";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
||||
|
||||
@ArquillianResource
|
||||
private Deployer deployer;
|
||||
|
||||
|
|
|
@ -50,11 +50,6 @@ import org.keycloak.util.JsonSerialization;
|
|||
*/
|
||||
public class AuthzCleanupTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
@Deployment
|
||||
public static WebArchive deploy() {
|
||||
return RunOnServerDeployment.create();
|
||||
|
|
|
@ -809,8 +809,6 @@ public class PermissionsTest extends AbstractKeycloakTest {
|
|||
|
||||
@Test
|
||||
public void clientAuthorization() {
|
||||
ProfileAssume.assumePreview();
|
||||
|
||||
ClientRepresentation newClient = new ClientRepresentation();
|
||||
newClient.setClientId("foo-authz");
|
||||
adminClient.realms().realm(REALM_NAME).clients().create(newClient);
|
||||
|
|
|
@ -128,8 +128,6 @@ public class InstallationTest extends AbstractClientTest {
|
|||
|
||||
@Test
|
||||
public void testOidcBearerOnlyWithAuthzJson() {
|
||||
ProfileAssume.assumePreview();
|
||||
|
||||
oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
||||
oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
||||
|
||||
|
|
|
@ -57,11 +57,6 @@ public abstract class AbstractAuthorizationTest extends AbstractClientTest {
|
|||
return "authz-test";
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(createTestRealm().build());
|
||||
|
|
|
@ -52,11 +52,6 @@ import org.keycloak.testsuite.util.UserBuilder;
|
|||
*/
|
||||
public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(createTestRealm().build());
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.admin.client.authorization;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.client.AbstractClientTest;
|
||||
|
||||
import javax.ws.rs.ServerErrorException;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class AuthorizationDisabledInPreviewTest extends AbstractClientTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumePreviewDisabled();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthzServicesRemoved() {
|
||||
String id = testRealmResource().clients().findAll().get(0).getId();
|
||||
try {
|
||||
testRealmResource().clients().get(id).authorization().getSettings();
|
||||
} catch (ServerErrorException e) {
|
||||
assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
|
||||
return;
|
||||
}
|
||||
fail("Feature Authorization should be disabled.");
|
||||
}
|
||||
|
||||
}
|
|
@ -75,7 +75,6 @@ public class ClaimInformationPointProviderTest extends AbstractKeycloakTest {
|
|||
|
||||
@BeforeClass
|
||||
public static void onBeforeClass() {
|
||||
ProfileAssume.assumePreview();
|
||||
httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> {
|
||||
if (exchange.isInIoThread()) {
|
||||
try {
|
||||
|
|
|
@ -40,9 +40,6 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
|
|||
*/
|
||||
public class EnforcerConfigTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json"));
|
||||
|
|
|
@ -82,11 +82,6 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
|
|||
|
||||
protected static final String REALM_NAME = "authz-test";
|
||||
|
||||
@BeforeClass
|
||||
public static void onBeforeClass() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
||||
|
|
|
@ -86,11 +86,6 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
|
|||
|
||||
protected static final String REALM_NAME = "authz-test";
|
||||
|
||||
@BeforeClass
|
||||
public static void onBeforeClass() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
||||
|
|
|
@ -12,11 +12,6 @@ import org.keycloak.testsuite.ProfileAssume;
|
|||
*/
|
||||
public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
protected AccessToken toAccessToken(String rpt) {
|
||||
AccessToken accessToken;
|
||||
|
||||
|
|
|
@ -182,8 +182,6 @@ public class InvalidationCrossDCTest extends AbstractAdminCrossDCTest {
|
|||
|
||||
@Test
|
||||
public void authzResourceInvalidationTest() throws Exception {
|
||||
ProfileAssume.assumePreview();
|
||||
|
||||
enableDcOnLoadBalancer(DC.FIRST);
|
||||
enableDcOnLoadBalancer(DC.SECOND);
|
||||
|
||||
|
|
|
@ -384,9 +384,7 @@ public class ExportImportUtil {
|
|||
Assert.assertNotNull(linked);
|
||||
Assert.assertEquals("my-service-user", linked.getUsername());
|
||||
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
assertAuthorizationSettings(realmRsc);
|
||||
}
|
||||
assertAuthorizationSettings(realmRsc);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -64,11 +64,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
|
|||
|
||||
public static final String EXECUTION_ID = "scriptAuth";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
|
||||
|
|
|
@ -355,8 +355,6 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
private void testResourceWithMultipleUris() {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
ClientsResource clients = migrationRealm.clients();
|
||||
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
|
||||
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);
|
||||
|
|
|
@ -43,11 +43,6 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe
|
|||
|
||||
protected ClientRepresentation newClient;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
@Before
|
||||
public void configureTest() {
|
||||
this.newClient = createResourceServer();
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.testsuite.console.clients;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
|
||||
import org.openqa.selenium.By;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
|
||||
*/
|
||||
public class ClientAuthorizationServicesAvailableTest extends AbstractClientTest {
|
||||
|
||||
private ClientRepresentation newClient;
|
||||
|
||||
@Page
|
||||
private ClientSettings clientSettingsPage;
|
||||
|
||||
@Test
|
||||
public void authzServicesAvailable() {
|
||||
ProfileAssume.assumePreview();
|
||||
|
||||
newClient = createClientRep("oidc-public", OIDC);
|
||||
createClient(newClient);
|
||||
assertEquals("oidc-public", clientSettingsPage.form().getClientId());
|
||||
|
||||
assertTrue(driver.findElement(By.xpath("//*[@for='authorizationServicesEnabled']")).isDisplayed());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authzServicesUnavailable() throws InterruptedException {
|
||||
ProfileAssume.assumePreviewDisabled();
|
||||
|
||||
newClient = createClientRep("oidc-public", OIDC);
|
||||
createClient(newClient);
|
||||
assertEquals("oidc-public", clientSettingsPage.form().getClientId());
|
||||
|
||||
assertFalse(driver.findElement(By.xpath("//*[@for='authorizationServicesEnabled']")).isDisplayed());
|
||||
|
||||
}
|
||||
}
|
|
@ -132,7 +132,7 @@
|
|||
<input ng-model="clientEdit.serviceAccountsEnabled" name="serviceAccountsEnabled" id="serviceAccountsEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && protocol == 'openid-connect'">
|
||||
<div class="form-group" data-ng-show="protocol == 'openid-connect'">
|
||||
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
|
||||
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
|
||||
<div class="col-md-6">
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
<ul class="nav nav-tabs" data-ng-show="!create">
|
||||
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] && path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageAuthorization && client.access.configure">
|
||||
<li ng-class="{active: path[6] && path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageAuthorization && client.access.configure">
|
||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
<kc-tooltip>{{:: 'scope.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
<li ng-class="{active: path[4] == 'authz'}"
|
||||
data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && !disableAuthorizationTab && client.authorizationServicesEnabled && !client.origin">
|
||||
data-ng-show="!disableAuthorizationTab && client.authorizationServicesEnabled && !client.origin">
|
||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' |
|
||||
translate}}</a></li>
|
||||
<li ng-class="{active: path[4] == 'revocation'}" data-ng-show="client.protocol != 'docker-v2' && client.protocol != 'saml' && !client.origin"><a
|
||||
|
@ -55,7 +55,7 @@
|
|||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/service-account-roles">{{:: 'service-account-roles' | translate}}</a>
|
||||
<kc-tooltip>{{:: 'service-account-roles.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && client.access.manage && access.manageAuthorization">
|
||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && client.access.manage && access.manageAuthorization">
|
||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||
<kc-tooltip>{{:: 'manage-permissions-client.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
<li ng-class="{active: path[4] == 'attributes'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/attributes">{{:: 'attributes' | translate}}</a></li>
|
||||
<li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/role-mappings">{{:: 'role-mappings' | translate}}</a></li>
|
||||
<li ng-class="{active: path[4] == 'members'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/members">{{:: 'members' | translate}}</a></li>
|
||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && group.access.manage && access.manageAuthorization">
|
||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && group.access.manage && access.manageAuthorization">
|
||||
<a href="#/realms/{{realm.realm}}/groups/{{group.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||
<kc-tooltip>{{:: 'manage-permissions-group.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
|
|
|
@ -12,6 +12,6 @@
|
|||
<li ng-class="{active: !path[6] && path.length > 5}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">{{:: 'settings' | translate}}</a></li>
|
||||
<li ng-class="{active: path[4] == 'mappers'}"><a href="#/realms/{{realm.realm}}/identity-provider-mappers/{{identityProvider.alias}}/mappers">{{:: 'mappers' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'export'}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/export" data-ng-show="!importFile && !newIdentityProvider && identityProvider.providerId == 'saml'">{{:: 'export' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && !newIdentityProvider && access.manageAuthorization"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/permissions">{{:: 'authz-permissions' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && !newIdentityProvider && access.manageAuthorization"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/permissions">{{:: 'authz-permissions' | translate}}</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
<ul class="nav nav-tabs" data-ng-show="!create">
|
||||
<li ng-class="{active: !path[4]}"><a href="#/realms/{{realm.realm}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
|
||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageRealm && access.manageAuthorization">
|
||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageRealm && access.manageAuthorization">
|
||||
<a href="#/realms/{{realm.realm}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
<ul class="nav nav-tabs">
|
||||
<li ng-class="{active: path[2] == 'users'}"><a href="#/realms/{{realm.realm}}/users">{{:: 'lookup' | translate}}</a></li>
|
||||
<li ng-class="{active: path[2] == 'users-permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageUsers && access.manageAuthorization">
|
||||
<li ng-class="{active: path[2] == 'users-permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageUsers && access.manageAuthorization">
|
||||
<a href="#/realms/{{realm.realm}}/users-permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||
<kc-tooltip>{{:: 'manage-permissions-users.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
|
|
Loading…
Reference in a new issue