KEYCLOAK-3225
Modifying user's Identity Provider Links requires manage-realm client role
This commit is contained in:
parent
a78cfa4b2c
commit
479295cfd2
10 changed files with 27 additions and 27 deletions
|
@ -90,7 +90,7 @@ public class UserFederationProvidersResource {
|
|||
this.realm = realm;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
auth.init(RealmAuth.Resource.USER);
|
||||
auth.init(RealmAuth.Resource.REALM);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1512,69 +1512,69 @@ public class PermissionsTest extends AbstractKeycloakTest {
|
|||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().getProviderInstances();
|
||||
}
|
||||
}, Resource.USER, false);
|
||||
}, Resource.REALM, false);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().getProviderFactories();
|
||||
}
|
||||
}, Resource.USER, false);
|
||||
}, Resource.REALM, false);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().getProviderFactory("nosuch");
|
||||
}
|
||||
}, Resource.USER, false);
|
||||
}, Resource.REALM, false);
|
||||
invoke(new InvocationWithResponse() {
|
||||
public void invoke(RealmResource realm, AtomicReference<Response> response) {
|
||||
UserFederationProviderRepresentation rep = new UserFederationProviderRepresentation();
|
||||
rep.setProviderName("ldap");
|
||||
response.set(realm.userFederation().create(rep));
|
||||
}
|
||||
}, Resource.USER, true);
|
||||
}, Resource.REALM, true);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").toRepresentation();
|
||||
}
|
||||
}, Resource.USER, false);
|
||||
}, Resource.REALM, false);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").update(new UserFederationProviderRepresentation());
|
||||
}
|
||||
}, Resource.USER, true);
|
||||
}, Resource.REALM, true);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").remove();
|
||||
}
|
||||
}, Resource.USER, true);
|
||||
}, Resource.REALM, true);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").syncUsers("nosuch");
|
||||
}
|
||||
}, Resource.USER, true);
|
||||
}, Resource.REALM, true);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").getMapperTypes();
|
||||
}
|
||||
}, Resource.USER, false);
|
||||
}, Resource.REALM, false);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").getMappers();
|
||||
}
|
||||
}, Resource.USER, false);
|
||||
}, Resource.REALM, false);
|
||||
invoke(new InvocationWithResponse() {
|
||||
public void invoke(RealmResource realm, AtomicReference<Response> response) {
|
||||
response.set(realm.userFederation().get("nosuch").addMapper(new UserFederationMapperRepresentation()));
|
||||
}
|
||||
}, Resource.USER, true);
|
||||
}, Resource.REALM, true);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").getMapperById("nosuch");
|
||||
}
|
||||
}, Resource.USER, false);
|
||||
}, Resource.REALM, false);
|
||||
invoke(new Invocation() {
|
||||
public void invoke(RealmResource realm) {
|
||||
realm.userFederation().get("nosuch").syncMapperData("nosuch", "nosuch");
|
||||
}
|
||||
}, Resource.USER, true);
|
||||
}, Resource.REALM, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -75,14 +75,14 @@
|
|||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
|
||||
<button kc-save>{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
<button class="btn btn-primary" data-ng-click="triggerChangedUsersSync()" data-ng-hide="changed">{{:: 'synchronize-changed-users' | translate}}</button>
|
||||
|
|
|
@ -91,14 +91,14 @@
|
|||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
|
||||
<button kc-save>{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
|
|
|
@ -280,14 +280,14 @@
|
|||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
|
||||
<button kc-save>{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
<button class="btn btn-primary" data-ng-click="triggerChangedUsersSync()" data-ng-hide="changed">{{:: 'synchronize-changed-users' | translate}}</button>
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr ng-show="providers.length > 0 && access.manageUsers">
|
||||
<tr ng-show="providers.length > 0 && access.manageRealm">
|
||||
<th colspan="6" class="kc-table-actions">
|
||||
<div class="pull-right">
|
||||
<div>
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
<p>Keycloak can federate external user databases. Out of the box we have support for LDAP and Active Directory.</p>
|
||||
<p>To get started select a provider from the dropdown below:</p>
|
||||
<div class="blank-slate-pf-main-action">
|
||||
<div class="row" data-ng-show="access.manageUsers">
|
||||
<div class="row" data-ng-show="access.manageRealm">
|
||||
<div class="col-sm-4 col-sm-offset-4">
|
||||
<div class="form-group">
|
||||
<select class="form-control" ng-model="selectedProvider"
|
||||
|
@ -29,7 +29,7 @@
|
|||
|
||||
<table class="table table-striped table-bordered" data-ng-show="instances && instances.length > 0">
|
||||
<thead>
|
||||
<tr ng-show="providers.length > 0 && access.manageUsers">
|
||||
<tr ng-show="providers.length > 0 && access.manageRealm">
|
||||
<th colspan="5" class="kc-table-actions">
|
||||
<div class="pull-right">
|
||||
<div>
|
||||
|
|
|
@ -217,14 +217,14 @@
|
|||
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
|
||||
<button kc-save>{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
<button class="btn btn-primary" data-ng-click="triggerChangedUsersSync()" data-ng-hide="changed || !showSync">{{:: 'synchronize-changed-users' | translate}}</button>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr ng-show="providers.length > 0 && access.manageUsers">
|
||||
<tr ng-show="providers.length > 0 && access.manageRealm">
|
||||
<th colspan="5" class="kc-table-actions">
|
||||
<div class="pull-right">
|
||||
<div>
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
|| path[2] == 'identity-provider-mappers'
|
||||
|| path[1] == 'identity-provider-mappers'
|
||||
|| path[1] == 'identity-provider') && 'active'"><a href="#/realms/{{realm.realm}}/identity-provider-settings"><i class="fa fa-exchange"></i> {{:: 'identity-providers' | translate}}</a></li>
|
||||
<li data-ng-show="access.viewUsers" data-ng-class="(path[1] == 'user-federation'
|
||||
<li data-ng-show="access.viewRealm" data-ng-class="(path[1] == 'user-federation'
|
||||
|| path[2] == 'user-federation'
|
||||
|| path[1] == 'user-federation-mappers') && 'active'"><a href="#/realms/{{realm.realm}}/user-federation"><i class="fa fa-database"></i> {{:: 'user-federation' | translate}}</a></li>
|
||||
<li data-ng-show="access.viewRealm" data-ng-class="(path[1] == 'authentication' || path[2] == 'authentication') && 'active'"><a href="#/realms/{{realm.realm}}/authentication/flows"><i class="fa fa-lock"></i> {{:: 'authentication' | translate}}</a></li>
|
||||
|
|
Loading…
Reference in a new issue