KEYCLOAK-3225

Modifying user's Identity Provider Links requires manage-realm client role
This commit is contained in:
Stian Thorgersen 2016-10-28 10:13:49 +02:00
parent a78cfa4b2c
commit 479295cfd2
10 changed files with 27 additions and 27 deletions

View file

@ -90,7 +90,7 @@ public class UserFederationProvidersResource {
this.realm = realm;
this.adminEvent = adminEvent.resource(ResourceType.USER_FEDERATION_PROVIDER);
auth.init(RealmAuth.Resource.USER);
auth.init(RealmAuth.Resource.REALM);
}
/**

View file

@ -1512,69 +1512,69 @@ public class PermissionsTest extends AbstractKeycloakTest {
public void invoke(RealmResource realm) {
realm.userFederation().getProviderInstances();
}
}, Resource.USER, false);
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().getProviderFactories();
}
}, Resource.USER, false);
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().getProviderFactory("nosuch");
}
}, Resource.USER, false);
}, Resource.REALM, false);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
UserFederationProviderRepresentation rep = new UserFederationProviderRepresentation();
rep.setProviderName("ldap");
response.set(realm.userFederation().create(rep));
}
}, Resource.USER, true);
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").toRepresentation();
}
}, Resource.USER, false);
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").update(new UserFederationProviderRepresentation());
}
}, Resource.USER, true);
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").remove();
}
}, Resource.USER, true);
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").syncUsers("nosuch");
}
}, Resource.USER, true);
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").getMapperTypes();
}
}, Resource.USER, false);
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").getMappers();
}
}, Resource.USER, false);
}, Resource.REALM, false);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
response.set(realm.userFederation().get("nosuch").addMapper(new UserFederationMapperRepresentation()));
}
}, Resource.USER, true);
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").getMapperById("nosuch");
}
}, Resource.USER, false);
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.userFederation().get("nosuch").syncMapperData("nosuch", "nosuch");
}
}, Resource.USER, true);
}, Resource.REALM, true);
}
@Test

View file

@ -75,14 +75,14 @@
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
<button kc-save>{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
<button class="btn btn-primary" data-ng-click="triggerChangedUsersSync()" data-ng-hide="changed">{{:: 'synchronize-changed-users' | translate}}</button>

View file

@ -91,14 +91,14 @@
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
<button kc-save>{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>

View file

@ -280,14 +280,14 @@
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
<button kc-save>{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
<button class="btn btn-primary" data-ng-click="triggerChangedUsersSync()" data-ng-hide="changed">{{:: 'synchronize-changed-users' | translate}}</button>

View file

@ -26,7 +26,7 @@
<table class="table table-striped table-bordered">
<thead>
<tr ng-show="providers.length > 0 && access.manageUsers">
<tr ng-show="providers.length > 0 && access.manageRealm">
<th colspan="6" class="kc-table-actions">
<div class="pull-right">
<div>

View file

@ -13,7 +13,7 @@
<p>Keycloak can federate external user databases. Out of the box we have support for LDAP and Active Directory.</p>
<p>To get started select a provider from the dropdown below:</p>
<div class="blank-slate-pf-main-action">
<div class="row" data-ng-show="access.manageUsers">
<div class="row" data-ng-show="access.manageRealm">
<div class="col-sm-4 col-sm-offset-4">
<div class="form-group">
<select class="form-control" ng-model="selectedProvider"
@ -29,7 +29,7 @@
<table class="table table-striped table-bordered" data-ng-show="instances && instances.length > 0">
<thead>
<tr ng-show="providers.length > 0 && access.manageUsers">
<tr ng-show="providers.length > 0 && access.manageRealm">
<th colspan="5" class="kc-table-actions">
<div class="pull-right">
<div>

View file

@ -217,14 +217,14 @@
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="create && access.manageRealm">
<button kc-save>{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageUsers">
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageRealm">
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
<button class="btn btn-primary" data-ng-click="triggerChangedUsersSync()" data-ng-hide="changed || !showSync">{{:: 'synchronize-changed-users' | translate}}</button>

View file

@ -5,7 +5,7 @@
<table class="table table-striped table-bordered">
<thead>
<tr ng-show="providers.length > 0 && access.manageUsers">
<tr ng-show="providers.length > 0 && access.manageRealm">
<th colspan="5" class="kc-table-actions">
<div class="pull-right">
<div>

View file

@ -39,7 +39,7 @@
|| path[2] == 'identity-provider-mappers'
|| path[1] == 'identity-provider-mappers'
|| path[1] == 'identity-provider') && 'active'"><a href="#/realms/{{realm.realm}}/identity-provider-settings"><i class="fa fa-exchange"></i> {{:: 'identity-providers' | translate}}</a></li>
<li data-ng-show="access.viewUsers" data-ng-class="(path[1] == 'user-federation'
<li data-ng-show="access.viewRealm" data-ng-class="(path[1] == 'user-federation'
|| path[2] == 'user-federation'
|| path[1] == 'user-federation-mappers') && 'active'"><a href="#/realms/{{realm.realm}}/user-federation"><i class="fa fa-database"></i> {{:: 'user-federation' | translate}}</a></li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[1] == 'authentication' || path[2] == 'authentication') && 'active'"><a href="#/realms/{{realm.realm}}/authentication/flows"><i class="fa fa-lock"></i> {{:: 'authentication' | translate}}</a></li>