libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

added per-instance filtering logic to search groups API (#20714)

Browse source
This commit is contained in:
Daniele Martinoli 2023-06-02 08:31:20 +02:00 committed by GitHub
parent f69ff5d270
commit 4eb05490f5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/GroupsResource.java
View file

@ -22,6 +22,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.GroupPermissionEvaluator;
import org.keycloak.utils.StringUtil; import org.keycloak.utils.StringUtil;
public class GroupsResource { public class GroupsResource {
@ -56,7 +57,8 @@ public class GroupsResource {
public final Stream<GroupRepresentation> listGroups(@QueryParam("search") @DefaultValue("") final String search, @QueryParam("first") public final Stream<GroupRepresentation> listGroups(@QueryParam("search") @DefaultValue("") final String search, @QueryParam("first")
@DefaultValue("0") int first, @QueryParam("max") @DefaultValue("10") int max, @QueryParam("global") @DefaultValue("true") boolean global, @DefaultValue("0") int first, @QueryParam("max") @DefaultValue("10") int max, @QueryParam("global") @DefaultValue("true") boolean global,
@QueryParam("exact") @DefaultValue("false") boolean exact) { @QueryParam("exact") @DefaultValue("false") boolean exact) {
this.auth.groups().requireList(); GroupPermissionEvaluator groupsEvaluator = auth.groups();
groupsEvaluator.requireList();
final Stream<GroupModel> stream; final Stream<GroupModel> stream;
if (global) { if (global) {
stream = session.groups().searchForGroupByNameStream(realm, search.trim(), exact, first, max); stream = session.groups().searchForGroupByNameStream(realm, search.trim(), exact, first, max);
@ -64,7 +66,9 @@ public class GroupsResource {
stream = this.realm.getTopLevelGroupsStream().filter(g -> g.getName().contains(search)).skip(first).limit(max); stream = this.realm.getTopLevelGroupsStream().filter(g -> g.getName().contains(search)).skip(first).limit(max);
} }
return stream.map(g -> toGroupHierarchy(g, search, exact)); boolean canViewGlobal = groupsEvaluator.canView();
return stream.filter(group -> canViewGlobal || groupsEvaluator.canView(group))
.map(group -> toGroupHierarchy(group, search, exact));
} }
private GroupRepresentation toGroupHierarchy(GroupModel group, final String search, boolean exact) { private GroupRepresentation toGroupHierarchy(GroupModel group, final String search, boolean exact) {