diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmLocalizationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmLocalizationResource.java index 8d180448f2..81b034095a 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmLocalizationResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmLocalizationResource.java @@ -24,7 +24,6 @@ import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; -import org.keycloak.services.ForbiddenException; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import java.io.IOException; @@ -47,7 +46,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; -import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.util.JsonSerialization; import org.keycloak.utils.StringUtil; @@ -134,9 +132,7 @@ public class RealmLocalizationResource { @GET @Produces(MediaType.APPLICATION_JSON) public Stream getRealmLocalizationLocales() { - if (!AdminPermissions.realms(session, auth.adminAuth()).isAdmin()) { - throw new ForbiddenException(); - } + auth.requireAnyAdminRole(); return realm.getRealmLocalizationTexts().keySet().stream().sorted(); } @@ -144,10 +140,8 @@ public class RealmLocalizationResource { @Path("{locale}") @GET @Produces(MediaType.APPLICATION_JSON) - public Map getRealmLocalizationTexts(@PathParam("locale") String locale, @QueryParam("useRealmDefaultLocaleFallback") Boolean useFallback) { - if (!AdminPermissions.realms(session, auth.adminAuth()).isAdmin()) { - throw new ForbiddenException(); - } + public Map getRealmLocalizationTexts(@PathParam("locale") String locale, @QueryParam("useRealmDefaultLocaleFallback") Boolean useFallback) { + auth.requireAnyAdminRole(); Map realmLocalizationTexts = new HashMap<>(); if(useFallback != null && useFallback && StringUtil.isNotBlank(realm.getDefaultLocale())) { @@ -164,9 +158,7 @@ public class RealmLocalizationResource { @GET @Produces(MediaType.TEXT_PLAIN) public String getRealmLocalizationText(@PathParam("locale") String locale, @PathParam("key") String key) { - if (!AdminPermissions.realms(session, auth.adminAuth()).isAdmin()) { - throw new ForbiddenException(); - } + auth.requireAnyAdminRole(); String text = session.realms().getLocalizationTextsById(realm, locale, key); if (text != null) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java index e0893f3fa1..24f5bcf82e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java @@ -1795,6 +1795,180 @@ public class PermissionsTest extends AbstractKeycloakTest { }, clients.get("none"), false); } + @Test + public void localizations() { + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmSpecificLocales(); + } + }, clients.get("view-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmSpecificLocales(); + } + }, clients.get("manage-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmSpecificLocales(); + } + }, clients.get("multi"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmSpecificLocales(); + } + }, clients.get("master-admin"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmSpecificLocales(); + } + }, clients.get("none"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmSpecificLocales(); + } + }, clients.get("REALM2"), false); + + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationText("en", "test"); + } + }, clients.get("view-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationText("en", "test"); + } + }, clients.get("manage-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationText("en", "test"); + } + }, clients.get("multi"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationText("en", "test"); + } + }, clients.get("master-admin"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationText("en", "test"); + } + }, clients.get("none"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationText("en", "test"); + } + }, clients.get("REALM2"), false); + + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationTexts("en", false); + } + }, clients.get("view-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationTexts("en", false); + } + }, clients.get("manage-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationTexts("en", false); + } + }, clients.get("multi"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationTexts("en", false); + } + }, clients.get("master-admin"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationTexts("en", false); + } + }, clients.get("none"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().getRealmLocalizationTexts("en", false); + } + }, clients.get("REALM2"), false); + + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().createOrUpdateRealmLocalizationTexts("en", Collections.emptyMap()); + } + }, clients.get("view-realm"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().createOrUpdateRealmLocalizationTexts("en", Collections.emptyMap()); + } + }, clients.get("manage-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().createOrUpdateRealmLocalizationTexts("en", Collections.emptyMap()); + } + }, clients.get("master-admin"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().createOrUpdateRealmLocalizationTexts("en", Collections.emptyMap()); + } + }, clients.get("none"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationText("en", "test"); + } + }, clients.get("REALM2"), false); + + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationText("en", "test"); + } + }, clients.get("view-realm"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationText("en", "test"); + } + }, clients.get("manage-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationText("en", "test"); + } + }, clients.get("master-admin"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationText("en", "test"); + } + }, clients.get("none"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationText("en", "test"); + } + }, clients.get("REALM2"), false); + + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationTexts("en"); + } + }, clients.get("view-realm"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationTexts("en"); + } + }, clients.get("manage-realm"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationTexts("en"); + } + }, clients.get("master-admin"), true); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationTexts("en"); + } + }, clients.get("none"), false); + invoke(new Invocation() { + public void invoke(RealmResource realm) { + realm.localization().deleteRealmLocalizationTexts("en"); + } + }, clients.get("REALM2"), false); + } + private void invoke(final Invocation invocation, Resource resource, boolean manage) { invoke(new InvocationWithResponse() { public void invoke(RealmResource realm, AtomicReference response) {