Use admin console correctly in KeycloakIdentity

Fixes: #29688

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
This commit is contained in:
Hynek Mlnarik 2024-05-21 10:28:18 +02:00 committed by Hynek Mlnařík
parent bb5f308e1d
commit 65fcd44fe1
3 changed files with 17 additions and 11 deletions

View file

@ -195,7 +195,7 @@ describe("Client authentication subtab", () => {
);
});
describe.skip("Client authorization tab access for view-realm-authorization", () => {
describe("Client authorization tab access for view-realm-authorization", () => {
const clientId = "realm-view-authz-client-" + uuid();
beforeEach(async () => {
@ -241,11 +241,11 @@ describe("Client authentication subtab", () => {
loginPage.logIn("test-view-authz-user", "password");
keycloakBefore();
sidebarPage
.waitForPageLoad()
.goToRealm("realm-view-authz")
.waitForPageLoad()
.goToClients();
sidebarPage.waitForPageLoad().goToRealm("realm-view-authz");
cy.reload();
sidebarPage.waitForPageLoad().goToClients();
listingPage
.searchItem(clientId, true, "realm-view-authz")

View file

@ -52,9 +52,10 @@ public class UIRealmsResource {
)}
)
public Stream<RealmNameRepresentation> getRealms() {
final RealmsPermissionEvaluator eval = AdminPermissions.realms(session, auth.adminAuth());
Stream<RealmNameRepresentation> realms = session.realms().getRealmsStream()
.filter(realm -> {
RealmsPermissionEvaluator eval = AdminPermissions.realms(session, auth.adminAuth());
return eval.canView(realm) || eval.isAdmin(realm);
})
.map((RealmModel realm) -> {

View file

@ -97,12 +97,17 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
}
private void initIdentity(KeycloakSession session, AdminAuth auth) {
if (Constants.ADMIN_CLI_CLIENT_ID.equals(auth.getToken().getIssuedFor())
|| Constants.ADMIN_CONSOLE_CLIENT_ID.equals(auth.getToken().getIssuedFor())) {
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
final String issuedFor = auth.getToken().getIssuedFor();
if (Constants.ADMIN_CLI_CLIENT_ID.equals(issuedFor) || Constants.ADMIN_CONSOLE_CLIENT_ID.equals(issuedFor)) {
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
} else {
this.identity = new KeycloakIdentity(auth.getToken(), session);
ClientModel client = session.clients().getClientByClientId(auth.getRealm(), issuedFor);
if (client != null && Boolean.parseBoolean(client.getAttribute(Constants.SECURITY_ADMIN_CONSOLE_ATTR))) {
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
} else {
this.identity = new KeycloakIdentity(auth.getToken(), session);
}
}
}