Use admin console correctly in KeycloakIdentity
Fixes: #29688 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
This commit is contained in:
parent
bb5f308e1d
commit
65fcd44fe1
3 changed files with 17 additions and 11 deletions
|
@ -195,7 +195,7 @@ describe("Client authentication subtab", () => {
|
|||
);
|
||||
});
|
||||
|
||||
describe.skip("Client authorization tab access for view-realm-authorization", () => {
|
||||
describe("Client authorization tab access for view-realm-authorization", () => {
|
||||
const clientId = "realm-view-authz-client-" + uuid();
|
||||
|
||||
beforeEach(async () => {
|
||||
|
@ -241,11 +241,11 @@ describe("Client authentication subtab", () => {
|
|||
loginPage.logIn("test-view-authz-user", "password");
|
||||
keycloakBefore();
|
||||
|
||||
sidebarPage
|
||||
.waitForPageLoad()
|
||||
.goToRealm("realm-view-authz")
|
||||
.waitForPageLoad()
|
||||
.goToClients();
|
||||
sidebarPage.waitForPageLoad().goToRealm("realm-view-authz");
|
||||
|
||||
cy.reload();
|
||||
|
||||
sidebarPage.waitForPageLoad().goToClients();
|
||||
|
||||
listingPage
|
||||
.searchItem(clientId, true, "realm-view-authz")
|
||||
|
|
|
@ -52,9 +52,10 @@ public class UIRealmsResource {
|
|||
)}
|
||||
)
|
||||
public Stream<RealmNameRepresentation> getRealms() {
|
||||
final RealmsPermissionEvaluator eval = AdminPermissions.realms(session, auth.adminAuth());
|
||||
|
||||
Stream<RealmNameRepresentation> realms = session.realms().getRealmsStream()
|
||||
.filter(realm -> {
|
||||
RealmsPermissionEvaluator eval = AdminPermissions.realms(session, auth.adminAuth());
|
||||
return eval.canView(realm) || eval.isAdmin(realm);
|
||||
})
|
||||
.map((RealmModel realm) -> {
|
||||
|
|
|
@ -97,14 +97,19 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
|||
}
|
||||
|
||||
private void initIdentity(KeycloakSession session, AdminAuth auth) {
|
||||
if (Constants.ADMIN_CLI_CLIENT_ID.equals(auth.getToken().getIssuedFor())
|
||||
|| Constants.ADMIN_CONSOLE_CLIENT_ID.equals(auth.getToken().getIssuedFor())) {
|
||||
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
|
||||
final String issuedFor = auth.getToken().getIssuedFor();
|
||||
|
||||
if (Constants.ADMIN_CLI_CLIENT_ID.equals(issuedFor) || Constants.ADMIN_CONSOLE_CLIENT_ID.equals(issuedFor)) {
|
||||
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
|
||||
} else {
|
||||
ClientModel client = session.clients().getClientByClientId(auth.getRealm(), issuedFor);
|
||||
if (client != null && Boolean.parseBoolean(client.getAttribute(Constants.SECURITY_ADMIN_CONSOLE_ATTR))) {
|
||||
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
|
||||
} else {
|
||||
this.identity = new KeycloakIdentity(auth.getToken(), session);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
MgmtPermissions(KeycloakSession session, RealmModel adminsRealm, UserModel admin) {
|
||||
this.session = session;
|
||||
|
|
Loading…
Reference in a new issue