[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand

services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java

@@ -159,6 +159,10 @@ public class PolicyEvaluationService {
                 List<Scope> scopes = givenScopes.stream().map(scopeName -> scopeStore.findByName(scopeName, this.resourceServer.getId())).collect(Collectors.toList());
                 List<ResourcePermission> collect = scopes.stream().map(scope -> new ResourcePermission(null, asList(scope), resourceServer)).collect(Collectors.toList());
 
+                if (scopes.isEmpty()) {
+                    scopes = scopeStore.findByResourceServer(resourceServer.getId());
+                }
+
                 for (Scope scope : scopes) {
                     collect.addAll(storeFactory.getResourceStore().findByScope(scope.getId()).stream().map(resource12 -> new ResourcePermission(resource12, asList(scope), resourceServer)).collect(Collectors.toList()));
                 }

themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties

@@ -1023,9 +1023,9 @@ authz-select-a-policy=Select a policy
 # Authz Role Policy Detail
 authz-add-role-policy=Add Role Policy
 authz-no-roles-assigned=No roles assigned.
-authz-policy-role-realm-roles.tooltip=Specifies which *realm* role(s) are allowed by this policy.
+authz-policy-role-realm-roles.tooltip=Specifies the *realm* roles allowed by this policy.
 authz-policy-role-clients.tooltip=Selects a client in order to filter the client roles that can be applied to this policy.
-authz-policy-role-client-roles.tooltip=Specifies which *client* role(s) are allowed by this policy.
+authz-policy-role-client-roles.tooltip=Specifies the client roles allowed by this policy.
 
 # Authz User Policy Detail
 authz-add-user-policy=Add User Policy

themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js

@@ -665,9 +665,25 @@ module.controller('ResourceServerPolicyUserDetailCtrl', function($scope, $route,
         },
 
         onInit : function() {
-            User.query({realm: $route.current.params.realm}, function(data) {
-                $scope.users = data;
+            $scope.usersUiSelect = {
+                minimumInputLength: 1,
+                delay: 500,
+                allowClear: true,
+                query: function (query) {
+                    var data = {results: []};
+                    if ('' == query.term.trim()) {
+                        query.callback(data);
+                        return;
+                    }
+                    User.query({realm: $route.current.params.realm, search: query.term.trim(), max: 20}, function(response) {
+                        data.results = response;
+                        query.callback(data);
                     });
+                },
+                formatResult: function(object, container, query) {
+                    return object.username;
+                }
+            };
 
             $scope.selectedUsers = [];
 
@@ -676,7 +692,14 @@ module.controller('ResourceServerPolicyUserDetailCtrl', function($scope, $route,
                     return;
                 }
 
-                $scope.selectedUser = {};
+                $scope.selectedUser = null;
+
+                for (i = 0; i < $scope.selectedUsers.length; i++) {
+                    if ($scope.selectedUsers[i].id == user.id) {
+                        return;
+                    }
+                }
+
                 $scope.selectedUsers.push(user);
             }
 
@@ -750,7 +773,14 @@ module.controller('ResourceServerPolicyRoleDetailCtrl', function($scope, $route,
                     return;
                 }
 
-                $scope.selectedRole = {};
+                $scope.selectedRole = null;
+
+                for (i = 0; i < $scope.selectedRoles.length; i++) {
+                    if ($scope.selectedRoles[i].id == role.id) {
+                        return;
+                    }
+                }
+
                 $scope.selectedRoles.push(role);
 
                 var clientRoles = [];
@@ -1158,8 +1188,6 @@ module.service("PolicyController", function($http, $route, $location, ResourceSe
     return PolicyController;
 });
 
-
-
 module.controller('PolicyEvaluateCtrl', function($scope, $http, $route, $location, realm, clients, roles, ResourceServer, client, ResourceServerResource, ResourceServerScope, User, Notifications) {
     $scope.realm = realm;
     $scope.client = client;
@@ -1381,9 +1409,26 @@ module.controller('PolicyEvaluateCtrl', function($scope, $http, $route, $locatio
         $scope.showRpt = false;
     }
 
-    User.query({realm: $route.current.params.realm}, function(data) {
-        $scope.users = data;
+    $scope.usersUiSelect = {
+        minimumInputLength: 1,
+        delay: 500,
+        allowClear: true,
+        query: function (query) {
+            var data = {results: []};
+            if ('' == query.term.trim()) {
+                query.callback(data);
+                return;
+            }
+            User.query({realm: $route.current.params.realm, search: query.term.trim(), max: 20}, function(response) {
+                data.results = response;
+                query.callback(data);
             });
+        },
+        formatResult: function(object, container, query) {
+            object.text = object.username;
+            return object.username;
+        }
+    };
 
     ResourceServerResource.query({realm : realm.realm, client : client.id}, function (data) {
         $scope.resources = data;
@@ -1395,4 +1440,15 @@ module.controller('PolicyEvaluateCtrl', function($scope, $http, $route, $locatio
     }, function(data) {
         $scope.server = data;
     });
+
+    $scope.selectUser = function(user) {
+        if (!user || !user.id) {
+            $scope.selectedUser = null;
+            $scope.authzRequest.userId = '';
+            return;
+        }
+
+        $scope.authzRequest.userId = user.id;
+    }
+
 });

themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-role-detail.html

@@ -53,7 +53,8 @@
 
                 <div class="col-md-4">
                     <select ui-select2="{ minimumInputLength: 1}" id="roles" data-ng-model="selectedRole" data-ng-change="selectRole(selectedRole);" data-placeholder="{{:: 'select-a-role' | translate}}..."
-                            ng-options="role as role.name for role in roles" data-ng-required="selectedUsers.length == 0 && selectedRoles.length == 0">
+                            ng-options="role as role.name for role in roles" data-ng-required="selectedRoles.length == 0">
+                        <option></option>
                     </select>
                 </div>
 
@@ -104,6 +105,7 @@
                 <div class="col-md-4">
                     <select ui-select2="{ minimumInputLength: 1}" id="clientRoles" data-ng-model="selectedRole" data-ng-change="selectRole(selectedRole);" data-placeholder="{{:: 'select-a-role' | translate}}..."
                             ng-options="role as role.name for role in clientRoles" data-ng-required="selectedRoles.length == 0" data-ng-disabled="!selectedClient">
+                        <option></option>
                     </select>
                 </div>
 

themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-user-detail.html

@@ -34,9 +34,8 @@
                 <label class="col-md-2 control-label" for="users">{{:: 'users' | translate}} <span class="required">*</span></label>
 
                 <div class="col-md-6">
-                    <select ui-select2="{ minimumInputLength: 1}" id="users" data-ng-model="selectedUser" data-ng-change="selectUser(selectedUser);" data-placeholder="Select an user..."
-                            ng-options="user as user.username for user in users" data-ng-required="selectedRoles.length == 0">
-                    </select>
+                    <input type="hidden" ui-select2="usersUiSelect" id="users" data-ng-model="selectedUser" data-ng-change="selectUser(selectedUser);" data-placeholder="Select an user..." data-ng-required="selectedUsers.length == 0"">
+                    </input>
                 </div>
                 <kc-tooltip>{{:: 'authz-policy-user-users.tooltip' | translate}}</kc-tooltip>
             </div>

themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-evaluate.html

@@ -59,12 +59,9 @@
                                                                                      data-ng-show="!authzRequest.roleIds || authzRequest.roleIds.length == 0">*</span></label>
 
                         <div class="col-md-6">
-                            <select ui-select2="{ minimumInputLength: 1, allowClear:true}" id="users"
-                                    data-ng-model="authzRequest.userId" data-placeholder="{{:: 'authz-select-user' | translate}}..."
-                                    ng-options="user.id as user.username for user in users track by user.id"
+                            <input type="hidden" ui-select2="usersUiSelect" id="users" data-ng-model="selectedUser" data-ng-change="selectUser(selectedUser);" data-placeholder="{{:: 'authz-select-user' | translate}}..."
                                    data-ng-required="!authzRequest.roleIds || authzRequest.roleIds.length == 0">
-                                <option value=""></option>
-                            </select>
+                            </input>
                         </div>
 
                         <kc-tooltip>{{:: 'authz-evaluation-user.tooltip' | translate}}</kc-tooltip>