libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-8160

Browse source
This commit is contained in:
Martin Kanis 2018-10-03 10:25:18 +02:00 committed by Stian Thorgersen
parent 0cb6053699
commit 72b23c1357
2 changed files with 47 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -1077,10 +1077,18 @@ public class RealmAdminResource {
@Produces(MediaType.APPLICATION_JSON)
public RealmRepresentation partialExport(@QueryParam("exportGroupsAndRoles") Boolean exportGroupsAndRoles,
@QueryParam("exportClients") Boolean exportClients) {
auth.realm().requireViewRealm();
boolean groupsAndRolesExported = exportGroupsAndRoles != null && exportGroupsAndRoles;
boolean clientsExported = exportClients != null && exportClients;
if (groupsAndRolesExported) {
auth.groups().requireList();
}
if (clientsExported) {
auth.clients().requireView();
}
ExportOptions options = new ExportOptions(false, clientsExported, groupsAndRolesExported);
RealmRepresentation rep = ExportUtils.exportRealm(session, realm, options, false);
return stripForExport(session, rep);

39
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
View file

@ -114,6 +114,13 @@ public class PermissionsTest extends AbstractKeycloakTest {
.role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN)
.addPassword("password"));
builder.user(UserBuilder.create()
.username("multi")
.role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.QUERY_GROUPS)
.role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.VIEW_REALM)
.role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.VIEW_CLIENTS)
.addPassword("password"));
builder.user(UserBuilder.create().username("none").addPassword("password"));
for (String role : AdminRoles.ALL_REALM_ROLES) {
@ -193,6 +200,9 @@ public class PermissionsTest extends AbstractKeycloakTest {
clients.put("none",
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
clients.put("multi",
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "multi", "password", "test-client", "secret"));
for (String role : AdminRoles.ALL_REALM_ROLES) {
clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
}
@ -1606,6 +1616,35 @@ public class PermissionsTest extends AbstractKeycloakTest {
}, Resource.REALM, true);
}
@Test
public void partialExport() {
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.partialExport(false, false);
}
}, clients.get("view-realm"), true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.partialExport(true, true);
}
}, clients.get("multi"), true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.partialExport(true, false);
}
}, clients.get("view-realm"), false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.partialExport(false, true);
}
}, clients.get("view-realm"), false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.partialExport(false, false);
}
}, clients.get("none"), false);
}
private void invoke(final Invocation invocation, Resource resource, boolean manage) {
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {