Merge pull request #4183 from pedroigor/stan-ui-fixes

[KEYCLOAK-4915] - Fixes to evaluation tool UI
2017-05-24 09:32:42 -03:00 · 2017-05-24 09:32:42 -03:00 · 81f1a5b145
commit 81f1a5b145
parent 79af4dfd18 829bcf5eaf
8 changed files with 61 additions and 62 deletions
--- a/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEvaluationResponse.java
+++ b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEvaluationResponse.java
@ -19,13 +19,11 @@
 package org.keycloak.representations.idm.authorization;

 import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.idm.authorization.DecisionEffect;
-import org.keycloak.representations.idm.authorization.PolicyRepresentation;
-import org.keycloak.representations.idm.authorization.ResourceRepresentation;
-import org.keycloak.representations.idm.authorization.ScopeRepresentation;

 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;

 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -123,7 +121,7 @@ public class PolicyEvaluationResponse {
        private PolicyRepresentation policy;
        private DecisionEffect status;
        private List<PolicyResultRepresentation> associatedPolicies;
-        private List<ScopeRepresentation> scopes = new ArrayList<>();
+        private Set<String> scopes = new HashSet<>();

        public PolicyRepresentation getPolicy() {
            return policy;
@ -162,11 +160,11 @@ public class PolicyEvaluationResponse {
            return this.policy.equals(policy.getPolicy());
        }

-        public void setScopes(List<ScopeRepresentation> scopes) {
+        public void setScopes(Set<String> scopes) {
            this.scopes = scopes;
        }

-        public List<ScopeRepresentation> getScopes() {
+        public Set<String> getScopes() {
            return scopes;
        }
    }
--- a/services/src/main/java/org/keycloak/authorization/admin/PermissionService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PermissionService.java
@ -38,6 +38,18 @@ public class PermissionService extends PolicyService {
        return new PolicyTypeResourceService(policy, resourceServer, authorization, auth);
    }

+    @Override
+    protected PolicyTypeService doCreatePolicyTypeResource(String type) {
+        return new PolicyTypeService(type, resourceServer, authorization, auth) {
+            @Override
+            protected List<Object> doSearch(Integer firstResult, Integer maxResult, Map<String, String[]> filters) {
+                filters.put("permission", new String[] {Boolean.TRUE.toString()});
+                filters.put("type", new String[] {type});
+                return super.doSearch(firstResult, maxResult, filters);
+            }
+        };
+    }
+
    @Override
    protected List<Object> doSearch(Integer firstResult, Integer maxResult, Map<String, String[]> filters) {
        filters.put("permission", new String[] {Boolean.TRUE.toString()});
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
@ -75,7 +75,7 @@ public class PolicyService {
        PolicyProviderFactory providerFactory = getPolicyProviderFactory(type);

        if (providerFactory != null) {
-            return new PolicyTypeService(type, resourceServer, authorization, auth);
+            return doCreatePolicyTypeResource(type);
        }

        Policy policy = authorization.getStoreFactory().getPolicyStore().findById(type, resourceServer.getId());
@ -83,6 +83,10 @@ public class PolicyService {
        return doCreatePolicyResource(policy);
    }

+    protected PolicyTypeService doCreatePolicyTypeResource(String type) {
+        return new PolicyTypeService(type, resourceServer, authorization, auth);
+    }
+
    protected Object doCreatePolicyResource(Policy policy) {
        return new PolicyResourceService(policy, resourceServer, authorization, auth);
    }
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyTypeService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyTypeService.java
@ -17,6 +17,8 @@
 package org.keycloak.authorization.admin;

 import java.io.IOException;
+import java.util.List;
+import java.util.Map;

 import javax.ws.rs.Path;

@ -88,4 +90,10 @@ public class PolicyTypeService extends PolicyService {
        PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
        return ModelToRepresentation.toRepresentation(policy, providerFactory.getRepresentationType(), authorization);
    }
+
+    @Override
+    protected List<Object> doSearch(Integer firstResult, Integer maxResult, Map<String, String[]> filters) {
+        filters.put("type", new String[] {type});
+        return super.doSearch(firstResult, maxResult, filters);
+    }
 }
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java
@ -19,12 +19,10 @@ package org.keycloak.authorization.admin.representation;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.common.KeycloakIdentity;
-import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.policy.evaluation.Result;
 import org.keycloak.authorization.util.Permissions;
-import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.idm.authorization.DecisionEffect;
 import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
@ -38,7 +36,7 @@ import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.function.Consumer;
+import java.util.Set;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@ -128,37 +126,8 @@ public class PolicyEvaluationResponseBuilder {

            List<ScopeRepresentation> scopes = result.getScopes();

-            if (scopes == null) {
-                scopes = new ArrayList<>();
-                result.setScopes(scopes);
-            }
-
-            List<ScopeRepresentation> currentScopes = evaluationResultRepresentation.getScopes();
-
-            if (currentScopes != null) {
-                List<ScopeRepresentation> allowedScopes = result.getAllowedScopes();
-                for (ScopeRepresentation scope : currentScopes) {
-                    if (!scopes.contains(scope)) {
-                        scopes.add(scope);
-                    }
-                    if (evaluationResultRepresentation.getStatus().equals(Decision.Effect.PERMIT)) {
-                        if (!allowedScopes.contains(scope)) {
-                            allowedScopes.add(scope);
-                        }
-                    } else {
-                        evaluationResultRepresentation.getPolicies().forEach(new Consumer<PolicyEvaluationResponse.PolicyResultRepresentation>() {
-                            @Override
-                            public void accept(PolicyEvaluationResponse.PolicyResultRepresentation policyResultRepresentation) {
-                                if (policyResultRepresentation.getStatus().equals(Decision.Effect.PERMIT)) {
-                                    if (!allowedScopes.contains(scope)) {
-                                        allowedScopes.add(scope);
-                                    }
-                                }
-                            }
-                        });
-                    }
-                }
-                result.setAllowedScopes(allowedScopes);
+            if (DecisionEffect.PERMIT.equals(result.getStatus())) {
+                result.setAllowedScopes(scopes);
            }

            if (resource.getId() != null) {
@ -176,19 +145,7 @@ public class PolicyEvaluationResponseBuilder {
            for (PolicyEvaluationResponse.PolicyResultRepresentation policy : new ArrayList<>(evaluationResultRepresentation.getPolicies())) {
                if (!policies.contains(policy)) {
                    policies.add(policy);
-                } else {
-                    policy = policies.get(policies.indexOf(policy));
                }
-
-                if (policy.getStatus().equals(Decision.Effect.DENY)) {
-                    Policy policyModel = authorization.getStoreFactory().getPolicyStore().findById(policy.getPolicy().getId(), resourceServer.getId());
-                    for (ScopeRepresentation scope : policyModel.getScopes().stream().map(scopeModel -> ModelToRepresentation.toRepresentation(scopeModel, authorization)).collect(Collectors.toList())) {
-                        if (!policy.getScopes().contains(scope) && policyModel.getScopes().stream().filter(policyScope -> policyScope.getId().equals(scope.getId())).findFirst().isPresent()) {
-                            result.getAllowedScopes().remove(scope);
-                            policy.getScopes().add(scope);
-                        }
-                    }
-                } else {}
            }
        });

@ -207,12 +164,19 @@ public class PolicyEvaluationResponseBuilder {
        representation.setType(policy.getPolicy().getType());
        representation.setDecisionStrategy(policy.getPolicy().getDecisionStrategy());

+        representation.setResources(policy.getPolicy().getResources().stream().map(resource -> resource.getName()).collect(Collectors.toSet()));
+
+        Set<String> scopeNames = policy.getPolicy().getScopes().stream().map(scope -> scope.getName()).collect(Collectors.toSet());
+
+        representation.setScopes(scopeNames);
+
        policyResultRep.setPolicy(representation);
+
        if (policy.getStatus() == Decision.Effect.DENY) {
            policyResultRep.setStatus(DecisionEffect.DENY);
+            policyResultRep.setScopes(representation.getScopes());
        } else {
            policyResultRep.setStatus(DecisionEffect.PERMIT);
-
        }

        policyResultRep.setAssociatedPolicies(policy.getAssociatedPolicies().stream().map(result -> toRepresentation(result, authorization)).collect(Collectors.toList()));
--- a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
@ -2082,13 +2082,21 @@ module.controller('PolicyEvaluateCtrl', function($scope, $http, $route, $locatio
    $scope.client = client;
    $scope.clients = clients;
    $scope.roles = roles;
-    $scope.authzRequest = {};
-    $scope.authzRequest.resources = [];
-    $scope.authzRequest.context = {};
-    $scope.authzRequest.context.attributes = {};
-    $scope.authzRequest.roleIds = [];
+    authzRequest = {};
+    authzRequest.resources = [];
+    authzRequest.context = {};
+    authzRequest.context.attributes = {};
+    authzRequest.roleIds = [];
    $scope.resultUrl = resourceUrl + '/partials/authz/policy/resource-server-policy-evaluate-result.html';

+    $scope.authzRequest = angular.copy(authzRequest);
+
+    $scope.$watch('authzRequest', function() {
+        if (!angular.equals($scope.authzRequest, authzRequest)) {
+            $scope.changed = true;
+        }
+    }, true);
+
    $scope.addContextAttribute = function() {
        if (!$scope.newContextAttribute.value || $scope.newContextAttribute.value == '') {
            Notifications.error("You must provide a value to a context attribute.");
@ -2396,4 +2404,9 @@ module.controller('PolicyEvaluateCtrl', function($scope, $http, $route, $locatio

        $scope.authzRequest.userId = user.id;
    }
+
+    $scope.reset = function() {
+        $scope.authzRequest = angular.copy(authzRequest);
+        $scope.changed = false;
+    }
 });
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-evaluate-result.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-evaluate-result.html
@ -45,7 +45,7 @@
                                        href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission/{{policyResult.policy.type}}/{{policyResult.policy.id}}">{{policyResult.policy.name}}</a></strong>
                                decision was <span style="color: green" data-ng-show="policyResult.status == 'PERMIT'"><strong>{{policyResult.status}}</strong></span>
                                <span style="color: red" data-ng-hide="policyResult.status == 'PERMIT'"><strong>{{policyResult.status}}</strong></span>
-                                by <strong>{{policyResult.policy.decisionStrategy}}</strong> decision. {{policyResult.scopes.length > 0 ? 'Denied Scopes:' : ''}} <span data-ng-repeat="scope in policyResult.scopes"><strong style="color: red">{{scope.name}}{{$last ? '' : ', '}}</strong></span>{{policyResult.scopes.length > 0 ? '.' : ''}}
+                                by <strong>{{policyResult.policy.decisionStrategy}}</strong> decision. {{policyResult.policy.scopes.length > 0 ? (policyResult.status == 'DENY' ? 'Denied Scopes:' : 'Granted Scopes:') : ''}} <span data-ng-repeat="scope in policyResult.policy.scopes"><strong style="color: {{(policyResult.status == 'DENY' ? 'red' : 'green')}}">{{scope}}{{$last ? '' : ', '}}</strong></span>{{policyResult.policy.scopes.length > 0 ? '.' : ''}}
                                <ul>
                                    <li data-ng-repeat="subPolicy in policyResult.associatedPolicies">
                                        <strong><a
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-evaluate.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-evaluate.html
@ -11,7 +11,7 @@

    <div data-ng-show="showResult">
        <br>
-        <a href="" data-ng-click="showRequestTab()">{{:: 'authz-evaluation-new' | translate}}</a>
+        <a href="" data-ng-click="showRequestTab()">{{:: 'back' | translate}}</a>
        |
        <a href="" data-ng-click="reevaluate()">{{:: 'authz-evaluation-re-evaluate' | translate}}</a>
        |