diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java index 3caf2ea886..8982a298f1 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java @@ -21,6 +21,7 @@ import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation; import static org.keycloak.models.utils.RepresentationToModel.toModel; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -48,9 +49,9 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService; import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.ResourceStore; +import org.keycloak.authorization.store.ScopeStore; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.models.Constants; -import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; @@ -299,6 +300,7 @@ public class PolicyService { @QueryParam("name") String name, @QueryParam("type") String type, @QueryParam("resource") String resource, + @QueryParam("scope") String scope, @QueryParam("permission") Boolean permission, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult) { @@ -319,27 +321,40 @@ public class PolicyService { } StoreFactory storeFactory = authorization.getStoreFactory(); - PolicyStore policyStore = storeFactory.getPolicyStore(); - if (resource != null && !"".equals(resource.trim())) { + + if (resource != null || scope != null) { List policies = new ArrayList<>(); - HashMap resourceSearch = new HashMap<>(); - resourceSearch.put("name", new String[] {resource}); + if (resource != null && !"".equals(resource.trim())) { + HashMap resourceSearch = new HashMap<>(); - ResourceStore resourceStore = storeFactory.getResourceStore(); - resourceStore.findByResourceServer(resourceSearch, resourceServer.getId(), -1, -1).forEach(resource1 -> { - policyStore.findByResource(resource1.getId(), resourceServer.getId()).forEach(policyRepresentation -> { - Policy associated = policyStore.findById(policyRepresentation.getId(), resourceServer.getId()); - policies.add(associated); - findAssociatedPolicies(associated, policies); + resourceSearch.put("name", new String[]{resource}); + + storeFactory.getResourceStore().findByResourceServer(resourceSearch, resourceServer.getId(), -1, 1).forEach(resource1 -> { + policies.addAll(policyStore.findByResource(resource1.getId(), resourceServer.getId())); + if (resource1.getType() != null) { + policies.addAll(policyStore.findByResourceType(resource1.getType(), resourceServer.getId())); + } }); - }); + } + + if (scope != null && !"".equals(scope.trim())) { + HashMap scopeSearch = new HashMap<>(); + + scopeSearch.put("name", new String[]{scope}); + + storeFactory.getScopeStore().findByResourceServer(scopeSearch, resourceServer.getId(), -1, 1).forEach(scope1 -> { + policies.addAll(policyStore.findByScopeIds(Arrays.asList(scope1.getId()), resourceServer.getId())); + }); + } if (policies.isEmpty()) { return Response.ok(Collections.emptyList()).build(); } + new ArrayList<>(policies).forEach(policy -> findAssociatedPolicies(policy, policies)); + search.put("id", policies.stream().map(Policy::getId).toArray(String[]::new)); } diff --git a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js index 774b6d72db..e40fcec9b6 100644 --- a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js @@ -245,7 +245,7 @@ module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $r }); } - $scope.cancel = function() { + $scope.reset = function() { $location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/resource/"); } } else { @@ -465,6 +465,10 @@ module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $rout }); }); } + + $scope.reset = function() { + $location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/scope/"); + } } else { ResourceServerScope.get({ realm : $route.current.params.realm, @@ -1807,7 +1811,7 @@ module.service("PolicyController", function($http, $route, $location, ResourceSe }); } - $scope.cancel = function() { + $scope.reset = function() { if (delegate.isPermission()) { $location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/permission/"); } else { diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html index aea5c013d5..3c761a5a9c 100644 --- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html @@ -28,6 +28,12 @@ +
+ +
+ +
+
+
+ +
+