libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource

Browse source
This commit is contained in:
Bart Monhemius 2020-04-23 08:54:29 +02:00 committed by Pedro Igor
parent 56a70bd376
commit 9389332675
2 changed files with 9 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java
View file

@ -256,21 +256,17 @@ public class PermissionResource {
} }
/** /**
* Deletes a permission ticket. * Deletes a permission ticket by ID.
* * @param ticketId the permission ticket ID
* @param ticket the permission ticket
*/ */
public void delete(final PermissionTicketRepresentation ticket) { public void delete(final String ticketId) {
if (ticket == null) { if (ticketId == null || ticketId.trim().isEmpty()) {
throw new IllegalArgumentException("Permission ticket must not be null or empty"); throw new IllegalArgumentException("Permission ticket ID must not be null or empty");
}
if (ticket.getId() == null) {
throw new IllegalArgumentException("Permission ticket must have an id");
} }
Callable<Void> callable = new Callable<Void>() { Callable<Void> callable = new Callable<Void>() {
@Override @Override
public Void call() throws Exception { public Void call() throws Exception {
http.<Void>delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticket.getId()) http.<Void>delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticketId)
.authorizationBearer(pat.call()) .authorizationBearer(pat.call())
.response() .response()
.execute(); .execute();

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
View file

@ -258,14 +258,13 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
for (PermissionTicketRepresentation ticket : tickets) { for (PermissionTicketRepresentation ticket : tickets) {
getAuthzClient().protection().permission().delete(ticket); getAuthzClient().protection().permission().delete(ticket.getId());
} }
tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, null, null, null); tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, null, null, null);
assertEquals(0, tickets.size()); assertEquals(0, tickets.size());
try { try {
response = authorize("kolo", "password", resource.getId(), new String[] {"ScopeA", "ScopeB"}); response = authorize("kolo", "password", resource.getId(), new String[] {"ScopeA", "ScopeB"});
fail("User should not have access to resource from another user"); fail("User should not have access to resource from another user");
} catch (AuthorizationDeniedException ade) { } catch (AuthorizationDeniedException ade) {
@ -531,7 +530,7 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
} }
for (PermissionTicketRepresentation ticket : permissionTickets) { for (PermissionTicketRepresentation ticket : permissionTickets) {
permissionResource.delete(ticket); permissionResource.delete(ticket.getId());
} }
permissionTickets = permissionResource.findByResource(resource.getId()); permissionTickets = permissionResource.findByResource(resource.getId());
@ -612,7 +611,7 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
for (PermissionTicketRepresentation representation : new ArrayList<>(permissionTickets)) { for (PermissionTicketRepresentation representation : new ArrayList<>(permissionTickets)) {
if (representation.isGranted()) { if (representation.isGranted()) {
permissionResource.delete(representation); permissionResource.delete(representation.getId());
} }
} }