[KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource

2020-04-23 08:54:29 +02:00 · 2020-04-23 08:54:29 +02:00 · 9389332675
commit 9389332675
parent 56a70bd376
2 changed files with 9 additions and 14 deletions
--- a/authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java
+++ b/authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java
@ -256,21 +256,17 @@ public class PermissionResource {
    }

    /**
-     * Deletes a permission ticket.
-     *
-     * @param ticket the permission ticket
+     * Deletes a permission ticket by ID.
+     * @param ticketId the permission ticket ID
     */
-    public void delete(final PermissionTicketRepresentation ticket) {
-        if (ticket == null) {
-            throw new IllegalArgumentException("Permission ticket must not be null or empty");
-        }
-        if (ticket.getId() == null) {
-            throw new IllegalArgumentException("Permission ticket must have an id");
+    public void delete(final String ticketId) {
+        if (ticketId == null || ticketId.trim().isEmpty()) {
+            throw new IllegalArgumentException("Permission ticket ID must not be null or empty");
        }
        Callable<Void> callable = new Callable<Void>() {
            @Override
            public Void call() throws Exception {
-                http.<Void>delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticket.getId())
+                http.<Void>delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticketId)
                        .authorizationBearer(pat.call())
                        .response()
                        .execute();
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
@ -258,14 +258,13 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {


        for (PermissionTicketRepresentation ticket : tickets) {
-            getAuthzClient().protection().permission().delete(ticket);
+            getAuthzClient().protection().permission().delete(ticket.getId());
        }

        tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, null, null, null);

        assertEquals(0, tickets.size());
        try {
-
            response = authorize("kolo", "password", resource.getId(), new String[] {"ScopeA", "ScopeB"});
            fail("User should not have access to resource from another user");
        } catch (AuthorizationDeniedException ade) {
@ -531,7 +530,7 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
        }

        for (PermissionTicketRepresentation ticket : permissionTickets) {
-            permissionResource.delete(ticket);
+            permissionResource.delete(ticket.getId());
        }

        permissionTickets = permissionResource.findByResource(resource.getId());
@ -612,7 +611,7 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {

        for (PermissionTicketRepresentation representation : new ArrayList<>(permissionTickets)) {
            if (representation.isGranted()) {
-                permissionResource.delete(representation);
+                permissionResource.delete(representation.getId());
            }
        }