libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-17750 Check admin has view/query access first before listing clients

Browse source
This commit is contained in:
stianst 2021-05-25 10:40:08 +02:00 committed by Hynek Mlnařík
parent b7e5db6534
commit 962047e7ea
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
View file

@ -105,17 +105,17 @@ public class ClientsResource {
@QueryParam("q") String searchQuery,
@QueryParam("first") Integer firstResult,
@QueryParam("max") Integer maxResults) {
auth.clients().requireList();
boolean canView = auth.clients().canView();
Stream<ClientModel> clientModels = Stream.empty();
if (searchQuery != null) {
auth.clients().requireList();
Map<String, String> attributes = SearchQueryUtils.getFields(searchQuery);
clientModels = canView
? realm.searchClientByAttributes(attributes, firstResult, maxResults)
: realm.searchClientByAttributes(attributes, -1, -1);
} else if (clientId == null || clientId.trim().equals("")) {
auth.clients().requireList();
clientModels = canView
? realm.getClientsStream(firstResult, maxResults)
: realm.getClientsStream();