libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

[KEYCLOAK-3137] - Review i18n for AuthZ Services

Browse source
This commit is contained in:
Pedro Igor 2016-07-14 13:52:05 -03:00
parent bffbc9e198
commit aacf2e9390
23 changed files with 608 additions and 451 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java
View file

@ -34,9 +34,16 @@ import org.keycloak.authorization.policy.evaluation.Result;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.authorization.util.Permissions;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.Urls;
@ -156,15 +163,17 @@ public class PolicyEvaluationService {
}
private KeycloakIdentity createIdentity(PolicyEvaluationRequest representation) {
RealmModel realm = this.authorization.getKeycloakSession().getContext().getRealm();
KeycloakSession keycloakSession = this.authorization.getKeycloakSession();
RealmModel realm = keycloakSession.getContext().getRealm();
AccessToken accessToken = new AccessToken();
accessToken.subject(representation.getUserId());
accessToken.issuedFor(representation.getClientId());
accessToken.audience(representation.getClientId());
accessToken.issuer(Urls.realmIssuer(this.authorization.getKeycloakSession().getContext().getUri().getBaseUri(), realm.getName()));
accessToken.issuer(Urls.realmIssuer(keycloakSession.getContext().getUri().getBaseUri(), realm.getName()));
accessToken.setRealmAccess(new AccessToken.Access());
AccessToken.Access realmAccess = accessToken.getRealmAccess();
Map<String, Object> claims = accessToken.getOtherClaims();
Map<String, String> givenAttributes = representation.getContext().get("attributes");
@ -175,31 +184,60 @@ public class PolicyEvaluationService {
String subject = accessToken.getSubject();
if (subject != null) {
UserModel userModel = this.authorization.getKeycloakSession().users().getUserById(subject, realm);
UserModel userModel = keycloakSession.users().getUserById(subject, realm);
if (userModel != null) {
Set<RoleModel> roleMappings = userModel.getRoleMappings();
userModel.getAttributes().forEach(claims::put);
roleMappings.stream().map(RoleModel::getName).forEach(roleName -> accessToken.getRealmAccess().addRole(roleName));
userModel.getRoleMappings().stream().map(RoleModel::getName).forEach(roleName -> realmAccess.addRole(roleName));
String clientId = representation.getClientId();
if (clientId == null) {
clientId = resourceServer.getClientId();
}
if (clientId != null) {
ClientModel clientModel = realm.getClientById(clientId);
ClientSessionModel clientSession = null;
UserSessionModel userSession = null;
try {
clientSession = keycloakSession.sessions().createClientSession(realm, clientModel);
userSession = keycloakSession.sessions().createUserSession(realm, userModel, userModel.getUsername(), "127.0.0.1", "passwd", false, null, null);
UserSessionModel finalUserSession = userSession;
ClientSessionModel finalClientSession = clientSession;
for (ProtocolMapperModel mapping : clientModel.getProtocolMappers()) {
KeycloakSessionFactory sessionFactory = keycloakSession.getKeycloakSessionFactory();
ProtocolMapper mapper = (ProtocolMapper)sessionFactory.getProviderFactory(ProtocolMapper.class, mapping.getProtocolMapper());
if (mapper != null && (mapper instanceof OIDCAccessTokenMapper)) {
accessToken = ((OIDCAccessTokenMapper)mapper).transformAccessToken(accessToken, mapping, keycloakSession, finalUserSession, finalClientSession);
}
}
} finally {
if (clientSession != null) {
keycloakSession.sessions().removeClientSession(realm, clientSession);
}
if (userSession != null) {
keycloakSession.sessions().removeUserSession(realm, userSession);
}
}
accessToken.addAccess(clientModel.getClientId());
AccessToken.Access resourceAccess = accessToken.getResourceAccess(clientModel.getClientId());
userModel.getClientRoleMappings(clientModel).stream().map(RoleModel::getName).forEach(roleName -> accessToken.getResourceAccess(clientModel.getClientId()).addRole(roleName));
//TODO: would be awesome if we could transform the access token using the configured protocol mappers. Tried, but without a clientSession and userSession is tuff.
userModel.getClientRoleMappings(clientModel).stream().map(RoleModel::getName).forEach(roleName -> resourceAccess.addRole(roleName));
}
}
}
if (representation.getRoleIds() != null) {
representation.getRoleIds().forEach(roleName -> accessToken.getRealmAccess().addRole(roleName));
representation.getRoleIds().forEach(roleName -> realmAccess.addRole(roleName));
}
return new KeycloakIdentity(accessToken, this.authorization.getKeycloakSession());
return new KeycloakIdentity(accessToken, keycloakSession);
}
}

47
services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java
View file

@ -55,38 +55,6 @@ public class PolicyEvaluationResponse {
PolicyEvaluationResponse response = new PolicyEvaluationResponse();
List<EvaluationResultRepresentation> resultsRep = new ArrayList<>();
response.entitlements = evaluationRequest.isEntitlements();
if (response.entitlements) {
List<Permission> entitlements = Permissions.allPermits(results);
if (entitlements.isEmpty()) {
response.status = Effect.DENY;
} else {
StoreFactory storeFactory = authorization.getStoreFactory();
for (Permission permission : entitlements) {
EvaluationResultRepresentation rep = new EvaluationResultRepresentation();
rep.setStatus(Effect.PERMIT);
resultsRep.add(rep);
Resource resource = storeFactory.getResourceStore().findById(permission.getResourceSetId());
if (resource != null) {
rep.setResource(Models.toRepresentation(resource, resourceServer, authorization));
} else {
ResourceRepresentation representation = new ResourceRepresentation();
representation.setName("Any Resource with Scopes " + permission.getScopes());
rep.setResource(representation);
}
rep.setScopes(permission.getScopes().stream().map(ScopeRepresentation::new).collect(Collectors.toList()));
}
}
} else {
if (results.stream().anyMatch(evaluationResult -> evaluationResult.getEffect().equals(Effect.DENY))) {
response.status = Effect.DENY;
} else {
@ -104,17 +72,17 @@ public class PolicyEvaluationResponse {
} else {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Any Resource with Scopes " + result.getPermission().getScopes());
resource.setName("Any Resource with Scopes " + result.getPermission().getScopes().stream().map(new Function<Scope, String>() {
@Override
public String apply(Scope scope) {
return scope.getName();
}
}).collect(Collectors.toList()));
rep.setResource(resource);
}
rep.setScopes(result.getPermission().getScopes().stream().map(new Function<Scope, ScopeRepresentation>() {
@Override
public ScopeRepresentation apply(Scope scope) {
return Models.toRepresentation(scope, authorization);
}
}).collect(Collectors.toList()));
rep.setScopes(result.getPermission().getScopes().stream().map(scope -> Models.toRepresentation(scope, authorization)).collect(Collectors.toList()));
List<PolicyResultRepresentation> policies = new ArrayList<>();
@ -124,7 +92,6 @@ public class PolicyEvaluationResponse {
rep.setPolicies(policies);
}
}
response.results = resultsRep;

168
themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
View file

@ -920,3 +920,171 @@ saved-types=Saved Types
clear-admin-events=Clear admin events
clear-changes=Clear changes
error=Error
# Authz
# Authz Common
authz-authorization=Authorization
authz-owner=Owner
authz-uri=URI
authz-scopes=Scopes
authz-resource=Resource
authz-resource-type=Resource Type
authz-resources=Resources
authz-scope=Scope
authz-authz-scopes=Authorization Scopes
authz-policies=Policies
authz-permissions=Permissions
authz-evaluate=Evaluate
authz-icon-uri=Icon URI
authz-icon-uri.tooltip=An URI pointing to an icon.
authz-select-scope=Select a scope
authz-select-resource=Select a resource
authz-associated-policies=Associated Policies
authz-any-resource=Any resource
authz-any-scope=Any scope
authz-any-role=Any role
authz-policy-evaluation=Policy Evaluation
authz-select-client=Select a client
authz-select-user=Select an user
authz-entitlements=Entitlements
authz-no-resources=No resources
authz-result=Result
authz-authorization-services-enabled=Authorization Enabled
authz-authorization-services-enabled.tooltip=Enable/Disable fine-grained authorization support for a client
# Authz Settings
authz-import-config.tooltip=Import a JSON file containing authorization settings for this resource server.
authz-policy-enforcement-mode=Policy Enforcement Mode
authz-policy-enforcement-mode.tooltip=The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allow access to any resource.
authz-policy-enforcement-mode-enforcing=Enforcing
authz-policy-enforcement-mode-permissive=Permissive
authz-policy-enforcement-mode-disabled=Disabled
authz-remote-resource-management=Remote Resource Management
authz-remote-resource-management.tooltip=Should resources be managed remotely by the resource server? If false, resources can only be managed from this admin console.
authz-export-settings=Export Settings
authz-export-settings.tooltip=Export and download all authorization settings for this resource server.
# Authz Resource List
authz-no-resources-available=No resources available.
authz-no-scopes-assigned=No scopes assigned.
authz-no-type-defined=No type defined.
authz-no-permission-assigned=No permission assigned.
authz-no-policy-assigned=No policy assigned.
authz-create-permission=Create permission
# Authz Resource Detail
authz-add-resource=Add Resource
authz-resource-name.tooltip=An unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.
authz-resource-owner.tooltip=The owner of this resource.
authz-resource-type.tooltip=The type of this resource. It can be used to group different resource instances with the same type.
authz-resource-uri.tooltip=An URI that can also be used to uniquely identify this resource.
authz-resource-scopes.tooltip=The scopes associated with this resource.
# Authz Scope List
authz-add-scope=Add Scope
authz-no-scopes-available=No scopes available.
# Authz Scope Detail
authz-scope-name.tooltip=An unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.
# Authz Policy List
authz-all-types=All types
authz-create-policy=Create policy
authz-no-policies-available=No policies available.
# Authz Policy Detail
authz-policy-name.tooltip=The name of this policy.
authz-policy-description.tooltip=A description for this policy.
authz-policy-logic=Logic
authz-policy-logic-positive=Positive
authz-policy-logic-negative=Negative
authz-policy-logic.tooltip=The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
authz-policy-apply-policy=Apply Policy
authz-policy-apply-policy.tooltip=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
authz-policy-decision-strategy=Decision Strategy
authz-policy-decision-strategy.tooltip=The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.
authz-policy-decision-strategy-affirmative=Affirmative
authz-policy-decision-strategy-unanimous=Unanimous
authz-policy-decision-strategy-consensus=Consensus
authz-select-a-policy=Select a policy
# Authz Role Policy Detail
authz-add-role-policy=Add Role Policy
authz-no-roles-assigned=No roles assigned.
authz-policy-role-roles.tooltip=Specifies which role(s) are allowed by this policy.
# Authz User Policy Detail
authz-add-user-policy=Add User Policy
authz-no-users-assigned=No users assigned.
authz-policy-user-users.tooltip=Specifies which user(s) are allowed by this policy.
# Authz Time Policy Detail
authz-add-time-policy=Add Time Policy
authz-policy-time-not-before.tooltip=Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.
authz-policy-time-not-on-after=Not On or After
authz-policy-time-not-on-after.tooltip=Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.
# Authz Drools Policy Detail
authz-add-drools-policy=Add Drools Policy
authz-policy-drools-maven-artifact-resolve=Resolve
authz-policy-drools-maven-artifact=Policy Maven Artifact
authz-policy-drools-maven-artifact.tooltip=A Maven GAV pointing to an artifact from where the rules would be loaded from. Once you have provided the GAV, you can click *Resolve* to load both *Module* and *Session* fields.
authz-policy-drools-module=Module
authz-policy-drools-module.tooltip=The module used by this policy. You must provide a module in order to select a specific session from where rules will be loaded from.
authz-policy-drools-session=Session
authz-policy-drools-session.tooltip=The session used by this policy. The session provides all the rules to evaluate when processing the policy.
authz-policy-drools-update-period=Update Period
authz-policy-drools-update-period.tooltip=Specifies an interval for scanning for artifact updates.
# Authz JS Policy Detail
authz-add-js-policy=Add JavaScript Policy
authz-policy-js-code=Code
authz-policy-js-code.tooltip=The JavaScript code providing the conditions for this policy.
# Authz Aggregated Policy Detail
authz-aggregated=Aggregated
authz-add-aggregated-policy=Add Aggregated Policy
# Authz Permission List
authz-no-permissions-available=No permissions available.
# Authz Permission Detail
authz-permission-name.tooltip=The name of this permission.
authz-permission-description.tooltip=A description for this permission.
# Authz Resource Permission Detail
authz-add-resource-permission=Add Resource Permission
authz-permission-resource-apply-to-resource-type=Apply to Resource Type
authz-permission-resource-apply-to-resource-type.tooltip=Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
authz-permission-resource-resource.tooltip=Specifies that this permission must be applied to a specific resource instance.
authz-permission-resource-type.tooltip=Specifies that this permission must be applied to all resources instances of a given type.
# Authz Scope Permission Detail
authz-add-scope-permission=Add Scope Permission
authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
authz-permission-scope-scope.tooltip=Specifies that this permission must be applied to one or more scopes.
# Authz Evaluation
authz-evaluation-identity-information=Identity Information
authz-evaluation-identity-information.tooltip=The available options to configure the identity information that will be used when evaluating policies.
authz-evaluation-client.tooltip=Select the client making this authorization request.
authz-evaluation-user.tooltip=Select an user whose identity is going to be used to query permissions from the server.
authz-evaluation-role.tooltip=Select the roles you want to associate with the selected user.
authz-evaluation-new=New Evaluation
authz-evaluation-previous=Previous Evaluation
authz-evaluation-contextual-info=Contextual Information
authz-evaluation-contextual-info.tooltip=The available options to configure any contextual information that will be used when evaluating policies.
authz-evaluation-contextual-attributes=Contextual Attributes
authz-evaluation-contextual-attributes.tooltip=Any attribute provided by a running environment or execution context.
authz-evaluation-permissions.tooltip=The available options to configure the permissions to which policies will be applied.
authz-evaluation-evaluate=Evaluate
authz-evaluation-any-resource-with-scopes=Any resource with scope(s)
authz-evaluation-no-result=Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.
authz-evaluation-no-policies-resource=No policies were found for this resource.
authz-evaluation-result.tooltip=The overall result for this permission request.
authz-evaluation-scopes.tooltip=The requested scopes.
authz-evaluation-policies.tooltip=Details about which policies were evaluated and their decisions.

58
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/provider/resource-server-policy-resource-detail.html
View file

@ -3,96 +3,94 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">Permissions</a></li>
<li data-ng-show="create">Add Resource Permission</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">{{:: 'authz-permissions' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-resource-permission' | translate}}</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add Resource Permission</h1>
<h1 data-ng-show="create">{{:: 'authz-add-resource-permission' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this permission.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this permission.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.default">Apply to Resource Type</label>
<label class="col-md-2 control-label" for="policy.config.default">{{:: 'authz-permission-resource-apply-to-resource-type' | translate}}</label>
<div class="col-md-6">
<input ng-model="policy.config.default" id="policy.config.default" onoffswitch data-ng-click="applyToResourceType()"/>
</div>
<kc-tooltip>Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances
of a given resource type.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-resource-apply-to-resource-type.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-hide="policy.config.default">
<label class="col-md-2 control-label" for="reqActions">Resources <span class="required">*</span></label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resources' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1}" id="reqActions" data-ng-model="policy.config.resources" data-placeholder="Select a resource..." multiple data-ng-required="!policy.config.default">
<select ui-select2="{ minimumInputLength: 1}" id="reqActions" data-ng-model="policy.config.resources" data-placeholder="{{:: 'authz-select-resource' | translate}}..." multiple data-ng-required="!policy.config.default">
<option ng-repeat="resource in resources" value="{{resource._id}}" ng-selected="true">{{resource.name}}</option>
</select>
</div>
<kc-tooltip>Specifies that this permission must be applied to a specific resource instance.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-resource-resource.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-show="policy.config.default">
<label class="col-md-2 control-label" for="policy.config.defaultResourceType">Resource Type <span class="required">*</span></label>
<label class="col-md-2 control-label" for="policy.config.defaultResourceType">{{:: 'authz-resource-type' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<input class="form-control" type="text" id="policy.config.defaultResourceType" name="policy.config.defaultResourceType" data-ng-model="policy.config.defaultResourceType" data-ng-required="policy.config.default">
</div>
<kc-tooltip>Specifies that this permission must be applied to all resources instances of a given type.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-resource-type.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="reqActions">Apply Policy <span class="required">*</span></label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1}" id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="Select a policy..." multiple required>
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required>
<option ng-repeat="policy in policies" value="{{policy.id}}" ng-selected="true">{{policy.name}}</option>
</select>
</div>
<kc-tooltip>Specifies all the policies that must be applied to the resource type or instances defined by this permission.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.decisionStrategy">Decision Strategy</label>
<label class="col-md-2 control-label" for="policy.decisionStrategy">{{:: 'authz-policy-decision-strategy' | translate}}</label>
<div class="col-md-6">
<div class="col-sm-2">
<select class="form-control" id="policy.decisionStrategy"
data-ng-model="policy.decisionStrategy"
ng-change="selectDecisionStrategy()">
<option ng-repeat="strategy in decisionStrategies" value="{{strategy}}">{{strategy | toCamelCase}}</option>
<option value="UNANIMOUS">{{:: 'authz-policy-decision-strategy-unanimous' | translate}}</option>
<option value="AFFIRMATIVE">{{:: 'authz-policy-decision-strategy-affirmative' | translate}}</option>
<option value="CONSENSUS">{{:: 'authz-policy-decision-strategy-consensus' | translate}}</option>
</select>
</div>
<kc-tooltip>The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained.
'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive.
'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-decision-strategy.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

61
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/provider/resource-server-policy-scope-detail.html
View file

@ -3,108 +3,107 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">Permissions</a></li>
<li data-ng-show="create">Add Scope Permission</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">{{:: 'authz-permissions' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-scope-permission' | translate}}</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add Scope Permission</h1>
<h1 data-ng-show="create">{{:: 'authz-add-scope-permission' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this permission.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this permission.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="reqActions">Resource</label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resource' | translate}}</label>
<div class="col-md-6">
<select class="form-control" id="reqActions"
ng-model="policy.config.resources"
ng-change="resolveScopes(policy)"
data-ng-options="resource._id as resource.name for resource in resources">
<option value="">Any resource...</option>
<option value="">{{:: 'authz-any-resource' | translate}}...</option>
</select>
</div>
<kc-tooltip>Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-scope-resource.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-show="policy.config.resources">
<label class="col-md-2 control-label" for="reqActions">Scopes <span class="required">*</span></label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2 id="reqActions"
data-ng-model="policy.config.scopes"
data-placeholder="Any scope..." multiple
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple
data-ng-required="policy.config.resources != ''"
data-ng-options="scope.id as scope.name for scope in scopes track by scope.id"/>
</div>
<kc-tooltip>Specifies that this permission must be applied to one or more scopes.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-show="!policy.config.resources">
<label class="col-md-2 control-label" for="reqActions">Scopes <span class="required">*</span></label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1}" id="reqActions"
data-ng-model="policy.config.scopes"
data-placeholder="Any scope..." multiple
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple
data-ng-required="policy.config.resources == ''"
data-ng-options="scope.id as scope.name for scope in scopes track by scope.id"/>
</select>
</div>
<kc-tooltip>Specifies that this permission must be applied to one or more scopes.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="reqActions">Apply Policy <span class="required">*</span></label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="Select a policy..." multiple required>
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required>
<option ng-repeat="policy in policies" value="{{policy.id}}" ng-selected="true">{{policy.name}}</option>
</select>
</div>
<kc-tooltip>Specifies all the policies that must be applied to the scopes defined by this permission.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.decisionStrategy">Decision Strategy</label>
<label class="col-md-2 control-label" for="policy.decisionStrategy">{{:: 'authz-policy-decision-strategy' | translate}}</label>
<div class="col-md-6">
<div class="col-sm-2">
<select class="form-control" id="policy.decisionStrategy"
data-ng-model="policy.decisionStrategy"
ng-change="selectDecisionStrategy()">
<option ng-repeat="strategy in decisionStrategies" value="{{strategy}}">{{strategy}}</option>
<option value="UNANIMOUS">{{:: 'authz-policy-decision-strategy-unanimous' | translate}}</option>
<option value="AFFIRMATIVE">{{:: 'authz-policy-decision-strategy-affirmative' | translate}}</option>
<option value="CONSENSUS">{{:: 'authz-policy-decision-strategy-consensus' | translate}}</option>
</select>
</div>
<kc-tooltip>The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained.
'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive.
'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-decision-strategy.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

22
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
View file

@ -8,14 +8,14 @@
<th class="kc-table-actions" colspan="5">
<div class="form-inline">
<div class="form-group">
Filter by:&nbsp;&nbsp;
{{:: 'filter' | translate}}:&nbsp;&nbsp;
<div class="input-group">
<input type="text" placeholder="Name" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<input type="text" placeholder="{{:: 'name' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
</div>
<div class="input-group">
<select class="form-control search" data-ng-model="search.type"
ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type">
<option value="" selected ng-click="search.type = ''">All types</option>
<option value="" selected ng-click="search.type = ''">{{:: 'authz-all-types' | translate}}</option>
</select>
</div>
</div>
@ -23,17 +23,17 @@
<select class="form-control" ng-model="policyType"
ng-options="p.name for p in policyProviders track by p.type"
data-ng-change="addPolicy(policyType);">
<option value="" disabled selected>Create permission...</option>
<option value="" disabled selected>{{:: 'authz-create-permission' | translate}}...</option>
</select>
</div>
</div>
</th>
</tr>
<tr data-ng-hide="policies.length == 0">
<th>Permission Name</th>
<th>Description</th>
<th>Type</th>
<th>Associated Policies</th>
<th>{{:: 'name' | translate}}</th>
<th>{{:: 'description' | translate}}</th>
<th>{{:: 'type' | translate}}</th>
<th>{{:: 'authz-associated-policies' | translate}}</th>
</tr>
</thead>
<tbody>
@ -42,7 +42,7 @@
<td>{{policy.description}}</td>
<td>{{policy.type}}</td>
<td>
<span data-ng-show="!policy.associatedPolicies.length">No policies assigned.</span>
<span data-ng-show="!policy.associatedPolicies.length">{{:: 'authz-no-policy-assigned' | translate}}</span>
<span data-ng-show="policy.associatedPolicies.length > 0">
<span ng-repeat="policy in policy.associatedPolicies">
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy/{{policy.type}}/{{policy.id}}">{{policy.name}}</a>{{$last ? '' : ', '}}
@ -51,8 +51,8 @@
</td>
</tr>
<tr data-ng-show="(policies | filter:search).length == 0">
<td class="text-muted" colspan="3" data-ng-show="search.name">No results</td>
<td class="text-muted" colspan="3" data-ng-hide="search.name">No permissions available</td>
<td class="text-muted" colspan="3" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
<td class="text-muted" colspan="3" data-ng-hide="search.name">{{:: 'authz-no-permissions-available' | translate}}</td>
</tr>
</tbody>
</table>

53
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-aggregate-detail.html
View file

@ -3,84 +3,83 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
<li data-ng-show="create">Add Aggregate Policy</li>
<li data-ng-hide="create">Aggregated</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-aggregated-policy' | translate}}</li>
<li data-ng-hide="create">{{:: 'authz-aggregated' | translate}}</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add Aggregate Policy</h1>
<h1 data-ng-show="create">{{:: 'authz-add-aggregated-policy' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="reqActions">Apply Policy <span class="required">*</span></label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="Select a policy..." multiple required>
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required>
<option ng-repeat="policy in policies" value="{{policy.id}}" ng-selected="true">{{policy.name}}</option>
</select>
</div>
<kc-tooltip>Specifies all the policies that must be applied to the scopes defined by this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.decisionStrategy">Decision Strategy</label>
<label class="col-md-2 control-label" for="policy.decisionStrategy">{{:: 'authz-policy-decision-strategy' | translate}}</label>
<div class="col-md-6">
<div class="col-sm-2">
<select class="form-control" id="policy.decisionStrategy"
data-ng-model="policy.decisionStrategy"
ng-change="selectDecisionStrategy()">
<option ng-repeat="strategy in decisionStrategies" value="{{strategy}}">{{strategy}}</option>
<option value="UNANIMOUS">{{:: 'authz-policy-decision-strategy-unanimous' | translate}}</option>
<option value="AFFIRMATIVE">{{:: 'authz-policy-decision-strategy-affirmative' | translate}}</option>
<option value="CONSENSUS">{{:: 'authz-policy-decision-strategy-consensus' | translate}}</option>
</select>
</div>
<kc-tooltip>The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision is obtained.
'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive.
'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-decision-strategy.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
<div class="col-sm-1">
<select class="form-control" id="policy.logic"
data-ng-model="policy.logic">
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
</select>
</div>
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

58
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-drools-detail.html
View file

@ -3,40 +3,40 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
<li data-ng-show="create">Add Drools Policy</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-drools-policy' | translate}}</li>
<li data-ng-hide="create">Drools</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add Drools Policy</h1>
<h1 data-ng-show="create">{{:: 'authz-add-drools-policy' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required" data-ng-show="create">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.mavenArtifactGroupId">Policy Maven Artifact <span class="required" data-ng-show="create">*</span></label>
<button data-ng-click="resolveModules()" class="btn btn-primary">Resolve</button>
<label class="col-md-2 control-label" for="policy.config.mavenArtifactGroupId">{{:: 'authz-policy-drools-maven-artifact' | translate}} <span class="required" data-ng-show="create">*</span></label>
<button data-ng-click="resolveModules()" class="btn btn-primary">{{:: 'authz-policy-drools-maven-artifact-resolve' | translate}}</button>
<div class="col-sm-3">
<input class="form-control" type="text" id="policy.config.mavenArtifactGroupId" name="policy.config.mavenArtifactGroupId" data-ng-model="policy.config.mavenArtifactGroupId" placeholder="Group Identifier" required>
</div>
<kc-tooltip>A Maven GAV pointing to an artifact from where the rules would be loaded from. Once you have provided the GAV, you can click *Resolve* to load both *Module* and *Session* fields.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-drools-maven-artifact.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.mavenArtifactId"></label>
@ -51,7 +51,7 @@
</div>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.moduleName">Module <span class="required" data-ng-show="create">*</span></label>
<label class="col-md-2 control-label" for="policy.config.moduleName">{{:: 'authz-policy-drools-module' | translate}} <span class="required" data-ng-show="create">*</span></label>
<div class="col-sm-3">
<div>
<select class="form-control" id="policy.config.moduleName"
@ -63,10 +63,10 @@
</select>
</div>
</div>
<kc-tooltip>The module used by this policy. You must provide a module in order to select a specific session from where rules will be loaded from.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-drools-module.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.sessionName">Session <span class="required" data-ng-show="create">*</span></label>
<label class="col-md-2 control-label" for="policy.config.sessionName">{{:: 'authz-policy-drools-session' | translate}} <span class="required" data-ng-show="create">*</span></label>
<div class="col-sm-3">
<div>
<select class="form-control" id="policy.config.sessionName"
@ -77,10 +77,10 @@
</select>
</div>
</div>
<kc-tooltip>The session used by this policy. The session provides all the rules to evaluate when processing the policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-drools-session.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.scannerPeriod">Update Period</label>
<label class="col-md-2 control-label" for="policy.config.scannerPeriod">{{:: 'authz-policy-drools-update-period' | translate}}</label>
<div class="col-md-6 time-selector">
<input class="form-control" type="number" required min="1" max="31536000" data-ng-model="policy.config.scannerPeriod" id="policy.config.scannerPeriod"
name="policy.config.scannerPeriod"
@ -88,38 +88,38 @@
<select class="form-control" name="policy.config.scannerPeriodUnit"
data-ng-model="policy.config.scannerPeriodUnit"
ng-disabled="!policy.config.sessionName">
<option>Seconds</option>
<option>Minutes</option>
<option>Hours</option>
<option>Days</option>
<option>{{:: 'seconds' | translate}}</option>
<option>{{:: 'minutes' | translate}}</option>
<option>{{:: 'hours' | translate}}</option>
<option>{{:: 'days' | translate}}</option>
</select>
</div>
<kc-tooltip>Specifies an interval for scanning for artifact updates.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-drools-update-period.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
<div class="col-sm-1">
<select class="form-control" id="policy.logic"
data-ng-model="policy.logic">
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
</select>
</div>
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

36
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-js-detail.html
View file

@ -6,63 +6,63 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
<li data-ng-show="create">Add JS Policy</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-js-policy' | translate}}</li>
<li data-ng-hide="create">JavaScript</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add JS Policy</h1>
<h1 data-ng-show="create">{{:: 'authz-add-js-policy' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Code </label>
<label class="col-md-2 control-label" for="description">{{:: 'authz-policy-js-code' | translate}} </label>
<div class="col-sm-6">
<div ui-ace="{ onLoad : initEditor }" data-ng-model="policy.config.code"></div>
</div>
<kc-tooltip>The JavaScript code providing the conditions for this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-js-code.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
<div class="col-sm-1">
<select class="form-control" id="policy.logic"
data-ng-model="policy.logic">
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
</select>
</div>
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

48
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-role-detail.html
View file

@ -21,43 +21,43 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
<li data-ng-show="create">Add Role Policy</li>
<li data-ng-hide="create">Role</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-role-policy' | translate}}</li>
<li data-ng-hide="create">{{:: 'roles' | translate}}</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add Role Policy</h1>
<h1 data-ng-show="create">{{:: 'authz-add-role-policy' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="roles">Roles <span class="required">*</span></label>
<label class="col-md-2 control-label" for="roles">{{:: 'roles' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1}" id="roles" data-ng-model="selectedRole" data-ng-change="selectRole(selectedRole);" data-placeholder="Select a role..."
<select ui-select2="{ minimumInputLength: 1}" id="roles" data-ng-model="selectedRole" data-ng-change="selectRole(selectedRole);" data-placeholder="{{:: 'select-a-role' | translate}}..."
ng-options="role as role.name for role in roles" data-ng-required="selectedUsers.length == 0 && selectedRoles.length == 0">
</select>
</div>
<kc-tooltip>Specifies which role(s) are allowed by this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-role-roles.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" style="margin-top: -15px;">
<label class="col-md-2 control-label"></label>
@ -65,48 +65,48 @@
<table class="table table-striped table-bordered">
<thead>
<tr data-ng-hide="!selectedRoles.length">
<th>Role name</th>
<th>Actions</th>
<th>{{:: 'name' | translate}}</th>
<th>{{:: 'actions' | translate}}</th>
</tr>
</thead>
<tbody>
<tr ng-repeat="role in selectedRoles | orderBy:'name'">
<td>{{role.name}}</td>
<td class="kc-action-cell">
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedRoles, $index);">Remove</button>
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedRoles, $index);">{{:: 'remove' | translate}}</button>
</td>
</tr>
<tr data-ng-show="!selectedRoles.length">
<td class="text-muted" colspan="3">No roles assigned.</td>
<td class="text-muted" colspan="3">{{:: 'authz-no-roles-assigned' | translate}}</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
<div class="col-sm-1">
<select class="form-control" id="policy.logic"
data-ng-model="policy.logic">
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
</select>
</div>
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

42
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-time-detail.html
View file

@ -6,73 +6,73 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
<li data-ng-show="create">Add Time Policy</li>
<li data-ng-hide="create">Time</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-time-policy' | translate}}</li>
<li data-ng-hide="create">{{:: 'time' | translate}}</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add Time Policy</h1>
<h1 data-ng-show="create">{{:: 'authz-add-time-policy' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.nbf">Not Before</label>
<label class="col-md-2 control-label" for="policy.config.nbf">{{:: 'not-before' | translate}}</label>
<div class="col-md-6 time-selector">
<input class="form-control" style="width: 150px" type="text" id="policy.config.nbf" name="notBefore" data-ng-model="policy.config.nbf" placeholder="yyyy-MM-dd hh:mm:ss">
</div>
<kc-tooltip>Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-time-not-before.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="policy.config.noa">Not On or After</label>
<label class="col-md-2 control-label" for="policy.config.noa">{{:: 'authz-policy-time-not-on-after' | translate}}</label>
<div class="col-md-6 time-selector">
<input class="form-control" style="width: 150px" type="text" id="policy.config.noa" name="policy.config.noa" data-ng-model="policy.config.noa" placeholder="yyyy-MM-dd hh:mm:ss">
</div>
<kc-tooltip>Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-time-not-on-after.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
<div class="col-sm-1">
<select class="form-control" id="policy.logic"
data-ng-model="policy.logic">
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
</select>
</div>
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

46
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-user-detail.html
View file

@ -3,42 +3,42 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
<li data-ng-show="create">Add User Policy</li>
<li data-ng-hide="create">User</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-user-policy' | translate}}</li>
<li data-ng-hide="create">{{:: 'user' | translate}}</li>
<li data-ng-hide="create">{{policy.name}}</li>
</ol>
<h1 data-ng-show="create">Add User Policy</h1>
<h1 data-ng-show="create">{{:: 'authz-add-user-policy' | translate}}</h1>
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
</div>
<kc-tooltip>The name of this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="description">Description </label>
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
</div>
<kc-tooltip>A description for this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="users">Users <span class="required">*</span></label>
<label class="col-md-2 control-label" for="users">{{:: 'users' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1}" id="users" data-ng-model="selectedUser" data-ng-change="selectUser(selectedUser);" data-placeholder="Select an user..."
ng-options="user as user.username for user in users" data-ng-required="selectedRoles.length == 0">
</select>
</div>
<kc-tooltip>Specifies which user(s) are allowed by this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-user-users.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" style="margin-top: -15px;">
<label class="col-md-2 control-label"></label>
@ -46,48 +46,48 @@
<table class="table table-striped table-bordered">
<thead>
<tr data-ng-hide="!selectedUsers.length">
<th>Username</th>
<th>Actions</th>
<th>{{:: 'username' | translate}}</th>
<th>{{:: 'actions' | translate}}</th>
</tr>
</thead>
<tbody>
<tr ng-repeat="user in selectedUsers | orderBy:'username'">
<td>{{user.username}}</td>
<td class="kc-action-cell">
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedUsers, $index);">Remove</button>
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedUsers, $index);">{{:: 'remove' | translate}}</button>
</td>
</tr>
<tr data-ng-show="!selectedUsers.length">
<td class="text-muted" colspan="3">No users assigned.</td>
<td class="text-muted" colspan="3">{{:: 'authz-no-users-assigned' | translate}}</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
<div class="col-sm-1">
<select class="form-control" id="policy.logic"
data-ng-model="policy.logic">
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
</select>
</div>
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
</div>
<input type="hidden" data-ng-model="policy.type"/>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

19
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-evaluate-result.html
View file

@ -1,12 +1,11 @@
<fieldset>
<form class="form-horizontal" name="clientForm" novalidate>
<span data-ng-show="evaluationResult.results.length == 0"><strong>Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.</strong></span>
<span data-ng-show="evaluationResult.results.length == 0"><strong>{{:: 'authz-evaluation-no-result' | translate}}</strong></span>
<fieldset class="border-top" data-ng-repeat="result in evaluationResult.results">
<legend collapsed><span class="text">{{result.resource.name}}</span>
<kc-tooltip>Provides information about how policies were evaluated for this resource.</kc-tooltip>
</legend>
<div class="form-group">
<label class="col-md-2 control-label">Result</label>
<label class="col-md-2 control-label">{{:: 'authz-result' | translate}}</label>
<div class="col-sm-2">
<div>
@ -16,13 +15,13 @@
data-ng-hide="result.status == 'PERMIT'"><strong>{{result.status}}</strong></span>
</div>
</div>
<kc-tooltip>The overall result for this permission request.</kc-tooltip>
<kc-tooltip>{{:: 'authz-evaluation-result.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label">Scopes</label>
<label class="col-md-2 control-label">{{:: 'authz-scopes' | translate}}</label>
<div class="col-sm-2">
<span data-ng-show="result.scopes.length == 0">Any scope.</span>
<span data-ng-show="result.scopes.length == 0">{{:: 'authz-any-scope' | translate}}</span>
<div>
<ul>
@ -32,13 +31,13 @@
</ul>
</div>
</div>
<kc-tooltip>The requested scopes.</kc-tooltip>
<kc-tooltip>{{:: 'authz-evaluation-scopes.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group" data-ng-show="!evaluationResult.entitlements">
<label class="col-md-2 control-label">Policies</label>
<label class="col-md-2 control-label">{{:: 'authz-policies' | translate}}</label>
<div class="col-sm-6">
<span data-ng-show="result.policies.length == 0">No policies were found for this resource.</span>
<span data-ng-show="result.policies.length == 0">{{:: 'authz-evaluation-no-policies-resource' | translate}}</span>
<div>
<ul>
@ -61,7 +60,7 @@
</ul>
</div>
</div>
<kc-tooltip>Details about which policies were evaluated and their decisions.</kc-tooltip>
<kc-tooltip>{{:: 'authz-evaluation-policies.tooltip' | translate}}</kc-tooltip>
</div>
</fieldset>
</form>

105
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-evaluate.html
View file

@ -3,100 +3,96 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">Policy Evaluation</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">{{:: 'authz-policy-evaluation' | translate}}</a></li>
</ol>
<kc-tabs-resource-server></kc-tabs-resource-server>
<div data-ng-show="showResult">
<br>
<a href="" data-ng-click="showRequestTab()">New Evaluation</a>
<a href="" data-ng-click="showRequestTab()">{{:: 'authz-evaluation-new' | translate}}</a>
</div>
<div data-ng-show="evaluationResult && !showResult">
<br>
<a href="" data-ng-click="showResultTab()">Previous Result</a>
<a href="" data-ng-click="showResultTab()">{{:: 'authz-evaluation-previous' | translate}}</a>
</div>
<div data-ng-hide="showResult">
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset>
<fieldset class="border-top">
<legend><span class="text">Identity Information</span>
<kc-tooltip>The available options to configure the identity information that will be used when evaluating policies.</kc-tooltip>
<legend><span class="text">{{:: 'authz-evaluation-identity-information' | translate}}</span>
<kc-tooltip>{{:: 'authz-evaluation-identity-information.tooltip' | translate}}</kc-tooltip>
</legend>
<div class="form-group">
<label class="col-md-2 control-label" for="client">Client</label>
<label class="col-md-2 control-label" for="client">{{:: 'client' | translate}}</label>
<div class="col-sm-2">
<div>
<select class="form-control" id="client"
ng-model="authzRequest.clientId"
ng-options="client.id as client.clientId for client in clients track by client.id">
<option value="">Select a client...</option>
</select>
<option value="">{{:: 'authz-select-client' | translate}}...</option>
</select>
</div>
</div>
<kc-tooltip>A resource server is an already existing client application. In this case, the
client application will also act as a resource server in order to have its resources managed
and protected.
</kc-tooltip>
<kc-tooltip>{{:: 'authz-evaluation-client.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="users">User <span class="required"
<label class="col-md-2 control-label" for="users">{{:: 'user' | translate}} <span class="required"
data-ng-show="!authzRequest.roleIds || authzRequest.roleIds.length == 0">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1, allowClear:true}" id="users"
data-ng-model="authzRequest.userId" data-placeholder="Select an user..."
data-ng-model="authzRequest.userId" data-placeholder="{{:: 'authz-select-user' | translate}}..."
ng-options="user.id as user.username for user in users track by user.id"
data-ng-required="!authzRequest.roleIds || authzRequest.roleIds.length == 0">
<option value=""></option>
</select>
</div>
<kc-tooltip>Specifies which user(s) are allowed by this policy.</kc-tooltip>
<kc-tooltip>{{:: 'authz-evaluation-user.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2">
<button class="btn btn-primary" data-ng-click="entitlements()" data-ng-disabled="authzRequest.userId == null || authzRequest.clientId == null">Entitlements</button>
<button class="btn btn-primary" data-ng-click="entitlements()" data-ng-disabled="authzRequest.userId == null || authzRequest.clientId == null">{{:: 'authz-entitlements' | translate}}</button>
</div>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="reqActions">Roles <span class="required"
<label class="col-md-2 control-label" for="reqActions">{{:: 'roles' | translate}} <span class="required"
data-ng-show="!authzRequest.userId || authzRequest.userId == null">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1}"
data-ng-model="authzRequest.roleIds"
data-placeholder="Any role..." multiple
data-placeholder="{{:: 'authz-any-role' | translate}}..." multiple
data-ng-required="!authzRequest.userId || authzRequest.userId == null">
<option ng-repeat="role in roles track by role.id" value="{{role.name}}">{{role.name}}
</option>
</select>
</div>
<kc-tooltip>Specifies that this policy must be applied to one or more scopes.</kc-tooltip>
<kc-tooltip>{{:: 'authz-evaluation-role.tooltip' | translate}}</kc-tooltip>
</div>
</fieldset>
<fieldset>
<legend collapsed><span class="text">Contextual Information</span>
<kc-tooltip>The available options to configure any contextual information that will be used when evaluating policies.</kc-tooltip>
<legend collapsed><span class="text">{{:: 'authz-evaluation-contextual-info' | translate}}</span>
<kc-tooltip>{{:: 'authz-evaluation-contextual-info.tooltip' | translate}}</kc-tooltip>
</legend>
<div class="form-group clearfix block">
<label class="col-md-2 control-label" for="newRedirectUri">Contextual Attributes</label>
<label class="col-md-2 control-label" for="newRedirectUri">{{:: 'authz-evaluation-contextual-attributes' | translate}}</label>
<div class="col-sm-6">
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Key</th>
<th>Value</th>
<th>Actions</th>
<th>{{:: 'key' | translate}}</th>
<th>{{:: 'value' | translate}}</th>
<th>{{:: 'actions' | translate}}</th>
</tr>
</thead>
<tbody>
@ -114,7 +110,7 @@
</td>
<td class="kc-action-cell">
<button class="btn btn-default btn-block btn-sm"
data-ng-click="removeContextAttribute(key)">Delete
data-ng-click="removeContextAttribute(key)">{{:: 'delete' | translate}}
</button>
</td>
</tr>
@ -142,7 +138,7 @@
<button class="btn btn-default btn-block btn-sm"
data-ng-click="addContextAttribute()"
data-ng-disabled="!newContextAttribute.key || newContextAttribute.key == ''">
Add
{{:: 'add' | translate}}
</button>
</td>
</tr>
@ -150,27 +146,25 @@
</table>
</div>
<kc-tooltip>Any attribute provided by a running environment or execution context.</kc-tooltip>
<kc-tooltip>{{:: 'authz-evaluation-contextual-attributes.tooltip' | translate}}</kc-tooltip>
</div>
</fieldset>
<fieldset>
<legend><span class="text">Permission</span>
<kc-tooltip>The available options to configure the permissions to which policies will be applied.</kc-tooltip>
<legend><span class="text">{{:: 'authz-permissions' | translate}}</span>
<kc-tooltip>{{:: 'authz-evaluation-permissions.tooltip' | translate}}</kc-tooltip>
</legend>
<div class="form-group">
<label class="col-md-2 control-label" for="applyResourceType">Apply to Resource Type</label>
<label class="col-md-2 control-label" for="applyResourceType">{{:: 'authz-permission-resource-apply-to-resource-type' | translate}}</label>
<div class="col-md-6">
<input ng-model="applyResourceType" id="applyResourceType" onoffswitch
data-ng-click="setApplyToResourceType()"/>
</div>
<kc-tooltip>Specifies if this policy must be applied to all resources with a given type. In this
case, this policy will be evaluated for all instances
of a given resource type.
<kc-tooltip>{{:: 'authz-permission-resource-apply-to-resource-type.tooltip' | translate}}
</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-hide="applyResourceType">
<label class="col-md-2 control-label" for="reqActions">Resources <span class="required">*</span></label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resources' | translate}} <span class="required">*</span></label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1, allowClear:true }"
@ -182,11 +176,10 @@
<option value=""></option>
</select>
</div>
<kc-tooltip>Specifies that this policy must be applied to a specific resource instance.
</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-resource-resource.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-show="applyResourceType">
<label class="col-md-2 control-label" for="newResource.type">Resource Type <span
<label class="col-md-2 control-label" for="newResource.type">{{:: 'authz-resource-type' | translate}} <span
class="required">*</span></label>
<div class="col-md-6">
@ -195,37 +188,35 @@
data-ng-required="applyResourceType && !authzRequest.resources[0].type && !authzRequest.entitlements">
</div>
<kc-tooltip>Specifies that this policy must be applied to all resources instances of a given
type.
</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-resource-type.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-show="applyResourceType || newResource._id == null">
<label class="col-md-2 control-label" for="newResource.scopes">Scopes</label>
<label class="col-md-2 control-label" for="newResource.scopes">{{:: 'authz-scopes' | translate}}</label>
<div class="col-md-6">
<select ui-select2="{ minimumInputLength: 1}"
id="newResource.scopes"
multiple
data-ng-model="newResource.scopes"
data-placeholder="Select a scope..."
data-placeholder="{{:: 'authz-select-scope' | translate}}..."
data-ng-options="scope.name as scope.name for scope in scopes track by scope.name"/>
</div>
<kc-tooltip>Specifies that this policy must be applied to one or more scopes.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-show="newResource._id != null">
<label class="col-md-2 control-label" for="newResource.scopes">Scopes</label>
<label class="col-md-2 control-label" for="newResource.scopes">{{:: 'authz-scopes' | translate}}</label>
<div class="col-md-6">
<select ui-select2
id="newResource.scopes"
data-ng-model="newResource.scopes"
data-placeholder="Any scope..." multiple>
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple>
<option ng-repeat="scope in scopes" value="{{scope.name}}">{{scope.name}}</option>
</select>
</div>
<kc-tooltip>Specifies that this policy must be applied to one or more scopes.</kc-tooltip>
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix block" data-ng-show="!applyResourceType">
<label class="col-md-2 control-label" for="newRedirectUri"></label>
@ -235,21 +226,21 @@
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Resource</th>
<th>Scopes</th>
<th>Actions</th>
<th>{{:: 'authz-resource' | translate}}</th>
<th>{{:: 'authz-scopes' | translate}}</th>
<th>{{:: 'actions' | translate}}</th>
</tr>
</thead>
<tbody>
<tr data-ng-show="!authzRequest.resources || authzRequest.resources.length == 0">
<td colspan="3">
No resources.
{{:: 'authz-no-resources' | translate}}
</td>
</tr>
<tr ng-repeat="resource in authzRequest.resources">
<td>{{resource.name ? resource.name : 'Any resource with scope(s)'}}</td>
<td>{{resource.name ? resource.name : 'authz-evaluation-any-resource-with-scopes' | translate}}</td>
<td>
<span data-ng-show="!resource.scopes.length">Any scope.</span>
<span data-ng-show="!resource.scopes.length">{{:: 'authz-any-scope' | translate}}.</span>
<span data-ng-show="resource.scopes.length > 0">
<span ng-repeat="scope in resource.scopes">
{{scope}} {{$last ? '' : ', '}}
@ -258,7 +249,7 @@
</td>
<td class="kc-action-cell">
<button class="btn btn-default btn-block btn-sm"
data-ng-click="removeResource($index)">Delete
data-ng-click="removeResource($index)">{{:: 'delete' | translate}}
</button>
</td>
</tr>
@ -270,8 +261,8 @@
<div class="form-group">
<div class="col-md-10 col-md-offset-2">
<button kc-save data-ng-click="evaluate()">Evaluate</button>
<button kc-reset data-ng-disabled="!changed">Reset</button>
<button kc-save data-ng-click="evaluate()">{{:: 'authz-evaluation-evaluate' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'reset' | translate}}</button>
</div>
</div>
</fieldset>

19
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
View file

@ -3,20 +3,19 @@
<kc-tabs-resource-server></kc-tabs-resource-server>
<table class="table table-striped table-bordered">
<caption class="hidden">Table of identity providers</caption>
<thead>
<tr>
<th class="kc-table-actions" colspan="5">
<div class="form-inline">
<div class="form-group">
Filter by:&nbsp;&nbsp;
{{:: 'filter' | translate}}:&nbsp;&nbsp;
<div class="input-group">
<input type="text" placeholder="Name" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<input type="text" placeholder="{{:: 'name' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
</div>
<div class="input-group">
<select class="form-control search" data-ng-model="search.type"
ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type">
<option value="" selected ng-click="search.type = ''">All types</option>
<option value="" selected ng-click="search.type = ''">{{:: 'authz-all-types' | translate}}</option>
</select>
</div>
</div>
@ -24,16 +23,16 @@
<select class="form-control" ng-model="policyType"
ng-options="p.name group by p.group for p in policyProviders track by p.type"
data-ng-change="addPolicy(policyType);">
<option value="" disabled selected>Create policy...</option>
<option value="" disabled selected>{{:: 'authz-create-policy' | translate}}...</option>
</select>
</div>
</div>
</th>
</tr>
<tr data-ng-hide="policies.length == 0">
<th>Policy Name</th>
<th>Description</th>
<th>Type</th>
<th>{{:: 'name' | translate}}</th>
<th>{{:: 'description' | translate}}</th>
<th>{{:: 'type' | translate}}</th>
</tr>
</thead>
<tbody>
@ -43,8 +42,8 @@
<td>{{policy.type}}</td>
</tr>
<tr data-ng-show="(policies | filter:search).length == 0">
<td class="text-muted" colspan="3" data-ng-show="search.name">No results</td>
<td class="text-muted" colspan="3" data-ng-hide="search.name">No policies available</td>
<td class="text-muted" colspan="3" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
<td class="text-muted" colspan="3" data-ng-hide="search.name">{{:: 'authz-no-policies-available' | translate}}</td>
</tr>
</tbody>
</table>

45
themes/src/main/resources/theme/base/admin/resources/partials/authz/resource-server-detail.html
View file

@ -5,17 +5,17 @@
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset>
<div class="form-group">
<label for="import-file" class="col-sm-2 control-label">Import</label>
<label for="import-file" class="col-sm-2 control-label">{{:: 'import' | translate}}</label>
<div class="col-md-6">
<div class="controls kc-button-input-file" data-ng-show="!importing">
<label for="import-file" class="btn btn-default">Select file <i class="pficon pficon-import"></i></label>
<label for="import-file" class="btn btn-default">{{:: 'select-file' | translate}} <i class="pficon pficon-import"></i></label>
<input id="import-file" type="file" class="hidden" kc-on-read-file="onFileSelect($fileContent)">
</div>
<div class="col-md-6" data-ng-show="importing">
<input type="button" class="btn btn-default" data-ng-click="viewImportDetails()" value="{{:: 'view-details' | translate}}"/>
</div>
</div>
<kc-tooltip>Import a JSON file containing all settings for this resource server.</kc-tooltip>
<kc-tooltip>{{:: 'authz-import-config.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="importing">
@ -26,53 +26,52 @@
</fieldset>
<fieldset class="border-top" data-ng-hide="importing">
<div class="form-group">
<label class="col-md-2 control-label" for="server.policyEnforcementMode">Policy Enforcement Mode</label>
<label class="col-md-2 control-label" for="server.policyEnforcementMode">{{:: 'authz-policy-enforcement-mode' | translate}}</label>
<div class="col-md-2">
<select class="form-control" id="server.policyEnforcementMode" data-ng-model="server.policyEnforcementMode">
<option value="ENFORCING">Enforcing</option>
<option value="PERMISSIVE">Permissive</option>
<option value="DISABLED">Disabled</option>
<option value="ENFORCING">{{:: 'authz-policy-enforcement-mode-enforcing' | translate}}</option>
<option value="PERMISSIVE">{{:: 'authz-policy-enforcement-mode-permissive' | translate}}</option>
<option value="DISABLED">{{:: 'authz-policy-enforcement-mode-disabled' | translate}}</option>
</select>
</div>
<kc-tooltip>The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests
are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allow access to any resource.</kc-tooltip>
<kc-tooltip>{{:: 'authz-policy-enforcement-mode.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">Remote Resource Management</label>
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">{{:: 'authz-remote-resource-management' | translate}}</label>
<div class="col-md-6">
<input ng-model="server.allowRemoteResourceManagement" id="server.allowRemoteResourceManagement" onoffswitch />
</div>
<kc-tooltip>Should resources be managed remotely by the resource server? If false, resources can only be managed from this admin console.</kc-tooltip>
<kc-tooltip>{{:: 'authz-remote-resource-management.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</fieldset>
<fieldset class="border-top" data-ng-show="server.id">
<legend><span class="text">Export Settings</span>
<kc-tooltip>Here you can export all settings for this resource server.</kc-tooltip>
<legend><span class="text">{{:: 'authz-export-settings' | translate}}</span>
<kc-tooltip>{{:: 'authz-export-settings.tooltip' | translate}}</kc-tooltip>
</legend>
<div class="form-group">
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">Export Settings</label>
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">{{:: 'authz-export-settings' | translate}}</label>
<div class="col-md-6">
<button data-ng-click="export()" class="btn btn-primary" data-ng-hide="settings">Export</button>
<button data-ng-click="downloadSettings()" class="btn btn-primary" data-ng-show="settings">Download</button>
<button data-ng-click="cancelExport()" class="btn btn-primary" data-ng-show="settings">Cancel</button>
<button data-ng-click="export()" class="btn btn-primary" data-ng-hide="settings">{{:: 'export' | translate}}</button>
<button data-ng-click="downloadSettings()" class="btn btn-primary" data-ng-show="settings">{{:: 'download' | translate}}</button>
<button data-ng-click="cancelExport()" class="btn btn-primary" data-ng-show="settings">{{:: 'cancel' | translate}}</button>
</div>
<kc-tooltip>Export and download all settings for this resource server.</kc-tooltip>
<kc-tooltip>{{:: 'authz-export-settings.tooltip' | translate}}</kc-tooltip>
</div>
<fieldset class="margin-top">
<div class="form-group" ng-show="settings">
<div class="col-sm-12">
<a class="btn btn-primary btn-lg" data-ng-click="download()" type="submit" ng-show="installation">Download</a>
<a class="btn btn-primary btn-lg" data-ng-click="download()" type="submit" ng-show="installation">{{:: 'download' | translate}}</a>
<textarea class="form-control" rows="20" kc-select-action="click">{{settings}}</textarea>
</div>
</div>

42
themes/src/main/resources/theme/base/admin/resources/partials/authz/resource-server-resource-detail.html
View file

@ -3,74 +3,74 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">Resource</a></li>
<li data-ng-show="create">Add Resource</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">{{:: 'authz-resource' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-resource' | translate}}</li>
<li data-ng-hide="create">{{resource.name}}</li>
</ol>
<h1 data-ng-show="create">Add Resource</h1>
<h1 data-ng-show="create">{{:: 'authz-add-resource' | translate}}</h1>
<h1 data-ng-hide="create">{{resource.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name <span class="required" data-ng-show="create">*</span></label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required" data-ng-show="create">*</span></label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="resource.name" autofocus required>
</div>
<kc-tooltip>An unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.</kc-tooltip>
<kc-tooltip>{{:: 'authz-resource-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group" data-ng-hide="create">
<label class="col-md-2 control-label" for="resource.owner.name">Owner </label>
<label class="col-md-2 control-label" for="resource.owner.name">{{:: 'authz-owner' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="resource.owner.name" name="name" data-ng-model="resource.owner.name" autofocus disabled>
</div>
<kc-tooltip>The owner of this resource.</kc-tooltip>
<kc-tooltip>{{:: 'authz-resource-owner.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="type">Type </label>
<label class="col-md-2 control-label" for="type">{{:: 'type' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="type" name="name" data-ng-model="resource.type" autofocus>
</div>
<kc-tooltip>The type of this resource. It can be used to group different resource instances with the same type.</kc-tooltip>
<kc-tooltip>{{:: 'authz-resource-type.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="uri">URI </label>
<label class="col-md-2 control-label" for="uri">{{:: 'authz-uri' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="uri" name="name" data-ng-model="resource.uri" autofocus>
</div>
<kc-tooltip>An URI that can also be used to uniquely identify this resource.</kc-tooltip>
<kc-tooltip>{{:: 'authz-resource-uri.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group clearfix">
<label class="col-md-2 control-label" for="reqActions">Scopes</label>
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}}</label>
<div class="col-md-6">
<select ui-select2 id="reqActions" ng-model="resource.scopes" data-placeholder="Select an scope..." multiple>
<select ui-select2 id="reqActions" ng-model="resource.scopes" data-placeholder="{{:: 'authz-select-scope' | translate}}..." multiple>
<option ng-repeat="scope in scopes" value="{{scope.name}}" ng-selected="true">{{scope.name}}</option>
</select>
</div>
<kc-tooltip>The scopes associated with this resource.</kc-tooltip>
<kc-tooltip>{{:: 'authz-resource-scopes.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="iconUri">Icon URI </label>
<label class="col-md-2 control-label" for="iconUri">{{:: 'authz-icon-uri' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="iconUri" name="name" data-ng-model="resource.icon_uri" autofocus>
</div>
<kc-tooltip>An URI pointing to an icon for this resource.</kc-tooltip>
<kc-tooltip>{{:: 'authz-icon-uri.tooltip' | translate}}</kc-tooltip>
</div>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

36
themes/src/main/resources/theme/base/admin/resources/partials/authz/resource-server-resource-list.html
View file

@ -7,16 +7,16 @@
<tr>
<th class="kc-table-actions" colspan="7">
<div class="form-inline">
Filter by:&nbsp;&nbsp;
{{:: 'filter' | translate}}:&nbsp;&nbsp;
<div class="form-group">
<div class="input-group">
<input type="text" placeholder="Name" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<input type="text" placeholder="{{:: 'name' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<div class="input-group-addon">
<i class="fa fa-search" type="submit"></i>
</div>
</div>
<div class="input-group">
<input type="text" placeholder="Owner" data-ng-model="search.owner.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<input type="text" placeholder="{{:: 'authz-owner' | translate}}" data-ng-model="search.owner.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<div class="input-group-addon">
<i class="fa fa-search" type="submit"></i>
</div>
@ -24,25 +24,25 @@
<div class="input-group">
<select class="form-control search" data-ng-model="search.type"
ng-options="r.type as r.type for r in resources | unique : 'type'">
<option value="" selected ng-click="search.type = ''">All types</option>
<option value="" selected ng-click="search.type = ''">{{:: 'type' | translate}}</option>
</select>
</div>
</div>
<div class="pull-right">
<a id="createResource" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource/create">Create</a>
<a id="createResource" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource/create">{{:: 'create' | translate}}</a>
</div>
</div>
</th>
</tr>
<tr data-ng-hide="resources.length == 0">
<th>Name</th>
<th>Type</th>
<th>Uri</th>
<th>Owner</th>
<th>Scopes</th>
<th>Permissions</th>
<th>Actions</th>
<th>{{:: 'name' | translate}}</th>
<th>{{:: 'type' | translate}}</th>
<th>{{:: 'authz-uri' | translate}}</th>
<th>{{:: 'authz-owner' | translate}}</th>
<th>{{:: 'authz-scopes' | translate}}</th>
<th>{{:: 'authz-permissions' | translate}}</th>
<th>{{:: 'actions' | translate}}</th>
</tr>
</thead>
<tbody>
@ -50,12 +50,12 @@
<td><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource/{{resource._id}}">{{resource.name}}</a></td>
<td>
<span data-ng-show="resource.type">{{resource.type}}</span>
<span data-ng-show="!resource.type">No type defined.</span>
<span data-ng-show="!resource.type">{{:: 'authz-no-type-defined' | translate}}</span>
</td>
<td>{{resource.uri}}</td>
<td>{{resource.owner.name}}</td>
<td>
<span data-ng-show="!resource.scopes.length">No scopes assigned.</span>
<span data-ng-show="!resource.scopes.length">{{:: 'authz-no-scopes-assigned' | translate}}</span>
<span data-ng-show="resource.scopes.length > 0">
<span ng-repeat="scope in resource.scopes">
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/{{scope.id}}">{{scope.name}}</a>{{$last ? '' : ', '}}
@ -63,7 +63,7 @@
</span>
</td>
<td>
<span data-ng-show="!resource.policies.length">No permission assigned.</span>
<span data-ng-show="!resource.policies.length">{{:: 'authz-no-permission-assigned' | translate}}</span>
<span data-ng-show="resource.policies.length > 0">
<span ng-repeat="policy in resource.policies">
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission/{{policy.type}}/{{policy.id}}">{{policy.name}}</a>{{$last ? '' : ', '}}
@ -71,12 +71,12 @@
</span>
</td>
<td class="kc-action-cell" style="vertical-align: middle">
<button class="btn btn-default btn-block btn-sm" ng-click="createPolicy(resource);">Create Permission</button>
<button class="btn btn-default btn-block btn-sm" ng-click="createPolicy(resource);">{{:: 'authz-create-permission' | translate}}</button>
</td>
</tr>
<tr data-ng-show="(resources | filter:search).length == 0">
<td class="text-muted" colspan="6" data-ng-show="search.name">No results</td>
<td class="text-muted" colspan="6" data-ng-hide="search.name">No resources available</td>
<td class="text-muted" colspan="6" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
<td class="text-muted" colspan="6" data-ng-hide="search.name">{{:: 'authz-no-resources-available' | translate}}</td>
</tr>
</tbody>
</table>

24
themes/src/main/resources/theme/base/admin/resources/partials/authz/resource-server-scope-detail.html
View file

@ -3,42 +3,42 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">Scope</a></li>
<li data-ng-show="create">Add Scope</li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">{{:: 'authz-scope' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-scope' | translate}}</li>
<li data-ng-hide="create">{{scope.name}}</li>
</ol>
<h1 data-ng-show="create">Add Scope</h1>
<h1 data-ng-show="create">{{:: 'authz-add-scope' | translate}}</h1>
<h1 data-ng-hide="create">{{scope.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
data-ng-hide="changed" data-ng-click="remove()"></i></h1>
<form class="form-horizontal" name="clientForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-md-2 control-label" for="name">Name </label>
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="scope.name" autofocus>
</div>
<kc-tooltip>An unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.</kc-tooltip>
<kc-tooltip>{{:: 'authz-scope-name.tooltip' | translate}}</kc-tooltip>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="name">Icon URI </label>
<label class="col-md-2 control-label" for="name">{{:: 'authz-icon-uri' | translate}} </label>
<div class="col-sm-6">
<input class="form-control" type="text" id="name" name="name" data-ng-model="scope.iconUri" autofocus>
</div>
<kc-tooltip>An URI pointing to an icon for this scope.</kc-tooltip>
<kc-tooltip>{{:: 'authz-icon-uri.tooltip' | translate}}</kc-tooltip>
</div>
</fieldset>
<div class="form-group">
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
</div>
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
<button kc-save data-ng-disabled="!changed">Save</button>
<button kc-reset data-ng-disabled="!changed">Cancel</button>
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
</div>
</div>
</form>

10
themes/src/main/resources/theme/base/admin/resources/partials/authz/resource-server-scope-list.html
View file

@ -9,7 +9,7 @@
<div class="form-inline">
<div class="form-group">
<div class="input-group">
<input type="text" placeholder="Search..." data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<input type="text" placeholder="{{:: 'search.placeholder' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
<div class="input-group-addon">
<i class="fa fa-search" type="submit"></i>
</div>
@ -17,13 +17,13 @@
</div>
<div class="pull-right">
<a id="createScope" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/create">Create</a>
<a id="createScope" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/create">{{:: 'create' | translate}}</a>
</div>
</div>
</th>
</tr>
<tr data-ng-hide="scopes.length == 0">
<th>Scope Name</th>
<th>{{:: 'name' | translate}}</th>
</tr>
</thead>
<tbody>
@ -31,8 +31,8 @@
<td><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/{{scope.id}}">{{scope.name}}</a></td>
</tr>
<tr data-ng-show="(scopes | filter:search).length == 0">
<td class="text-muted" colspan="3" data-ng-show="search.name">No results</td>
<td class="text-muted" colspan="3" data-ng-hide="search.name">No scopes available</td>
<td class="text-muted" colspan="3" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
<td class="text-muted" colspan="3" data-ng-hide="search.name">{{:: 'authz-no-scopes-available' | translate}}</td>
</tr>
</tbody>
</table>

4
themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
View file

@ -111,8 +111,8 @@
</div>
</div>
<div class="form-group" data-ng-show="protocol == 'openid-connect'">
<label class="col-md-2 control-label" for="authorizationServicesEnabled">Authorization Enabled</label>
<kc-tooltip>Enable/Disable fine-grained authorization support for a client</kc-tooltip>
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
<div class="col-md-6">
<input ng-model="client.authorizationServicesEnabled" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
</div>

12
themes/src/main/resources/theme/base/admin/resources/templates/authz/kc-tabs-resource-server.html
View file

@ -3,11 +3,11 @@
<kc-tabs-client></kc-tabs-client>
<ul class="nav nav-tabs nav-tabs-pf" data-ng-hide="create && !path[4]" style="margin-left: 15px">
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/">Settings</a></li>
<li ng-class="{active: path[6] == 'resource'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">Resources</a></li>
<li ng-class="{active: path[6] == 'scope'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">Authorization Scopes</a></li>
<li ng-class="{active: path[6] == 'policy'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
<li ng-class="{active: path[6] == 'permission'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">Permissions</a></li>
<li ng-class="{active: path[6] == 'evaluate'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">Evaluate</a></li>
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/">{{:: 'settings' | translate}}</a></li>
<li ng-class="{active: path[6] == 'resource'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">{{:: 'authz-resources' | translate}}</a></li>
<li ng-class="{active: path[6] == 'scope'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">{{:: 'authz-authz-scopes' | translate}}</a></li>
<li ng-class="{active: path[6] == 'policy'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li ng-class="{active: path[6] == 'permission'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">{{:: 'authz-permissions' | translate}}</a></li>
<li ng-class="{active: path[6] == 'evaluate'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">{{:: 'authz-evaluate' | translate}}</a></li>
</ul>
</div>

2
themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-client.html
View file

@ -19,7 +19,7 @@
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/scope-mappings">{{:: 'scope' | translate}}</a>
<kc-tooltip>{{:: 'scope.tooltip' | translate}}</kc-tooltip>
</li>
<li ng-class="{active: path[4] == 'authz'}" data-ng-show="client.authorizationServicesEnabled"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
<li ng-class="{active: path[4] == 'authz'}" data-ng-show="client.authorizationServicesEnabled"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li ng-class="{active: path[4] == 'revocation'}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/revocation">{{:: 'revocation' | translate}}</a></li>
<!-- <li ng-class="{active: path[4] == 'identity-provider'}" data-ng-show="realm.identityFederationEnabled"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/identity-provider">Identity Provider</a></li> -->
<li ng-class="{active: path[4] == 'sessions'}" data-ng-show="!client.bearerOnly">