[KEYCLOAK-3137] - Review i18n for AuthZ Services
This commit is contained in:
parent
bffbc9e198
commit
aacf2e9390
23 changed files with 608 additions and 451 deletions
|
@ -34,9 +34,16 @@ import org.keycloak.authorization.policy.evaluation.Result;
|
|||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.authorization.util.Permissions;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.protocol.ProtocolMapper;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.services.Urls;
|
||||
|
||||
|
@ -156,15 +163,17 @@ public class PolicyEvaluationService {
|
|||
}
|
||||
|
||||
private KeycloakIdentity createIdentity(PolicyEvaluationRequest representation) {
|
||||
RealmModel realm = this.authorization.getKeycloakSession().getContext().getRealm();
|
||||
KeycloakSession keycloakSession = this.authorization.getKeycloakSession();
|
||||
RealmModel realm = keycloakSession.getContext().getRealm();
|
||||
AccessToken accessToken = new AccessToken();
|
||||
|
||||
accessToken.subject(representation.getUserId());
|
||||
accessToken.issuedFor(representation.getClientId());
|
||||
accessToken.audience(representation.getClientId());
|
||||
accessToken.issuer(Urls.realmIssuer(this.authorization.getKeycloakSession().getContext().getUri().getBaseUri(), realm.getName()));
|
||||
accessToken.issuer(Urls.realmIssuer(keycloakSession.getContext().getUri().getBaseUri(), realm.getName()));
|
||||
accessToken.setRealmAccess(new AccessToken.Access());
|
||||
|
||||
AccessToken.Access realmAccess = accessToken.getRealmAccess();
|
||||
Map<String, Object> claims = accessToken.getOtherClaims();
|
||||
Map<String, String> givenAttributes = representation.getContext().get("attributes");
|
||||
|
||||
|
@ -175,31 +184,60 @@ public class PolicyEvaluationService {
|
|||
String subject = accessToken.getSubject();
|
||||
|
||||
if (subject != null) {
|
||||
UserModel userModel = this.authorization.getKeycloakSession().users().getUserById(subject, realm);
|
||||
UserModel userModel = keycloakSession.users().getUserById(subject, realm);
|
||||
|
||||
if (userModel != null) {
|
||||
Set<RoleModel> roleMappings = userModel.getRoleMappings();
|
||||
userModel.getAttributes().forEach(claims::put);
|
||||
|
||||
roleMappings.stream().map(RoleModel::getName).forEach(roleName -> accessToken.getRealmAccess().addRole(roleName));
|
||||
userModel.getRoleMappings().stream().map(RoleModel::getName).forEach(roleName -> realmAccess.addRole(roleName));
|
||||
|
||||
String clientId = representation.getClientId();
|
||||
|
||||
if (clientId == null) {
|
||||
clientId = resourceServer.getClientId();
|
||||
}
|
||||
|
||||
if (clientId != null) {
|
||||
ClientModel clientModel = realm.getClientById(clientId);
|
||||
ClientSessionModel clientSession = null;
|
||||
UserSessionModel userSession = null;
|
||||
try {
|
||||
clientSession = keycloakSession.sessions().createClientSession(realm, clientModel);
|
||||
userSession = keycloakSession.sessions().createUserSession(realm, userModel, userModel.getUsername(), "127.0.0.1", "passwd", false, null, null);
|
||||
|
||||
UserSessionModel finalUserSession = userSession;
|
||||
ClientSessionModel finalClientSession = clientSession;
|
||||
|
||||
for (ProtocolMapperModel mapping : clientModel.getProtocolMappers()) {
|
||||
KeycloakSessionFactory sessionFactory = keycloakSession.getKeycloakSessionFactory();
|
||||
ProtocolMapper mapper = (ProtocolMapper)sessionFactory.getProviderFactory(ProtocolMapper.class, mapping.getProtocolMapper());
|
||||
|
||||
if (mapper != null && (mapper instanceof OIDCAccessTokenMapper)) {
|
||||
accessToken = ((OIDCAccessTokenMapper)mapper).transformAccessToken(accessToken, mapping, keycloakSession, finalUserSession, finalClientSession);
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
if (clientSession != null) {
|
||||
keycloakSession.sessions().removeClientSession(realm, clientSession);
|
||||
}
|
||||
|
||||
if (userSession != null) {
|
||||
keycloakSession.sessions().removeUserSession(realm, userSession);
|
||||
}
|
||||
}
|
||||
|
||||
accessToken.addAccess(clientModel.getClientId());
|
||||
AccessToken.Access resourceAccess = accessToken.getResourceAccess(clientModel.getClientId());
|
||||
|
||||
userModel.getClientRoleMappings(clientModel).stream().map(RoleModel::getName).forEach(roleName -> accessToken.getResourceAccess(clientModel.getClientId()).addRole(roleName));
|
||||
|
||||
//TODO: would be awesome if we could transform the access token using the configured protocol mappers. Tried, but without a clientSession and userSession is tuff.
|
||||
userModel.getClientRoleMappings(clientModel).stream().map(RoleModel::getName).forEach(roleName -> resourceAccess.addRole(roleName));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (representation.getRoleIds() != null) {
|
||||
representation.getRoleIds().forEach(roleName -> accessToken.getRealmAccess().addRole(roleName));
|
||||
representation.getRoleIds().forEach(roleName -> realmAccess.addRole(roleName));
|
||||
}
|
||||
|
||||
return new KeycloakIdentity(accessToken, this.authorization.getKeycloakSession());
|
||||
return new KeycloakIdentity(accessToken, keycloakSession);
|
||||
}
|
||||
}
|
|
@ -55,75 +55,42 @@ public class PolicyEvaluationResponse {
|
|||
PolicyEvaluationResponse response = new PolicyEvaluationResponse();
|
||||
List<EvaluationResultRepresentation> resultsRep = new ArrayList<>();
|
||||
|
||||
response.entitlements = evaluationRequest.isEntitlements();
|
||||
|
||||
if (response.entitlements) {
|
||||
List<Permission> entitlements = Permissions.allPermits(results);
|
||||
|
||||
if (entitlements.isEmpty()) {
|
||||
response.status = Effect.DENY;
|
||||
} else {
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
|
||||
for (Permission permission : entitlements) {
|
||||
EvaluationResultRepresentation rep = new EvaluationResultRepresentation();
|
||||
|
||||
rep.setStatus(Effect.PERMIT);
|
||||
resultsRep.add(rep);
|
||||
|
||||
Resource resource = storeFactory.getResourceStore().findById(permission.getResourceSetId());
|
||||
|
||||
if (resource != null) {
|
||||
rep.setResource(Models.toRepresentation(resource, resourceServer, authorization));
|
||||
} else {
|
||||
ResourceRepresentation representation = new ResourceRepresentation();
|
||||
|
||||
representation.setName("Any Resource with Scopes " + permission.getScopes());
|
||||
|
||||
rep.setResource(representation);
|
||||
}
|
||||
|
||||
rep.setScopes(permission.getScopes().stream().map(ScopeRepresentation::new).collect(Collectors.toList()));
|
||||
}
|
||||
}
|
||||
if (results.stream().anyMatch(evaluationResult -> evaluationResult.getEffect().equals(Effect.DENY))) {
|
||||
response.status = Effect.DENY;
|
||||
} else {
|
||||
if (results.stream().anyMatch(evaluationResult -> evaluationResult.getEffect().equals(Effect.DENY))) {
|
||||
response.status = Effect.DENY;
|
||||
response.status = Effect.PERMIT;
|
||||
}
|
||||
|
||||
for (Result result : results) {
|
||||
EvaluationResultRepresentation rep = new EvaluationResultRepresentation();
|
||||
|
||||
rep.setStatus(result.getEffect());
|
||||
resultsRep.add(rep);
|
||||
|
||||
if (result.getPermission().getResource() != null) {
|
||||
rep.setResource(Models.toRepresentation(result.getPermission().getResource(), resourceServer, authorization));
|
||||
} else {
|
||||
response.status = Effect.PERMIT;
|
||||
}
|
||||
ResourceRepresentation resource = new ResourceRepresentation();
|
||||
|
||||
for (Result result : results) {
|
||||
EvaluationResultRepresentation rep = new EvaluationResultRepresentation();
|
||||
|
||||
rep.setStatus(result.getEffect());
|
||||
resultsRep.add(rep);
|
||||
|
||||
if (result.getPermission().getResource() != null) {
|
||||
rep.setResource(Models.toRepresentation(result.getPermission().getResource(), resourceServer, authorization));
|
||||
} else {
|
||||
ResourceRepresentation resource = new ResourceRepresentation();
|
||||
|
||||
resource.setName("Any Resource with Scopes " + result.getPermission().getScopes());
|
||||
|
||||
rep.setResource(resource);
|
||||
}
|
||||
|
||||
rep.setScopes(result.getPermission().getScopes().stream().map(new Function<Scope, ScopeRepresentation>() {
|
||||
resource.setName("Any Resource with Scopes " + result.getPermission().getScopes().stream().map(new Function<Scope, String>() {
|
||||
@Override
|
||||
public ScopeRepresentation apply(Scope scope) {
|
||||
return Models.toRepresentation(scope, authorization);
|
||||
public String apply(Scope scope) {
|
||||
return scope.getName();
|
||||
}
|
||||
}).collect(Collectors.toList()));
|
||||
|
||||
List<PolicyResultRepresentation> policies = new ArrayList<>();
|
||||
|
||||
for (PolicyResult policy : result.getResults()) {
|
||||
policies.add(toRepresentation(policy, authorization));
|
||||
}
|
||||
|
||||
rep.setPolicies(policies);
|
||||
rep.setResource(resource);
|
||||
}
|
||||
|
||||
rep.setScopes(result.getPermission().getScopes().stream().map(scope -> Models.toRepresentation(scope, authorization)).collect(Collectors.toList()));
|
||||
|
||||
List<PolicyResultRepresentation> policies = new ArrayList<>();
|
||||
|
||||
for (PolicyResult policy : result.getResults()) {
|
||||
policies.add(toRepresentation(policy, authorization));
|
||||
}
|
||||
|
||||
rep.setPolicies(policies);
|
||||
}
|
||||
|
||||
response.results = resultsRep;
|
||||
|
|
|
@ -919,4 +919,172 @@ clear-events=Clear events
|
|||
saved-types=Saved Types
|
||||
clear-admin-events=Clear admin events
|
||||
clear-changes=Clear changes
|
||||
error=Error
|
||||
error=Error
|
||||
|
||||
# Authz
|
||||
# Authz Common
|
||||
authz-authorization=Authorization
|
||||
authz-owner=Owner
|
||||
authz-uri=URI
|
||||
authz-scopes=Scopes
|
||||
authz-resource=Resource
|
||||
authz-resource-type=Resource Type
|
||||
authz-resources=Resources
|
||||
authz-scope=Scope
|
||||
authz-authz-scopes=Authorization Scopes
|
||||
authz-policies=Policies
|
||||
authz-permissions=Permissions
|
||||
authz-evaluate=Evaluate
|
||||
authz-icon-uri=Icon URI
|
||||
authz-icon-uri.tooltip=An URI pointing to an icon.
|
||||
authz-select-scope=Select a scope
|
||||
authz-select-resource=Select a resource
|
||||
authz-associated-policies=Associated Policies
|
||||
authz-any-resource=Any resource
|
||||
authz-any-scope=Any scope
|
||||
authz-any-role=Any role
|
||||
authz-policy-evaluation=Policy Evaluation
|
||||
authz-select-client=Select a client
|
||||
authz-select-user=Select an user
|
||||
authz-entitlements=Entitlements
|
||||
authz-no-resources=No resources
|
||||
authz-result=Result
|
||||
authz-authorization-services-enabled=Authorization Enabled
|
||||
authz-authorization-services-enabled.tooltip=Enable/Disable fine-grained authorization support for a client
|
||||
|
||||
# Authz Settings
|
||||
authz-import-config.tooltip=Import a JSON file containing authorization settings for this resource server.
|
||||
|
||||
authz-policy-enforcement-mode=Policy Enforcement Mode
|
||||
authz-policy-enforcement-mode.tooltip=The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allow access to any resource.
|
||||
authz-policy-enforcement-mode-enforcing=Enforcing
|
||||
authz-policy-enforcement-mode-permissive=Permissive
|
||||
authz-policy-enforcement-mode-disabled=Disabled
|
||||
|
||||
authz-remote-resource-management=Remote Resource Management
|
||||
authz-remote-resource-management.tooltip=Should resources be managed remotely by the resource server? If false, resources can only be managed from this admin console.
|
||||
|
||||
authz-export-settings=Export Settings
|
||||
authz-export-settings.tooltip=Export and download all authorization settings for this resource server.
|
||||
|
||||
# Authz Resource List
|
||||
authz-no-resources-available=No resources available.
|
||||
authz-no-scopes-assigned=No scopes assigned.
|
||||
authz-no-type-defined=No type defined.
|
||||
authz-no-permission-assigned=No permission assigned.
|
||||
authz-no-policy-assigned=No policy assigned.
|
||||
authz-create-permission=Create permission
|
||||
|
||||
# Authz Resource Detail
|
||||
authz-add-resource=Add Resource
|
||||
authz-resource-name.tooltip=An unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.
|
||||
authz-resource-owner.tooltip=The owner of this resource.
|
||||
authz-resource-type.tooltip=The type of this resource. It can be used to group different resource instances with the same type.
|
||||
authz-resource-uri.tooltip=An URI that can also be used to uniquely identify this resource.
|
||||
authz-resource-scopes.tooltip=The scopes associated with this resource.
|
||||
|
||||
# Authz Scope List
|
||||
authz-add-scope=Add Scope
|
||||
authz-no-scopes-available=No scopes available.
|
||||
|
||||
# Authz Scope Detail
|
||||
authz-scope-name.tooltip=An unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.
|
||||
|
||||
# Authz Policy List
|
||||
authz-all-types=All types
|
||||
authz-create-policy=Create policy
|
||||
authz-no-policies-available=No policies available.
|
||||
|
||||
# Authz Policy Detail
|
||||
authz-policy-name.tooltip=The name of this policy.
|
||||
authz-policy-description.tooltip=A description for this policy.
|
||||
authz-policy-logic=Logic
|
||||
authz-policy-logic-positive=Positive
|
||||
authz-policy-logic-negative=Negative
|
||||
authz-policy-logic.tooltip=The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
||||
authz-policy-apply-policy=Apply Policy
|
||||
authz-policy-apply-policy.tooltip=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
|
||||
authz-policy-decision-strategy=Decision Strategy
|
||||
authz-policy-decision-strategy.tooltip=The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.
|
||||
authz-policy-decision-strategy-affirmative=Affirmative
|
||||
authz-policy-decision-strategy-unanimous=Unanimous
|
||||
authz-policy-decision-strategy-consensus=Consensus
|
||||
authz-select-a-policy=Select a policy
|
||||
|
||||
# Authz Role Policy Detail
|
||||
authz-add-role-policy=Add Role Policy
|
||||
authz-no-roles-assigned=No roles assigned.
|
||||
authz-policy-role-roles.tooltip=Specifies which role(s) are allowed by this policy.
|
||||
|
||||
# Authz User Policy Detail
|
||||
authz-add-user-policy=Add User Policy
|
||||
authz-no-users-assigned=No users assigned.
|
||||
authz-policy-user-users.tooltip=Specifies which user(s) are allowed by this policy.
|
||||
|
||||
# Authz Time Policy Detail
|
||||
authz-add-time-policy=Add Time Policy
|
||||
authz-policy-time-not-before.tooltip=Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.
|
||||
authz-policy-time-not-on-after=Not On or After
|
||||
authz-policy-time-not-on-after.tooltip=Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.
|
||||
|
||||
# Authz Drools Policy Detail
|
||||
authz-add-drools-policy=Add Drools Policy
|
||||
authz-policy-drools-maven-artifact-resolve=Resolve
|
||||
authz-policy-drools-maven-artifact=Policy Maven Artifact
|
||||
authz-policy-drools-maven-artifact.tooltip=A Maven GAV pointing to an artifact from where the rules would be loaded from. Once you have provided the GAV, you can click *Resolve* to load both *Module* and *Session* fields.
|
||||
authz-policy-drools-module=Module
|
||||
authz-policy-drools-module.tooltip=The module used by this policy. You must provide a module in order to select a specific session from where rules will be loaded from.
|
||||
authz-policy-drools-session=Session
|
||||
authz-policy-drools-session.tooltip=The session used by this policy. The session provides all the rules to evaluate when processing the policy.
|
||||
authz-policy-drools-update-period=Update Period
|
||||
authz-policy-drools-update-period.tooltip=Specifies an interval for scanning for artifact updates.
|
||||
|
||||
# Authz JS Policy Detail
|
||||
authz-add-js-policy=Add JavaScript Policy
|
||||
authz-policy-js-code=Code
|
||||
authz-policy-js-code.tooltip=The JavaScript code providing the conditions for this policy.
|
||||
|
||||
|
||||
# Authz Aggregated Policy Detail
|
||||
authz-aggregated=Aggregated
|
||||
authz-add-aggregated-policy=Add Aggregated Policy
|
||||
|
||||
# Authz Permission List
|
||||
authz-no-permissions-available=No permissions available.
|
||||
|
||||
# Authz Permission Detail
|
||||
authz-permission-name.tooltip=The name of this permission.
|
||||
authz-permission-description.tooltip=A description for this permission.
|
||||
|
||||
# Authz Resource Permission Detail
|
||||
authz-add-resource-permission=Add Resource Permission
|
||||
authz-permission-resource-apply-to-resource-type=Apply to Resource Type
|
||||
authz-permission-resource-apply-to-resource-type.tooltip=Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
|
||||
authz-permission-resource-resource.tooltip=Specifies that this permission must be applied to a specific resource instance.
|
||||
authz-permission-resource-type.tooltip=Specifies that this permission must be applied to all resources instances of a given type.
|
||||
|
||||
# Authz Scope Permission Detail
|
||||
authz-add-scope-permission=Add Scope Permission
|
||||
authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
|
||||
authz-permission-scope-scope.tooltip=Specifies that this permission must be applied to one or more scopes.
|
||||
|
||||
# Authz Evaluation
|
||||
authz-evaluation-identity-information=Identity Information
|
||||
authz-evaluation-identity-information.tooltip=The available options to configure the identity information that will be used when evaluating policies.
|
||||
authz-evaluation-client.tooltip=Select the client making this authorization request.
|
||||
authz-evaluation-user.tooltip=Select an user whose identity is going to be used to query permissions from the server.
|
||||
authz-evaluation-role.tooltip=Select the roles you want to associate with the selected user.
|
||||
authz-evaluation-new=New Evaluation
|
||||
authz-evaluation-previous=Previous Evaluation
|
||||
authz-evaluation-contextual-info=Contextual Information
|
||||
authz-evaluation-contextual-info.tooltip=The available options to configure any contextual information that will be used when evaluating policies.
|
||||
authz-evaluation-contextual-attributes=Contextual Attributes
|
||||
authz-evaluation-contextual-attributes.tooltip=Any attribute provided by a running environment or execution context.
|
||||
authz-evaluation-permissions.tooltip=The available options to configure the permissions to which policies will be applied.
|
||||
authz-evaluation-evaluate=Evaluate
|
||||
authz-evaluation-any-resource-with-scopes=Any resource with scope(s)
|
||||
authz-evaluation-no-result=Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.
|
||||
authz-evaluation-no-policies-resource=No policies were found for this resource.
|
||||
authz-evaluation-result.tooltip=The overall result for this permission request.
|
||||
authz-evaluation-scopes.tooltip=The requested scopes.
|
||||
authz-evaluation-policies.tooltip=Details about which policies were evaluated and their decisions.
|
||||
|
|
|
@ -3,96 +3,94 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">Permissions</a></li>
|
||||
<li data-ng-show="create">Add Resource Permission</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">{{:: 'authz-permissions' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-resource-permission' | translate}}</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add Resource Permission</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-resource-permission' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this permission.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this permission.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.default">Apply to Resource Type</label>
|
||||
<label class="col-md-2 control-label" for="policy.config.default">{{:: 'authz-permission-resource-apply-to-resource-type' | translate}}</label>
|
||||
<div class="col-md-6">
|
||||
<input ng-model="policy.config.default" id="policy.config.default" onoffswitch data-ng-click="applyToResourceType()"/>
|
||||
</div>
|
||||
<kc-tooltip>Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances
|
||||
of a given resource type.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-resource-apply-to-resource-type.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-hide="policy.config.default">
|
||||
<label class="col-md-2 control-label" for="reqActions">Resources <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resources' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1}" id="reqActions" data-ng-model="policy.config.resources" data-placeholder="Select a resource..." multiple data-ng-required="!policy.config.default">
|
||||
<select ui-select2="{ minimumInputLength: 1}" id="reqActions" data-ng-model="policy.config.resources" data-placeholder="{{:: 'authz-select-resource' | translate}}..." multiple data-ng-required="!policy.config.default">
|
||||
<option ng-repeat="resource in resources" value="{{resource._id}}" ng-selected="true">{{resource.name}}</option>
|
||||
</select>
|
||||
</div>
|
||||
<kc-tooltip>Specifies that this permission must be applied to a specific resource instance.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-resource-resource.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="policy.config.default">
|
||||
<label class="col-md-2 control-label" for="policy.config.defaultResourceType">Resource Type <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="policy.config.defaultResourceType">{{:: 'authz-resource-type' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<input class="form-control" type="text" id="policy.config.defaultResourceType" name="policy.config.defaultResourceType" data-ng-model="policy.config.defaultResourceType" data-ng-required="policy.config.default">
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies that this permission must be applied to all resources instances of a given type.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-resource-type.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="reqActions">Apply Policy <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1}" id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="Select a policy..." multiple required>
|
||||
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required>
|
||||
<option ng-repeat="policy in policies" value="{{policy.id}}" ng-selected="true">{{policy.name}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies all the policies that must be applied to the resource type or instances defined by this permission.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.decisionStrategy">Decision Strategy</label>
|
||||
<label class="col-md-2 control-label" for="policy.decisionStrategy">{{:: 'authz-policy-decision-strategy' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<div class="col-sm-2">
|
||||
<select class="form-control" id="policy.decisionStrategy"
|
||||
data-ng-model="policy.decisionStrategy"
|
||||
ng-change="selectDecisionStrategy()">
|
||||
<option ng-repeat="strategy in decisionStrategies" value="{{strategy}}">{{strategy | toCamelCase}}</option>
|
||||
<option value="UNANIMOUS">{{:: 'authz-policy-decision-strategy-unanimous' | translate}}</option>
|
||||
<option value="AFFIRMATIVE">{{:: 'authz-policy-decision-strategy-affirmative' | translate}}</option>
|
||||
<option value="CONSENSUS">{{:: 'authz-policy-decision-strategy-consensus' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained.
|
||||
'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
|
||||
'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive.
|
||||
'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-decision-strategy.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -3,108 +3,107 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">Permissions</a></li>
|
||||
<li data-ng-show="create">Add Scope Permission</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">{{:: 'authz-permissions' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-scope-permission' | translate}}</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add Scope Permission</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-scope-permission' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this permission.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this permission.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="reqActions">Resource</label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resource' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select class="form-control" id="reqActions"
|
||||
ng-model="policy.config.resources"
|
||||
ng-change="resolveScopes(policy)"
|
||||
data-ng-options="resource._id as resource.name for resource in resources">
|
||||
<option value="">Any resource...</option>
|
||||
<option value="">{{:: 'authz-any-resource' | translate}}...</option>
|
||||
</select>
|
||||
</div>
|
||||
<kc-tooltip>Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-scope-resource.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="policy.config.resources">
|
||||
<label class="col-md-2 control-label" for="reqActions">Scopes <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2 id="reqActions"
|
||||
data-ng-model="policy.config.scopes"
|
||||
data-placeholder="Any scope..." multiple
|
||||
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple
|
||||
data-ng-required="policy.config.resources != ''"
|
||||
data-ng-options="scope.id as scope.name for scope in scopes track by scope.id"/>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies that this permission must be applied to one or more scopes.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="!policy.config.resources">
|
||||
<label class="col-md-2 control-label" for="reqActions">Scopes <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1}" id="reqActions"
|
||||
data-ng-model="policy.config.scopes"
|
||||
data-placeholder="Any scope..." multiple
|
||||
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple
|
||||
data-ng-required="policy.config.resources == ''"
|
||||
data-ng-options="scope.id as scope.name for scope in scopes track by scope.id"/>
|
||||
</select>
|
||||
</div>
|
||||
<kc-tooltip>Specifies that this permission must be applied to one or more scopes.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="reqActions">Apply Policy <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="Select a policy..." multiple required>
|
||||
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required>
|
||||
<option ng-repeat="policy in policies" value="{{policy.id}}" ng-selected="true">{{policy.name}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies all the policies that must be applied to the scopes defined by this permission.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.decisionStrategy">Decision Strategy</label>
|
||||
<label class="col-md-2 control-label" for="policy.decisionStrategy">{{:: 'authz-policy-decision-strategy' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<div class="col-sm-2">
|
||||
<select class="form-control" id="policy.decisionStrategy"
|
||||
data-ng-model="policy.decisionStrategy"
|
||||
ng-change="selectDecisionStrategy()">
|
||||
<option ng-repeat="strategy in decisionStrategies" value="{{strategy}}">{{strategy}}</option>
|
||||
<option value="UNANIMOUS">{{:: 'authz-policy-decision-strategy-unanimous' | translate}}</option>
|
||||
<option value="AFFIRMATIVE">{{:: 'authz-policy-decision-strategy-affirmative' | translate}}</option>
|
||||
<option value="CONSENSUS">{{:: 'authz-policy-decision-strategy-consensus' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained.
|
||||
'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
|
||||
'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive.
|
||||
'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-decision-strategy.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -8,14 +8,14 @@
|
|||
<th class="kc-table-actions" colspan="5">
|
||||
<div class="form-inline">
|
||||
<div class="form-group">
|
||||
Filter by:
|
||||
{{:: 'filter' | translate}}:
|
||||
<div class="input-group">
|
||||
<input type="text" placeholder="Name" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<input type="text" placeholder="{{:: 'name' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
</div>
|
||||
<div class="input-group">
|
||||
<select class="form-control search" data-ng-model="search.type"
|
||||
ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type">
|
||||
<option value="" selected ng-click="search.type = ''">All types</option>
|
||||
<option value="" selected ng-click="search.type = ''">{{:: 'authz-all-types' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -23,17 +23,17 @@
|
|||
<select class="form-control" ng-model="policyType"
|
||||
ng-options="p.name for p in policyProviders track by p.type"
|
||||
data-ng-change="addPolicy(policyType);">
|
||||
<option value="" disabled selected>Create permission...</option>
|
||||
<option value="" disabled selected>{{:: 'authz-create-permission' | translate}}...</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</th>
|
||||
</tr>
|
||||
<tr data-ng-hide="policies.length == 0">
|
||||
<th>Permission Name</th>
|
||||
<th>Description</th>
|
||||
<th>Type</th>
|
||||
<th>Associated Policies</th>
|
||||
<th>{{:: 'name' | translate}}</th>
|
||||
<th>{{:: 'description' | translate}}</th>
|
||||
<th>{{:: 'type' | translate}}</th>
|
||||
<th>{{:: 'authz-associated-policies' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -42,7 +42,7 @@
|
|||
<td>{{policy.description}}</td>
|
||||
<td>{{policy.type}}</td>
|
||||
<td>
|
||||
<span data-ng-show="!policy.associatedPolicies.length">No policies assigned.</span>
|
||||
<span data-ng-show="!policy.associatedPolicies.length">{{:: 'authz-no-policy-assigned' | translate}}</span>
|
||||
<span data-ng-show="policy.associatedPolicies.length > 0">
|
||||
<span ng-repeat="policy in policy.associatedPolicies">
|
||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy/{{policy.type}}/{{policy.id}}">{{policy.name}}</a>{{$last ? '' : ', '}}
|
||||
|
@ -51,8 +51,8 @@
|
|||
</td>
|
||||
</tr>
|
||||
<tr data-ng-show="(policies | filter:search).length == 0">
|
||||
<td class="text-muted" colspan="3" data-ng-show="search.name">No results</td>
|
||||
<td class="text-muted" colspan="3" data-ng-hide="search.name">No permissions available</td>
|
||||
<td class="text-muted" colspan="3" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
|
||||
<td class="text-muted" colspan="3" data-ng-hide="search.name">{{:: 'authz-no-permissions-available' | translate}}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
@ -3,84 +3,83 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
|
||||
<li data-ng-show="create">Add Aggregate Policy</li>
|
||||
<li data-ng-hide="create">Aggregated</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-aggregated-policy' | translate}}</li>
|
||||
<li data-ng-hide="create">{{:: 'authz-aggregated' | translate}}</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add Aggregate Policy</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-aggregated-policy' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
|
||||
data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="reqActions">Apply Policy <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="Select a policy..." multiple required>
|
||||
<select ui-select2 id="reqActions" data-ng-model="policy.config.applyPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required>
|
||||
<option ng-repeat="policy in policies" value="{{policy.id}}" ng-selected="true">{{policy.name}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies all the policies that must be applied to the scopes defined by this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.decisionStrategy">Decision Strategy</label>
|
||||
<label class="col-md-2 control-label" for="policy.decisionStrategy">{{:: 'authz-policy-decision-strategy' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<div class="col-sm-2">
|
||||
<select class="form-control" id="policy.decisionStrategy"
|
||||
data-ng-model="policy.decisionStrategy"
|
||||
ng-change="selectDecisionStrategy()">
|
||||
<option ng-repeat="strategy in decisionStrategies" value="{{strategy}}">{{strategy}}</option>
|
||||
<option value="UNANIMOUS">{{:: 'authz-policy-decision-strategy-unanimous' | translate}}</option>
|
||||
<option value="AFFIRMATIVE">{{:: 'authz-policy-decision-strategy-affirmative' | translate}}</option>
|
||||
<option value="CONSENSUS">{{:: 'authz-policy-decision-strategy-consensus' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision is obtained.
|
||||
'Affirmative' means that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
|
||||
'Unanimous' means that all policies must evaluate to a positive decision in order to the overall decision be also positive.
|
||||
'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-decision-strategy.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
|
||||
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
|
||||
|
||||
<div class="col-sm-1">
|
||||
<select class="form-control" id="policy.logic"
|
||||
data-ng-model="policy.logic">
|
||||
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
|
||||
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
|
||||
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
|
||||
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
||||
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -3,40 +3,40 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
|
||||
<li data-ng-show="create">Add Drools Policy</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-drools-policy' | translate}}</li>
|
||||
<li data-ng-hide="create">Drools</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add Drools Policy</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-drools-policy' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
|
||||
data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required" data-ng-show="create">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.mavenArtifactGroupId">Policy Maven Artifact <span class="required" data-ng-show="create">*</span></label>
|
||||
<button data-ng-click="resolveModules()" class="btn btn-primary">Resolve</button>
|
||||
<label class="col-md-2 control-label" for="policy.config.mavenArtifactGroupId">{{:: 'authz-policy-drools-maven-artifact' | translate}} <span class="required" data-ng-show="create">*</span></label>
|
||||
<button data-ng-click="resolveModules()" class="btn btn-primary">{{:: 'authz-policy-drools-maven-artifact-resolve' | translate}}</button>
|
||||
<div class="col-sm-3">
|
||||
<input class="form-control" type="text" id="policy.config.mavenArtifactGroupId" name="policy.config.mavenArtifactGroupId" data-ng-model="policy.config.mavenArtifactGroupId" placeholder="Group Identifier" required>
|
||||
</div>
|
||||
<kc-tooltip>A Maven GAV pointing to an artifact from where the rules would be loaded from. Once you have provided the GAV, you can click *Resolve* to load both *Module* and *Session* fields.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-drools-maven-artifact.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.mavenArtifactId"></label>
|
||||
|
@ -51,7 +51,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.moduleName">Module <span class="required" data-ng-show="create">*</span></label>
|
||||
<label class="col-md-2 control-label" for="policy.config.moduleName">{{:: 'authz-policy-drools-module' | translate}} <span class="required" data-ng-show="create">*</span></label>
|
||||
<div class="col-sm-3">
|
||||
<div>
|
||||
<select class="form-control" id="policy.config.moduleName"
|
||||
|
@ -63,10 +63,10 @@
|
|||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<kc-tooltip>The module used by this policy. You must provide a module in order to select a specific session from where rules will be loaded from.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-drools-module.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.sessionName">Session <span class="required" data-ng-show="create">*</span></label>
|
||||
<label class="col-md-2 control-label" for="policy.config.sessionName">{{:: 'authz-policy-drools-session' | translate}} <span class="required" data-ng-show="create">*</span></label>
|
||||
<div class="col-sm-3">
|
||||
<div>
|
||||
<select class="form-control" id="policy.config.sessionName"
|
||||
|
@ -77,10 +77,10 @@
|
|||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<kc-tooltip>The session used by this policy. The session provides all the rules to evaluate when processing the policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-drools-session.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.scannerPeriod">Update Period</label>
|
||||
<label class="col-md-2 control-label" for="policy.config.scannerPeriod">{{:: 'authz-policy-drools-update-period' | translate}}</label>
|
||||
<div class="col-md-6 time-selector">
|
||||
<input class="form-control" type="number" required min="1" max="31536000" data-ng-model="policy.config.scannerPeriod" id="policy.config.scannerPeriod"
|
||||
name="policy.config.scannerPeriod"
|
||||
|
@ -88,38 +88,38 @@
|
|||
<select class="form-control" name="policy.config.scannerPeriodUnit"
|
||||
data-ng-model="policy.config.scannerPeriodUnit"
|
||||
ng-disabled="!policy.config.sessionName">
|
||||
<option>Seconds</option>
|
||||
<option>Minutes</option>
|
||||
<option>Hours</option>
|
||||
<option>Days</option>
|
||||
<option>{{:: 'seconds' | translate}}</option>
|
||||
<option>{{:: 'minutes' | translate}}</option>
|
||||
<option>{{:: 'hours' | translate}}</option>
|
||||
<option>{{:: 'days' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
<kc-tooltip>Specifies an interval for scanning for artifact updates.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-drools-update-period.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
|
||||
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
|
||||
|
||||
<div class="col-sm-1">
|
||||
<select class="form-control" id="policy.logic"
|
||||
data-ng-model="policy.logic">
|
||||
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
|
||||
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
|
||||
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
|
||||
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
||||
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -6,63 +6,63 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
|
||||
<li data-ng-show="create">Add JS Policy</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-js-policy' | translate}}</li>
|
||||
<li data-ng-hide="create">JavaScript</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add JS Policy</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-js-policy' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Code </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'authz-policy-js-code' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<div ui-ace="{ onLoad : initEditor }" data-ng-model="policy.config.code"></div>
|
||||
</div>
|
||||
<kc-tooltip>The JavaScript code providing the conditions for this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-js-code.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
|
||||
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
|
||||
|
||||
<div class="col-sm-1">
|
||||
<select class="form-control" id="policy.logic"
|
||||
data-ng-model="policy.logic">
|
||||
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
|
||||
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
|
||||
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
|
||||
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
||||
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -21,43 +21,43 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
|
||||
<li data-ng-show="create">Add Role Policy</li>
|
||||
<li data-ng-hide="create">Role</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-role-policy' | translate}}</li>
|
||||
<li data-ng-hide="create">{{:: 'roles' | translate}}</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add Role Policy</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-role-policy' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
|
||||
data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="roles">Roles <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="roles">{{:: 'roles' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1}" id="roles" data-ng-model="selectedRole" data-ng-change="selectRole(selectedRole);" data-placeholder="Select a role..."
|
||||
<select ui-select2="{ minimumInputLength: 1}" id="roles" data-ng-model="selectedRole" data-ng-change="selectRole(selectedRole);" data-placeholder="{{:: 'select-a-role' | translate}}..."
|
||||
ng-options="role as role.name for role in roles" data-ng-required="selectedUsers.length == 0 && selectedRoles.length == 0">
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies which role(s) are allowed by this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-role-roles.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" style="margin-top: -15px;">
|
||||
<label class="col-md-2 control-label"></label>
|
||||
|
@ -65,48 +65,48 @@
|
|||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr data-ng-hide="!selectedRoles.length">
|
||||
<th>Role name</th>
|
||||
<th>Actions</th>
|
||||
<th>{{:: 'name' | translate}}</th>
|
||||
<th>{{:: 'actions' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr ng-repeat="role in selectedRoles | orderBy:'name'">
|
||||
<td>{{role.name}}</td>
|
||||
<td class="kc-action-cell">
|
||||
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedRoles, $index);">Remove</button>
|
||||
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedRoles, $index);">{{:: 'remove' | translate}}</button>
|
||||
</td>
|
||||
</tr>
|
||||
<tr data-ng-show="!selectedRoles.length">
|
||||
<td class="text-muted" colspan="3">No roles assigned.</td>
|
||||
<td class="text-muted" colspan="3">{{:: 'authz-no-roles-assigned' | translate}}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
|
||||
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
|
||||
|
||||
<div class="col-sm-1">
|
||||
<select class="form-control" id="policy.logic"
|
||||
data-ng-model="policy.logic">
|
||||
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
|
||||
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
|
||||
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
|
||||
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
||||
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -6,73 +6,73 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
|
||||
<li data-ng-show="create">Add Time Policy</li>
|
||||
<li data-ng-hide="create">Time</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-time-policy' | translate}}</li>
|
||||
<li data-ng-hide="create">{{:: 'time' | translate}}</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
|
||||
<h1 data-ng-show="create">Add Time Policy</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-time-policy' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.nbf">Not Before</label>
|
||||
<label class="col-md-2 control-label" for="policy.config.nbf">{{:: 'not-before' | translate}}</label>
|
||||
|
||||
<div class="col-md-6 time-selector">
|
||||
<input class="form-control" style="width: 150px" type="text" id="policy.config.nbf" name="notBefore" data-ng-model="policy.config.nbf" placeholder="yyyy-MM-dd hh:mm:ss">
|
||||
</div>
|
||||
<kc-tooltip>Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-time-not-before.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="policy.config.noa">Not On or After</label>
|
||||
<label class="col-md-2 control-label" for="policy.config.noa">{{:: 'authz-policy-time-not-on-after' | translate}}</label>
|
||||
|
||||
<div class="col-md-6 time-selector">
|
||||
<input class="form-control" style="width: 150px" type="text" id="policy.config.noa" name="policy.config.noa" data-ng-model="policy.config.noa" placeholder="yyyy-MM-dd hh:mm:ss">
|
||||
</div>
|
||||
<kc-tooltip>Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-time-not-on-after.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
|
||||
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
|
||||
|
||||
<div class="col-sm-1">
|
||||
<select class="form-control" id="policy.logic"
|
||||
data-ng-model="policy.logic">
|
||||
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
|
||||
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
|
||||
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
|
||||
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
||||
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -3,42 +3,42 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
|
||||
<li data-ng-show="create">Add User Policy</li>
|
||||
<li data-ng-hide="create">User</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-user-policy' | translate}}</li>
|
||||
<li data-ng-hide="create">{{:: 'user' | translate}}</li>
|
||||
<li data-ng-hide="create">{{policy.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add User Policy</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-user-policy' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{policy.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
|
||||
data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="policy.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>The name of this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="description">Description </label>
|
||||
<label class="col-md-2 control-label" for="description">{{:: 'description' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="description" name="description" data-ng-model="policy.description">
|
||||
</div>
|
||||
<kc-tooltip>A description for this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-description.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="users">Users <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="users">{{:: 'users' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1}" id="users" data-ng-model="selectedUser" data-ng-change="selectUser(selectedUser);" data-placeholder="Select an user..."
|
||||
ng-options="user as user.username for user in users" data-ng-required="selectedRoles.length == 0">
|
||||
</select>
|
||||
</div>
|
||||
<kc-tooltip>Specifies which user(s) are allowed by this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-user-users.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" style="margin-top: -15px;">
|
||||
<label class="col-md-2 control-label"></label>
|
||||
|
@ -46,48 +46,48 @@
|
|||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr data-ng-hide="!selectedUsers.length">
|
||||
<th>Username</th>
|
||||
<th>Actions</th>
|
||||
<th>{{:: 'username' | translate}}</th>
|
||||
<th>{{:: 'actions' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr ng-repeat="user in selectedUsers | orderBy:'username'">
|
||||
<td>{{user.username}}</td>
|
||||
<td class="kc-action-cell">
|
||||
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedUsers, $index);">Remove</button>
|
||||
<button class="btn btn-default btn-block btn-sm" ng-click="removeFromList(selectedUsers, $index);">{{:: 'remove' | translate}}</button>
|
||||
</td>
|
||||
</tr>
|
||||
<tr data-ng-show="!selectedUsers.length">
|
||||
<td class="text-muted" colspan="3">No users assigned.</td>
|
||||
<td class="text-muted" colspan="3">{{:: 'authz-no-users-assigned' | translate}}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="policy.logic">Logic</label>
|
||||
<label class="col-md-2 control-label" for="policy.logic">{{:: 'authz-policy-logic' | translate}}</label>
|
||||
|
||||
<div class="col-sm-1">
|
||||
<select class="form-control" id="policy.logic"
|
||||
data-ng-model="policy.logic">
|
||||
<option ng-repeat="logic in logics" value="{{logic}}">{{logic | toCamelCase}}</option>
|
||||
<option value="POSITIVE">{{:: 'authz-policy-logic-positive' | translate}}</option>
|
||||
<option value="NEGATIVE">{{:: 'authz-policy-logic-negative' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will
|
||||
be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
||||
<kc-tooltip>{{:: 'authz-policy-logic.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<input type="hidden" data-ng-model="policy.type"/>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
<fieldset>
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<span data-ng-show="evaluationResult.results.length == 0"><strong>Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.</strong></span>
|
||||
<span data-ng-show="evaluationResult.results.length == 0"><strong>{{:: 'authz-evaluation-no-result' | translate}}</strong></span>
|
||||
<fieldset class="border-top" data-ng-repeat="result in evaluationResult.results">
|
||||
<legend collapsed><span class="text">{{result.resource.name}}</span>
|
||||
<kc-tooltip>Provides information about how policies were evaluated for this resource.</kc-tooltip>
|
||||
</legend>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label">Result</label>
|
||||
<label class="col-md-2 control-label">{{:: 'authz-result' | translate}}</label>
|
||||
|
||||
<div class="col-sm-2">
|
||||
<div>
|
||||
|
@ -16,13 +15,13 @@
|
|||
data-ng-hide="result.status == 'PERMIT'"><strong>{{result.status}}</strong></span>
|
||||
</div>
|
||||
</div>
|
||||
<kc-tooltip>The overall result for this permission request.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-result.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label">Scopes</label>
|
||||
<label class="col-md-2 control-label">{{:: 'authz-scopes' | translate}}</label>
|
||||
|
||||
<div class="col-sm-2">
|
||||
<span data-ng-show="result.scopes.length == 0">Any scope.</span>
|
||||
<span data-ng-show="result.scopes.length == 0">{{:: 'authz-any-scope' | translate}}</span>
|
||||
|
||||
<div>
|
||||
<ul>
|
||||
|
@ -32,13 +31,13 @@
|
|||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<kc-tooltip>The requested scopes.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-scopes.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group" data-ng-show="!evaluationResult.entitlements">
|
||||
<label class="col-md-2 control-label">Policies</label>
|
||||
<label class="col-md-2 control-label">{{:: 'authz-policies' | translate}}</label>
|
||||
|
||||
<div class="col-sm-6">
|
||||
<span data-ng-show="result.policies.length == 0">No policies were found for this resource.</span>
|
||||
<span data-ng-show="result.policies.length == 0">{{:: 'authz-evaluation-no-policies-resource' | translate}}</span>
|
||||
|
||||
<div>
|
||||
<ul>
|
||||
|
@ -61,7 +60,7 @@
|
|||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<kc-tooltip>Details about which policies were evaluated and their decisions.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-policies.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
|
@ -3,100 +3,96 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">Policy Evaluation</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">{{:: 'authz-policy-evaluation' | translate}}</a></li>
|
||||
</ol>
|
||||
|
||||
<kc-tabs-resource-server></kc-tabs-resource-server>
|
||||
|
||||
<div data-ng-show="showResult">
|
||||
<br>
|
||||
<a href="" data-ng-click="showRequestTab()">New Evaluation</a>
|
||||
<a href="" data-ng-click="showRequestTab()">{{:: 'authz-evaluation-new' | translate}}</a>
|
||||
</div>
|
||||
|
||||
<div data-ng-show="evaluationResult && !showResult">
|
||||
<br>
|
||||
<a href="" data-ng-click="showResultTab()">Previous Result</a>
|
||||
<a href="" data-ng-click="showResultTab()">{{:: 'authz-evaluation-previous' | translate}}</a>
|
||||
</div>
|
||||
|
||||
<div data-ng-hide="showResult">
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset>
|
||||
<fieldset class="border-top">
|
||||
<legend><span class="text">Identity Information</span>
|
||||
<kc-tooltip>The available options to configure the identity information that will be used when evaluating policies.</kc-tooltip>
|
||||
<legend><span class="text">{{:: 'authz-evaluation-identity-information' | translate}}</span>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-identity-information.tooltip' | translate}}</kc-tooltip>
|
||||
</legend>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="client">Client</label>
|
||||
<label class="col-md-2 control-label" for="client">{{:: 'client' | translate}}</label>
|
||||
|
||||
<div class="col-sm-2">
|
||||
<div>
|
||||
<select class="form-control" id="client"
|
||||
ng-model="authzRequest.clientId"
|
||||
ng-options="client.id as client.clientId for client in clients track by client.id">
|
||||
<option value="">Select a client...</option>
|
||||
</select>
|
||||
<option value="">{{:: 'authz-select-client' | translate}}...</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<kc-tooltip>A resource server is an already existing client application. In this case, the
|
||||
client application will also act as a resource server in order to have its resources managed
|
||||
and protected.
|
||||
</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-client.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="users">User <span class="required"
|
||||
<label class="col-md-2 control-label" for="users">{{:: 'user' | translate}} <span class="required"
|
||||
data-ng-show="!authzRequest.roleIds || authzRequest.roleIds.length == 0">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1, allowClear:true}" id="users"
|
||||
data-ng-model="authzRequest.userId" data-placeholder="Select an user..."
|
||||
data-ng-model="authzRequest.userId" data-placeholder="{{:: 'authz-select-user' | translate}}..."
|
||||
ng-options="user.id as user.username for user in users track by user.id"
|
||||
data-ng-required="!authzRequest.roleIds || authzRequest.roleIds.length == 0">
|
||||
<option value=""></option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies which user(s) are allowed by this policy.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-user.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2">
|
||||
<button class="btn btn-primary" data-ng-click="entitlements()" data-ng-disabled="authzRequest.userId == null || authzRequest.clientId == null">Entitlements</button>
|
||||
<button class="btn btn-primary" data-ng-click="entitlements()" data-ng-disabled="authzRequest.userId == null || authzRequest.clientId == null">{{:: 'authz-entitlements' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="reqActions">Roles <span class="required"
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'roles' | translate}} <span class="required"
|
||||
data-ng-show="!authzRequest.userId || authzRequest.userId == null">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1}"
|
||||
data-ng-model="authzRequest.roleIds"
|
||||
data-placeholder="Any role..." multiple
|
||||
data-placeholder="{{:: 'authz-any-role' | translate}}..." multiple
|
||||
data-ng-required="!authzRequest.userId || authzRequest.userId == null">
|
||||
<option ng-repeat="role in roles track by role.id" value="{{role.name}}">{{role.name}}
|
||||
</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies that this policy must be applied to one or more scopes.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-role.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend collapsed><span class="text">Contextual Information</span>
|
||||
<kc-tooltip>The available options to configure any contextual information that will be used when evaluating policies.</kc-tooltip>
|
||||
<legend collapsed><span class="text">{{:: 'authz-evaluation-contextual-info' | translate}}</span>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-contextual-info.tooltip' | translate}}</kc-tooltip>
|
||||
</legend>
|
||||
<div class="form-group clearfix block">
|
||||
<label class="col-md-2 control-label" for="newRedirectUri">Contextual Attributes</label>
|
||||
<label class="col-md-2 control-label" for="newRedirectUri">{{:: 'authz-evaluation-contextual-attributes' | translate}}</label>
|
||||
|
||||
<div class="col-sm-6">
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Key</th>
|
||||
<th>Value</th>
|
||||
<th>Actions</th>
|
||||
<th>{{:: 'key' | translate}}</th>
|
||||
<th>{{:: 'value' | translate}}</th>
|
||||
<th>{{:: 'actions' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -114,7 +110,7 @@
|
|||
</td>
|
||||
<td class="kc-action-cell">
|
||||
<button class="btn btn-default btn-block btn-sm"
|
||||
data-ng-click="removeContextAttribute(key)">Delete
|
||||
data-ng-click="removeContextAttribute(key)">{{:: 'delete' | translate}}
|
||||
</button>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -142,7 +138,7 @@
|
|||
<button class="btn btn-default btn-block btn-sm"
|
||||
data-ng-click="addContextAttribute()"
|
||||
data-ng-disabled="!newContextAttribute.key || newContextAttribute.key == ''">
|
||||
Add
|
||||
{{:: 'add' | translate}}
|
||||
</button>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -150,27 +146,25 @@
|
|||
</table>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Any attribute provided by a running environment or execution context.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-contextual-attributes.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend><span class="text">Permission</span>
|
||||
<kc-tooltip>The available options to configure the permissions to which policies will be applied.</kc-tooltip>
|
||||
<legend><span class="text">{{:: 'authz-permissions' | translate}}</span>
|
||||
<kc-tooltip>{{:: 'authz-evaluation-permissions.tooltip' | translate}}</kc-tooltip>
|
||||
</legend>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="applyResourceType">Apply to Resource Type</label>
|
||||
<label class="col-md-2 control-label" for="applyResourceType">{{:: 'authz-permission-resource-apply-to-resource-type' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<input ng-model="applyResourceType" id="applyResourceType" onoffswitch
|
||||
data-ng-click="setApplyToResourceType()"/>
|
||||
</div>
|
||||
<kc-tooltip>Specifies if this policy must be applied to all resources with a given type. In this
|
||||
case, this policy will be evaluated for all instances
|
||||
of a given resource type.
|
||||
<kc-tooltip>{{:: 'authz-permission-resource-apply-to-resource-type.tooltip' | translate}}
|
||||
</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-hide="applyResourceType">
|
||||
<label class="col-md-2 control-label" for="reqActions">Resources <span class="required">*</span></label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resources' | translate}} <span class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1, allowClear:true }"
|
||||
|
@ -182,11 +176,10 @@
|
|||
<option value=""></option>
|
||||
</select>
|
||||
</div>
|
||||
<kc-tooltip>Specifies that this policy must be applied to a specific resource instance.
|
||||
</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-resource-resource.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="applyResourceType">
|
||||
<label class="col-md-2 control-label" for="newResource.type">Resource Type <span
|
||||
<label class="col-md-2 control-label" for="newResource.type">{{:: 'authz-resource-type' | translate}} <span
|
||||
class="required">*</span></label>
|
||||
|
||||
<div class="col-md-6">
|
||||
|
@ -195,37 +188,35 @@
|
|||
data-ng-required="applyResourceType && !authzRequest.resources[0].type && !authzRequest.entitlements">
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies that this policy must be applied to all resources instances of a given
|
||||
type.
|
||||
</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-resource-type.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="applyResourceType || newResource._id == null">
|
||||
<label class="col-md-2 control-label" for="newResource.scopes">Scopes</label>
|
||||
<label class="col-md-2 control-label" for="newResource.scopes">{{:: 'authz-scopes' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2="{ minimumInputLength: 1}"
|
||||
id="newResource.scopes"
|
||||
multiple
|
||||
data-ng-model="newResource.scopes"
|
||||
data-placeholder="Select a scope..."
|
||||
data-placeholder="{{:: 'authz-select-scope' | translate}}..."
|
||||
data-ng-options="scope.name as scope.name for scope in scopes track by scope.name"/>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies that this policy must be applied to one or more scopes.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix" data-ng-show="newResource._id != null">
|
||||
<label class="col-md-2 control-label" for="newResource.scopes">Scopes</label>
|
||||
<label class="col-md-2 control-label" for="newResource.scopes">{{:: 'authz-scopes' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2
|
||||
id="newResource.scopes"
|
||||
data-ng-model="newResource.scopes"
|
||||
data-placeholder="Any scope..." multiple>
|
||||
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple>
|
||||
<option ng-repeat="scope in scopes" value="{{scope.name}}">{{scope.name}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>Specifies that this policy must be applied to one or more scopes.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix block" data-ng-show="!applyResourceType">
|
||||
<label class="col-md-2 control-label" for="newRedirectUri"></label>
|
||||
|
@ -235,21 +226,21 @@
|
|||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Resource</th>
|
||||
<th>Scopes</th>
|
||||
<th>Actions</th>
|
||||
<th>{{:: 'authz-resource' | translate}}</th>
|
||||
<th>{{:: 'authz-scopes' | translate}}</th>
|
||||
<th>{{:: 'actions' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr data-ng-show="!authzRequest.resources || authzRequest.resources.length == 0">
|
||||
<td colspan="3">
|
||||
No resources.
|
||||
{{:: 'authz-no-resources' | translate}}
|
||||
</td>
|
||||
</tr>
|
||||
<tr ng-repeat="resource in authzRequest.resources">
|
||||
<td>{{resource.name ? resource.name : 'Any resource with scope(s)'}}</td>
|
||||
<td>{{resource.name ? resource.name : 'authz-evaluation-any-resource-with-scopes' | translate}}</td>
|
||||
<td>
|
||||
<span data-ng-show="!resource.scopes.length">Any scope.</span>
|
||||
<span data-ng-show="!resource.scopes.length">{{:: 'authz-any-scope' | translate}}.</span>
|
||||
<span data-ng-show="resource.scopes.length > 0">
|
||||
<span ng-repeat="scope in resource.scopes">
|
||||
{{scope}} {{$last ? '' : ', '}}
|
||||
|
@ -258,7 +249,7 @@
|
|||
</td>
|
||||
<td class="kc-action-cell">
|
||||
<button class="btn btn-default btn-block btn-sm"
|
||||
data-ng-click="removeResource($index)">Delete
|
||||
data-ng-click="removeResource($index)">{{:: 'delete' | translate}}
|
||||
</button>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -270,8 +261,8 @@
|
|||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2">
|
||||
<button kc-save data-ng-click="evaluate()">Evaluate</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Reset</button>
|
||||
<button kc-save data-ng-click="evaluate()">{{:: 'authz-evaluation-evaluate' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'reset' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</fieldset>
|
||||
|
|
|
@ -3,20 +3,19 @@
|
|||
<kc-tabs-resource-server></kc-tabs-resource-server>
|
||||
|
||||
<table class="table table-striped table-bordered">
|
||||
<caption class="hidden">Table of identity providers</caption>
|
||||
<thead>
|
||||
<tr>
|
||||
<th class="kc-table-actions" colspan="5">
|
||||
<div class="form-inline">
|
||||
<div class="form-group">
|
||||
Filter by:
|
||||
{{:: 'filter' | translate}}:
|
||||
<div class="input-group">
|
||||
<input type="text" placeholder="Name" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<input type="text" placeholder="{{:: 'name' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
</div>
|
||||
<div class="input-group">
|
||||
<select class="form-control search" data-ng-model="search.type"
|
||||
ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type">
|
||||
<option value="" selected ng-click="search.type = ''">All types</option>
|
||||
<option value="" selected ng-click="search.type = ''">{{:: 'authz-all-types' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -24,16 +23,16 @@
|
|||
<select class="form-control" ng-model="policyType"
|
||||
ng-options="p.name group by p.group for p in policyProviders track by p.type"
|
||||
data-ng-change="addPolicy(policyType);">
|
||||
<option value="" disabled selected>Create policy...</option>
|
||||
<option value="" disabled selected>{{:: 'authz-create-policy' | translate}}...</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</th>
|
||||
</tr>
|
||||
<tr data-ng-hide="policies.length == 0">
|
||||
<th>Policy Name</th>
|
||||
<th>Description</th>
|
||||
<th>Type</th>
|
||||
<th>{{:: 'name' | translate}}</th>
|
||||
<th>{{:: 'description' | translate}}</th>
|
||||
<th>{{:: 'type' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -43,8 +42,8 @@
|
|||
<td>{{policy.type}}</td>
|
||||
</tr>
|
||||
<tr data-ng-show="(policies | filter:search).length == 0">
|
||||
<td class="text-muted" colspan="3" data-ng-show="search.name">No results</td>
|
||||
<td class="text-muted" colspan="3" data-ng-hide="search.name">No policies available</td>
|
||||
<td class="text-muted" colspan="3" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
|
||||
<td class="text-muted" colspan="3" data-ng-hide="search.name">{{:: 'authz-no-policies-available' | translate}}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
@ -5,17 +5,17 @@
|
|||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset>
|
||||
<div class="form-group">
|
||||
<label for="import-file" class="col-sm-2 control-label">Import</label>
|
||||
<label for="import-file" class="col-sm-2 control-label">{{:: 'import' | translate}}</label>
|
||||
<div class="col-md-6">
|
||||
<div class="controls kc-button-input-file" data-ng-show="!importing">
|
||||
<label for="import-file" class="btn btn-default">Select file <i class="pficon pficon-import"></i></label>
|
||||
<label for="import-file" class="btn btn-default">{{:: 'select-file' | translate}} <i class="pficon pficon-import"></i></label>
|
||||
<input id="import-file" type="file" class="hidden" kc-on-read-file="onFileSelect($fileContent)">
|
||||
</div>
|
||||
<div class="col-md-6" data-ng-show="importing">
|
||||
<input type="button" class="btn btn-default" data-ng-click="viewImportDetails()" value="{{:: 'view-details' | translate}}"/>
|
||||
</div>
|
||||
</div>
|
||||
<kc-tooltip>Import a JSON file containing all settings for this resource server.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-import-config.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="importing">
|
||||
|
@ -26,53 +26,52 @@
|
|||
</fieldset>
|
||||
<fieldset class="border-top" data-ng-hide="importing">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="server.policyEnforcementMode">Policy Enforcement Mode</label>
|
||||
<label class="col-md-2 control-label" for="server.policyEnforcementMode">{{:: 'authz-policy-enforcement-mode' | translate}}</label>
|
||||
<div class="col-md-2">
|
||||
<select class="form-control" id="server.policyEnforcementMode" data-ng-model="server.policyEnforcementMode">
|
||||
<option value="ENFORCING">Enforcing</option>
|
||||
<option value="PERMISSIVE">Permissive</option>
|
||||
<option value="DISABLED">Disabled</option>
|
||||
<option value="ENFORCING">{{:: 'authz-policy-enforcement-mode-enforcing' | translate}}</option>
|
||||
<option value="PERMISSIVE">{{:: 'authz-policy-enforcement-mode-permissive' | translate}}</option>
|
||||
<option value="DISABLED">{{:: 'authz-policy-enforcement-mode-disabled' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
<kc-tooltip>The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests
|
||||
are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allow access to any resource.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-policy-enforcement-mode.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">Remote Resource Management</label>
|
||||
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">{{:: 'authz-remote-resource-management' | translate}}</label>
|
||||
<div class="col-md-6">
|
||||
<input ng-model="server.allowRemoteResourceManagement" id="server.allowRemoteResourceManagement" onoffswitch />
|
||||
</div>
|
||||
<kc-tooltip>Should resources be managed remotely by the resource server? If false, resources can only be managed from this admin console.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-remote-resource-management.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</fieldset>
|
||||
|
||||
<fieldset class="border-top" data-ng-show="server.id">
|
||||
<legend><span class="text">Export Settings</span>
|
||||
<kc-tooltip>Here you can export all settings for this resource server.</kc-tooltip>
|
||||
<legend><span class="text">{{:: 'authz-export-settings' | translate}}</span>
|
||||
<kc-tooltip>{{:: 'authz-export-settings.tooltip' | translate}}</kc-tooltip>
|
||||
</legend>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">Export Settings</label>
|
||||
<label class="col-md-2 control-label" for="server.allowRemoteResourceManagement">{{:: 'authz-export-settings' | translate}}</label>
|
||||
<div class="col-md-6">
|
||||
<button data-ng-click="export()" class="btn btn-primary" data-ng-hide="settings">Export</button>
|
||||
<button data-ng-click="downloadSettings()" class="btn btn-primary" data-ng-show="settings">Download</button>
|
||||
<button data-ng-click="cancelExport()" class="btn btn-primary" data-ng-show="settings">Cancel</button>
|
||||
<button data-ng-click="export()" class="btn btn-primary" data-ng-hide="settings">{{:: 'export' | translate}}</button>
|
||||
<button data-ng-click="downloadSettings()" class="btn btn-primary" data-ng-show="settings">{{:: 'download' | translate}}</button>
|
||||
<button data-ng-click="cancelExport()" class="btn btn-primary" data-ng-show="settings">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<kc-tooltip>Export and download all settings for this resource server.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-export-settings.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<fieldset class="margin-top">
|
||||
<div class="form-group" ng-show="settings">
|
||||
<div class="col-sm-12">
|
||||
<a class="btn btn-primary btn-lg" data-ng-click="download()" type="submit" ng-show="installation">Download</a>
|
||||
<a class="btn btn-primary btn-lg" data-ng-click="download()" type="submit" ng-show="installation">{{:: 'download' | translate}}</a>
|
||||
<textarea class="form-control" rows="20" kc-select-action="click">{{settings}}</textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -3,74 +3,74 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">Resource</a></li>
|
||||
<li data-ng-show="create">Add Resource</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">{{:: 'authz-resource' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-resource' | translate}}</li>
|
||||
<li data-ng-hide="create">{{resource.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add Resource</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-resource' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{resource.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
|
||||
data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name <span class="required" data-ng-show="create">*</span></label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} <span class="required" data-ng-show="create">*</span></label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="resource.name" autofocus required>
|
||||
</div>
|
||||
<kc-tooltip>An unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-resource-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group" data-ng-hide="create">
|
||||
<label class="col-md-2 control-label" for="resource.owner.name">Owner </label>
|
||||
<label class="col-md-2 control-label" for="resource.owner.name">{{:: 'authz-owner' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="resource.owner.name" name="name" data-ng-model="resource.owner.name" autofocus disabled>
|
||||
</div>
|
||||
<kc-tooltip>The owner of this resource.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-resource-owner.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="type">Type </label>
|
||||
<label class="col-md-2 control-label" for="type">{{:: 'type' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="type" name="name" data-ng-model="resource.type" autofocus>
|
||||
</div>
|
||||
<kc-tooltip>The type of this resource. It can be used to group different resource instances with the same type.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-resource-type.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="uri">URI </label>
|
||||
<label class="col-md-2 control-label" for="uri">{{:: 'authz-uri' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="uri" name="name" data-ng-model="resource.uri" autofocus>
|
||||
</div>
|
||||
<kc-tooltip>An URI that can also be used to uniquely identify this resource.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-resource-uri.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-md-2 control-label" for="reqActions">Scopes</label>
|
||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}}</label>
|
||||
|
||||
<div class="col-md-6">
|
||||
<select ui-select2 id="reqActions" ng-model="resource.scopes" data-placeholder="Select an scope..." multiple>
|
||||
<select ui-select2 id="reqActions" ng-model="resource.scopes" data-placeholder="{{:: 'authz-select-scope' | translate}}..." multiple>
|
||||
<option ng-repeat="scope in scopes" value="{{scope.name}}" ng-selected="true">{{scope.name}}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<kc-tooltip>The scopes associated with this resource.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-resource-scopes.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="iconUri">Icon URI </label>
|
||||
<label class="col-md-2 control-label" for="iconUri">{{:: 'authz-icon-uri' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="iconUri" name="name" data-ng-model="resource.icon_uri" autofocus>
|
||||
</div>
|
||||
<kc-tooltip>An URI pointing to an icon for this resource.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-icon-uri.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -7,16 +7,16 @@
|
|||
<tr>
|
||||
<th class="kc-table-actions" colspan="7">
|
||||
<div class="form-inline">
|
||||
Filter by:
|
||||
{{:: 'filter' | translate}}:
|
||||
<div class="form-group">
|
||||
<div class="input-group">
|
||||
<input type="text" placeholder="Name" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<input type="text" placeholder="{{:: 'name' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<div class="input-group-addon">
|
||||
<i class="fa fa-search" type="submit"></i>
|
||||
</div>
|
||||
</div>
|
||||
<div class="input-group">
|
||||
<input type="text" placeholder="Owner" data-ng-model="search.owner.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<input type="text" placeholder="{{:: 'authz-owner' | translate}}" data-ng-model="search.owner.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<div class="input-group-addon">
|
||||
<i class="fa fa-search" type="submit"></i>
|
||||
</div>
|
||||
|
@ -24,25 +24,25 @@
|
|||
<div class="input-group">
|
||||
<select class="form-control search" data-ng-model="search.type"
|
||||
ng-options="r.type as r.type for r in resources | unique : 'type'">
|
||||
<option value="" selected ng-click="search.type = ''">All types</option>
|
||||
<option value="" selected ng-click="search.type = ''">{{:: 'type' | translate}}</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="pull-right">
|
||||
<a id="createResource" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource/create">Create</a>
|
||||
<a id="createResource" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource/create">{{:: 'create' | translate}}</a>
|
||||
</div>
|
||||
</div>
|
||||
</th>
|
||||
</tr>
|
||||
<tr data-ng-hide="resources.length == 0">
|
||||
<th>Name</th>
|
||||
<th>Type</th>
|
||||
<th>Uri</th>
|
||||
<th>Owner</th>
|
||||
<th>Scopes</th>
|
||||
<th>Permissions</th>
|
||||
<th>Actions</th>
|
||||
<th>{{:: 'name' | translate}}</th>
|
||||
<th>{{:: 'type' | translate}}</th>
|
||||
<th>{{:: 'authz-uri' | translate}}</th>
|
||||
<th>{{:: 'authz-owner' | translate}}</th>
|
||||
<th>{{:: 'authz-scopes' | translate}}</th>
|
||||
<th>{{:: 'authz-permissions' | translate}}</th>
|
||||
<th>{{:: 'actions' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -50,12 +50,12 @@
|
|||
<td><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource/{{resource._id}}">{{resource.name}}</a></td>
|
||||
<td>
|
||||
<span data-ng-show="resource.type">{{resource.type}}</span>
|
||||
<span data-ng-show="!resource.type">No type defined.</span>
|
||||
<span data-ng-show="!resource.type">{{:: 'authz-no-type-defined' | translate}}</span>
|
||||
</td>
|
||||
<td>{{resource.uri}}</td>
|
||||
<td>{{resource.owner.name}}</td>
|
||||
<td>
|
||||
<span data-ng-show="!resource.scopes.length">No scopes assigned.</span>
|
||||
<span data-ng-show="!resource.scopes.length">{{:: 'authz-no-scopes-assigned' | translate}}</span>
|
||||
<span data-ng-show="resource.scopes.length > 0">
|
||||
<span ng-repeat="scope in resource.scopes">
|
||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/{{scope.id}}">{{scope.name}}</a>{{$last ? '' : ', '}}
|
||||
|
@ -63,7 +63,7 @@
|
|||
</span>
|
||||
</td>
|
||||
<td>
|
||||
<span data-ng-show="!resource.policies.length">No permission assigned.</span>
|
||||
<span data-ng-show="!resource.policies.length">{{:: 'authz-no-permission-assigned' | translate}}</span>
|
||||
<span data-ng-show="resource.policies.length > 0">
|
||||
<span ng-repeat="policy in resource.policies">
|
||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission/{{policy.type}}/{{policy.id}}">{{policy.name}}</a>{{$last ? '' : ', '}}
|
||||
|
@ -71,12 +71,12 @@
|
|||
</span>
|
||||
</td>
|
||||
<td class="kc-action-cell" style="vertical-align: middle">
|
||||
<button class="btn btn-default btn-block btn-sm" ng-click="createPolicy(resource);">Create Permission</button>
|
||||
<button class="btn btn-default btn-block btn-sm" ng-click="createPolicy(resource);">{{:: 'authz-create-permission' | translate}}</button>
|
||||
</td>
|
||||
</tr>
|
||||
<tr data-ng-show="(resources | filter:search).length == 0">
|
||||
<td class="text-muted" colspan="6" data-ng-show="search.name">No results</td>
|
||||
<td class="text-muted" colspan="6" data-ng-hide="search.name">No resources available</td>
|
||||
<td class="text-muted" colspan="6" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
|
||||
<td class="text-muted" colspan="6" data-ng-hide="search.name">{{:: 'authz-no-resources-available' | translate}}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
@ -3,42 +3,42 @@
|
|||
<ol class="breadcrumb">
|
||||
<li><a href="#/realms/{{realm.realm}}/clients">{{:: 'clients' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">Scope</a></li>
|
||||
<li data-ng-show="create">Add Scope</li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">{{:: 'authz-scope' | translate}}</a></li>
|
||||
<li data-ng-show="create">{{:: 'authz-add-scope' | translate}}</li>
|
||||
<li data-ng-hide="create">{{scope.name}}</li>
|
||||
</ol>
|
||||
|
||||
<h1 data-ng-show="create">Add Scope</h1>
|
||||
<h1 data-ng-show="create">{{:: 'authz-add-scope' | translate}}</h1>
|
||||
<h1 data-ng-hide="create">{{scope.name|capitalize}}<i class="pficon pficon-delete clickable" data-ng-show="!create"
|
||||
data-ng-hide="changed" data-ng-click="remove()"></i></h1>
|
||||
|
||||
<form class="form-horizontal" name="clientForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Name </label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'name' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="scope.name" autofocus>
|
||||
</div>
|
||||
<kc-tooltip>An unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-scope-name.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="name">Icon URI </label>
|
||||
<label class="col-md-2 control-label" for="name">{{:: 'authz-icon-uri' | translate}} </label>
|
||||
<div class="col-sm-6">
|
||||
<input class="form-control" type="text" id="name" name="name" data-ng-model="scope.iconUri" autofocus>
|
||||
</div>
|
||||
<kc-tooltip>An URI pointing to an icon for this scope.</kc-tooltip>
|
||||
<kc-tooltip>{{:: 'authz-icon-uri.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
</fieldset>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="create">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-cancel data-ng-click="cancel()">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-cancel data-ng-click="cancel()">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
<div class="col-md-10 col-md-offset-2" data-ng-show="!create && access.manageClients">
|
||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||
<button kc-reset data-ng-disabled="!changed">Cancel</button>
|
||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||
<button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
<div class="form-inline">
|
||||
<div class="form-group">
|
||||
<div class="input-group">
|
||||
<input type="text" placeholder="Search..." data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<input type="text" placeholder="{{:: 'search.placeholder' | translate}}" data-ng-model="search.name" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
|
||||
<div class="input-group-addon">
|
||||
<i class="fa fa-search" type="submit"></i>
|
||||
</div>
|
||||
|
@ -17,13 +17,13 @@
|
|||
</div>
|
||||
|
||||
<div class="pull-right">
|
||||
<a id="createScope" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/create">Create</a>
|
||||
<a id="createScope" class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/create">{{:: 'create' | translate}}</a>
|
||||
</div>
|
||||
</div>
|
||||
</th>
|
||||
</tr>
|
||||
<tr data-ng-hide="scopes.length == 0">
|
||||
<th>Scope Name</th>
|
||||
<th>{{:: 'name' | translate}}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -31,8 +31,8 @@
|
|||
<td><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope/{{scope.id}}">{{scope.name}}</a></td>
|
||||
</tr>
|
||||
<tr data-ng-show="(scopes | filter:search).length == 0">
|
||||
<td class="text-muted" colspan="3" data-ng-show="search.name">No results</td>
|
||||
<td class="text-muted" colspan="3" data-ng-hide="search.name">No scopes available</td>
|
||||
<td class="text-muted" colspan="3" data-ng-show="search.name">{{:: 'no-results' | translate}}</td>
|
||||
<td class="text-muted" colspan="3" data-ng-hide="search.name">{{:: 'authz-no-scopes-available' | translate}}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
@ -111,8 +111,8 @@
|
|||
</div>
|
||||
</div>
|
||||
<div class="form-group" data-ng-show="protocol == 'openid-connect'">
|
||||
<label class="col-md-2 control-label" for="authorizationServicesEnabled">Authorization Enabled</label>
|
||||
<kc-tooltip>Enable/Disable fine-grained authorization support for a client</kc-tooltip>
|
||||
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
|
||||
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
|
||||
<div class="col-md-6">
|
||||
<input ng-model="client.authorizationServicesEnabled" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
|
||||
</div>
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
<kc-tabs-client></kc-tabs-client>
|
||||
|
||||
<ul class="nav nav-tabs nav-tabs-pf" data-ng-hide="create && !path[4]" style="margin-left: 15px">
|
||||
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/">Settings</a></li>
|
||||
<li ng-class="{active: path[6] == 'resource'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">Resources</a></li>
|
||||
<li ng-class="{active: path[6] == 'scope'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">Authorization Scopes</a></li>
|
||||
<li ng-class="{active: path[6] == 'policy'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">Policies</a></li>
|
||||
<li ng-class="{active: path[6] == 'permission'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">Permissions</a></li>
|
||||
<li ng-class="{active: path[6] == 'evaluate'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">Evaluate</a></li>
|
||||
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/">{{:: 'settings' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'resource'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/resource">{{:: 'authz-resources' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'scope'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/scope">{{:: 'authz-authz-scopes' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'policy'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'permission'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission">{{:: 'authz-permissions' | translate}}</a></li>
|
||||
<li ng-class="{active: path[6] == 'evaluate'}" data-ng-hide="create"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/evaluate">{{:: 'authz-evaluate' | translate}}</a></li>
|
||||
</ul>
|
||||
</div>
|
|
@ -19,7 +19,7 @@
|
|||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/scope-mappings">{{:: 'scope' | translate}}</a>
|
||||
<kc-tooltip>{{:: 'scope.tooltip' | translate}}</kc-tooltip>
|
||||
</li>
|
||||
<li ng-class="{active: path[4] == 'authz'}" data-ng-show="client.authorizationServicesEnabled"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">Authorization</a></li>
|
||||
<li ng-class="{active: path[4] == 'authz'}" data-ng-show="client.authorizationServicesEnabled"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
|
||||
<li ng-class="{active: path[4] == 'revocation'}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/revocation">{{:: 'revocation' | translate}}</a></li>
|
||||
<!-- <li ng-class="{active: path[4] == 'identity-provider'}" data-ng-show="realm.identityFederationEnabled"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/identity-provider">Identity Provider</a></li> -->
|
||||
<li ng-class="{active: path[4] == 'sessions'}" data-ng-show="!client.bearerOnly">
|
||||
|
|
Loading…
Reference in a new issue