libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #3992 from pedroigor/KEYCLOAK-4650

Browse source 
[KEYCLOAK-4650] - Confirmation dialog when disabling authorization settings
This commit is contained in:
Pedro Igor 2017-03-31 07:44:10 -03:00 committed by GitHub
commit bfaaf2b8fa
6 changed files with 55 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
View file

@ -21,6 +21,7 @@ import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation;
import static org.keycloak.models.utils.RepresentationToModel.toModel; import static org.keycloak.models.utils.RepresentationToModel.toModel;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
@ -48,9 +49,9 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation; import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation;
@ -299,6 +300,7 @@ public class PolicyService {
@QueryParam("name") String name, @QueryParam("name") String name,
@QueryParam("type") String type, @QueryParam("type") String type,
@QueryParam("resource") String resource, @QueryParam("resource") String resource,
@QueryParam("scope") String scope,
@QueryParam("permission") Boolean permission, @QueryParam("permission") Boolean permission,
@QueryParam("first") Integer firstResult, @QueryParam("first") Integer firstResult,
@QueryParam("max") Integer maxResult) { @QueryParam("max") Integer maxResult) {
@ -319,27 +321,40 @@ public class PolicyService {
} }
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
if (resource != null && !"".equals(resource.trim())) {
if (resource != null || scope != null) {
List<Policy> policies = new ArrayList<>(); List<Policy> policies = new ArrayList<>();
HashMap<String, String[]> resourceSearch = new HashMap<>();
resourceSearch.put("name", new String[] {resource}); if (resource != null && !"".equals(resource.trim())) {
HashMap<String, String[]> resourceSearch = new HashMap<>();
ResourceStore resourceStore = storeFactory.getResourceStore(); resourceSearch.put("name", new String[]{resource});
resourceStore.findByResourceServer(resourceSearch, resourceServer.getId(), -1, -1).forEach(resource1 -> {
policyStore.findByResource(resource1.getId(), resourceServer.getId()).forEach(policyRepresentation -> { storeFactory.getResourceStore().findByResourceServer(resourceSearch, resourceServer.getId(), -1, 1).forEach(resource1 -> {
Policy associated = policyStore.findById(policyRepresentation.getId(), resourceServer.getId()); policies.addAll(policyStore.findByResource(resource1.getId(), resourceServer.getId()));
policies.add(associated); if (resource1.getType() != null) {
findAssociatedPolicies(associated, policies); policies.addAll(policyStore.findByResourceType(resource1.getType(), resourceServer.getId()));
}
}); });
}); }
if (scope != null && !"".equals(scope.trim())) {
HashMap<String, String[]> scopeSearch = new HashMap<>();
scopeSearch.put("name", new String[]{scope});
storeFactory.getScopeStore().findByResourceServer(scopeSearch, resourceServer.getId(), -1, 1).forEach(scope1 -> {
policies.addAll(policyStore.findByScopeIds(Arrays.asList(scope1.getId()), resourceServer.getId()));
});
}
if (policies.isEmpty()) { if (policies.isEmpty()) {
return Response.ok(Collections.emptyList()).build(); return Response.ok(Collections.emptyList()).build();
} }
new ArrayList<>(policies).forEach(policy -> findAssociatedPolicies(policy, policies));
search.put("id", policies.stream().map(Policy::getId).toArray(String[]::new)); search.put("id", policies.stream().map(Policy::getId).toArray(String[]::new));
} }

8
themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
View file

@ -245,7 +245,7 @@ module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $r
}); });
} }
$scope.cancel = function() { $scope.reset = function() {
$location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/resource/"); $location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/resource/");
} }
} else { } else {
@ -465,6 +465,10 @@ module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $rout
}); });
}); });
} }
$scope.reset = function() {
$location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/scope/");
}
} else { } else {
ResourceServerScope.get({ ResourceServerScope.get({
realm : $route.current.params.realm, realm : $route.current.params.realm,
@ -1807,7 +1811,7 @@ module.service("PolicyController", function($http, $route, $location, ResourceSe
}); });
} }
$scope.cancel = function() { $scope.reset = function() {
if (delegate.isPermission()) { if (delegate.isPermission()) {
$location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/permission/"); $location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/permission/");
} else { } else {

9
themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
View file

@ -1240,6 +1240,15 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, templates,
$scope.cancel = function() { $scope.cancel = function() {
$location.url("/realms/" + realm.realm + "/clients"); $location.url("/realms/" + realm.realm + "/clients");
}; };
$scope.onAuthorizationSettingsChange = function () {
if ($scope.client.authorizationServicesEnabled && !$scope.clientEdit.authorizationServicesEnabled) {
Dialog.confirm("Disable Authorization Settings", "Are you sure you want to disable authorization ? Once you save your changes, all authorization settings associated with this client will be removed. This operation can not be reverted.", function () {
}, function () {
$scope.clientEdit.authorizationServicesEnabled = true;
});
}
}
}); });
module.controller('CreateClientCtrl', function($scope, realm, client, templates, $route, serverInfo, Client, ClientDescriptionConverter, $location, $modal, Dialog, Notifications) { module.controller('CreateClientCtrl', function($scope, realm, client, templates, $route, serverInfo, Client, ClientDescriptionConverter, $location, $modal, Dialog, Notifications) {

6
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
View file

@ -28,6 +28,12 @@
<i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i> <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
</div> </div>
</div> </div>
<div class="input-group">
<input type="text" placeholder="{{:: 'authz-scope' | translate}}" data-ng-model="query.scope" class="form-control search" onkeydown="if (event.keyCode == 13) document.getElementById('policySearch').click()">
<div class="input-group-addon">
<i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
</div>
</div>
<div class="input-group"> <div class="input-group">
<select class="form-control search" data-ng-model="query.type" <select class="form-control search" data-ng-model="query.type"
ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type" data-ng-change="firstPage()"> ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type" data-ng-change="firstPage()">

6
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
View file

@ -28,6 +28,12 @@
<i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i> <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
</div> </div>
</div> </div>
<div class="input-group">
<input type="text" placeholder="{{:: 'authz-scope' | translate}}" data-ng-model="query.scope" class="form-control search" onkeydown="if (event.keyCode == 13) document.getElementById('policySearch').click()">
<div class="input-group-addon">
<i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
</div>
</div>
<div class="input-group"> <div class="input-group">
<select class="form-control search" data-ng-model="query.type" <select class="form-control search" data-ng-model="query.type"
ng-options="p.type as p.name for p in policyProviders track by p.type" data-ng-change="firstPage()"> ng-options="p.type as p.name for p in policyProviders track by p.type" data-ng-change="firstPage()">

2
themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
View file

@ -114,7 +114,7 @@
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label> <label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip> <kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
<div class="col-md-6"> <div class="col-md-6">
<input ng-model="clientEdit.authorizationServicesEnabled" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/> <input ng-model="clientEdit.authorizationServicesEnabled" ng-click="onAuthorizationSettingsChange()" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
</div> </div>
</div> </div>
<div class="form-group clearfix block" data-ng-show="protocol == 'saml'"> <div class="form-group clearfix block" data-ng-show="protocol == 'saml'">