Merge pull request #3992 from pedroigor/KEYCLOAK-4650

[KEYCLOAK-4650] - Confirmation dialog when disabling authorization settings

services/src/main/java/org/keycloak/authorization/admin/PolicyService.java

@@ -21,6 +21,7 @@ import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation;
 import static org.keycloak.models.utils.RepresentationToModel.toModel;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -48,9 +49,9 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
 import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.ResourceStore;
+import org.keycloak.authorization.store.ScopeStore;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.models.Constants;
-import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
@@ -299,6 +300,7 @@ public class PolicyService {
                             @QueryParam("name") String name,
                             @QueryParam("type") String type,
                             @QueryParam("resource") String resource,
+                            @QueryParam("scope") String scope,
                             @QueryParam("permission") Boolean permission,
                             @QueryParam("first") Integer firstResult,
                             @QueryParam("max") Integer maxResult) {
@@ -319,27 +321,40 @@ public class PolicyService {
         }
 
         StoreFactory storeFactory = authorization.getStoreFactory();
-
         PolicyStore policyStore = storeFactory.getPolicyStore();
-        if (resource != null && !"".equals(resource.trim())) {
+
+        if (resource != null || scope != null) {
             List<Policy> policies = new ArrayList<>();
+
+            if (resource != null && !"".equals(resource.trim())) {
                 HashMap<String, String[]> resourceSearch = new HashMap<>();
 
                 resourceSearch.put("name", new String[]{resource});
 
-            ResourceStore resourceStore = storeFactory.getResourceStore();
-            resourceStore.findByResourceServer(resourceSearch, resourceServer.getId(), -1, -1).forEach(resource1 -> {
-                policyStore.findByResource(resource1.getId(), resourceServer.getId()).forEach(policyRepresentation -> {
-                    Policy associated = policyStore.findById(policyRepresentation.getId(), resourceServer.getId());
-                    policies.add(associated);
-                    findAssociatedPolicies(associated, policies);
+                storeFactory.getResourceStore().findByResourceServer(resourceSearch, resourceServer.getId(), -1, 1).forEach(resource1 -> {
+                    policies.addAll(policyStore.findByResource(resource1.getId(), resourceServer.getId()));
+                    if (resource1.getType() != null) {
+                        policies.addAll(policyStore.findByResourceType(resource1.getType(), resourceServer.getId()));
+                    }
                 });
+            }
+
+            if (scope != null && !"".equals(scope.trim())) {
+                HashMap<String, String[]> scopeSearch = new HashMap<>();
+
+                scopeSearch.put("name", new String[]{scope});
+
+                storeFactory.getScopeStore().findByResourceServer(scopeSearch, resourceServer.getId(), -1, 1).forEach(scope1 -> {
+                    policies.addAll(policyStore.findByScopeIds(Arrays.asList(scope1.getId()), resourceServer.getId()));
                 });
+            }
 
             if (policies.isEmpty()) {
                 return Response.ok(Collections.emptyList()).build();
             }
 
+            new ArrayList<>(policies).forEach(policy -> findAssociatedPolicies(policy, policies));
+
             search.put("id", policies.stream().map(Policy::getId).toArray(String[]::new));
         }
 

themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js

@@ -245,7 +245,7 @@ module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $r
                 });
             }
 
-            $scope.cancel = function() {
+            $scope.reset = function() {
                 $location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/resource/");
             }
         } else {
@@ -465,6 +465,10 @@ module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $rout
                     });
                 });
             }
+
+            $scope.reset = function() {
+                $location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/scope/");
+            }
         } else {
             ResourceServerScope.get({
                 realm : $route.current.params.realm,
@@ -1807,7 +1811,7 @@ module.service("PolicyController", function($http, $route, $location, ResourceSe
                     });
                 }
 
-                $scope.cancel = function() {
+                $scope.reset = function() {
                     if (delegate.isPermission()) {
                         $location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/permission/");
                     } else {

themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js

@@ -1240,6 +1240,15 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, templates,
     $scope.cancel = function() {
         $location.url("/realms/" + realm.realm + "/clients");
     };
+
+    $scope.onAuthorizationSettingsChange = function () {
+        if ($scope.client.authorizationServicesEnabled && !$scope.clientEdit.authorizationServicesEnabled) {
+            Dialog.confirm("Disable Authorization Settings", "Are you sure you want to disable authorization ? Once you save your changes, all authorization settings associated with this client will be removed. This operation can not be reverted.", function () {
+            }, function () {
+                $scope.clientEdit.authorizationServicesEnabled = true;
+            });
+        }
+    }
 });
 
 module.controller('CreateClientCtrl', function($scope, realm, client, templates, $route, serverInfo, Client, ClientDescriptionConverter, $location, $modal, Dialog, Notifications) {

themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html

@@ -28,6 +28,12 @@
                                     <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
                                 </div>
                             </div>
+                            <div class="input-group">
+                                <input type="text" placeholder="{{:: 'authz-scope' | translate}}" data-ng-model="query.scope" class="form-control search" onkeydown="if (event.keyCode == 13) document.getElementById('policySearch').click()">
+                                <div class="input-group-addon">
+                                    <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
+                                </div>
+                            </div>
                             <div class="input-group">
                                 <select class="form-control search" data-ng-model="query.type"
                                         ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type" data-ng-change="firstPage()">

themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html

@@ -28,6 +28,12 @@
                                     <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
                                 </div>
                             </div>
+                            <div class="input-group">
+                                <input type="text" placeholder="{{:: 'authz-scope' | translate}}" data-ng-model="query.scope" class="form-control search" onkeydown="if (event.keyCode == 13) document.getElementById('policySearch').click()">
+                                <div class="input-group-addon">
+                                    <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
+                                </div>
+                            </div>
                             <div class="input-group">
                                 <select class="form-control search" data-ng-model="query.type"
                                         ng-options="p.type as p.name for p in policyProviders track by p.type" data-ng-change="firstPage()">

themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html

@@ -114,7 +114,7 @@
                 <label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
                 <kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
                 <div class="col-md-6">
-                    <input ng-model="clientEdit.authorizationServicesEnabled" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
+                    <input ng-model="clientEdit.authorizationServicesEnabled" ng-click="onAuthorizationSettingsChange()" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
                 </div>
             </div>
             <div class="form-group clearfix block" data-ng-show="protocol == 'saml'">