libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #4298 from pedroigor/3.2.final-fixes

Browse source 
Some fixes for AuthZ UI
This commit is contained in:
Pedro Igor 2017-07-07 09:06:00 -03:00 committed by GitHub
commit cff8a1ecc6
22 changed files with 444 additions and 142 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java
View file

@ -24,6 +24,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.FlushModeType;
import javax.persistence.NoResultException; import javax.persistence.NoResultException;
import javax.persistence.Query; import javax.persistence.Query;
import javax.persistence.TypedQuery; import javax.persistence.TypedQuery;
@ -34,14 +35,10 @@ import javax.persistence.criteria.Root;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.PolicyEntity; import org.keycloak.authorization.jpa.entities.PolicyEntity;
import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
/** /**
@ -96,8 +93,10 @@ public class JPAPolicyStore implements PolicyStore {
public Policy findByName(String name, String resourceServerId) { public Policy findByName(String name, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByName", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByName", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
query.setParameter("name", name); query.setParameter("name", name);
try { try {
String id = query.getSingleResult(); String id = query.getSingleResult();
return provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId); return provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
@ -167,6 +166,7 @@ public class JPAPolicyStore implements PolicyStore {
public List<Policy> findByResource(final String resourceId, String resourceServerId) { public List<Policy> findByResource(final String resourceId, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByResource", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByResource", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("resourceId", resourceId); query.setParameter("resourceId", resourceId);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
@ -182,6 +182,7 @@ public class JPAPolicyStore implements PolicyStore {
public List<Policy> findByResourceType(final String resourceType, String resourceServerId) { public List<Policy> findByResourceType(final String resourceType, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByResourceType", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByResourceType", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("type", resourceType); query.setParameter("type", resourceType);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
@ -202,6 +203,7 @@ public class JPAPolicyStore implements PolicyStore {
// Use separate subquery to handle DB2 and MSSSQL // Use separate subquery to handle DB2 and MSSSQL
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByScope", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByScope", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("scopeIds", scopeIds); query.setParameter("scopeIds", scopeIds);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
@ -217,6 +219,7 @@ public class JPAPolicyStore implements PolicyStore {
public List<Policy> findByType(String type, String resourceServerId) { public List<Policy> findByType(String type, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByType", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByType", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
query.setParameter("type", type); query.setParameter("type", type);
@ -233,6 +236,7 @@ public class JPAPolicyStore implements PolicyStore {
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByDependentPolices", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByDependentPolices", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
query.setParameter("policyId", policyId); query.setParameter("policyId", policyId);

10
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceStore.java
View file

@ -19,13 +19,13 @@ package org.keycloak.authorization.jpa.store;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ResourceEntity;
import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.FlushModeType;
import javax.persistence.NoResultException; import javax.persistence.NoResultException;
import javax.persistence.Query; import javax.persistence.Query;
import javax.persistence.TypedQuery; import javax.persistence.TypedQuery;
@ -34,7 +34,6 @@ import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate; import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root; import javax.persistence.criteria.Root;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -62,6 +61,7 @@ public class JPAResourceStore implements ResourceStore {
entity.setOwner(owner); entity.setOwner(owner);
this.entityManager.persist(entity); this.entityManager.persist(entity);
this.entityManager.flush();
return new ResourceAdapter(entity, entityManager, provider.getStoreFactory()); return new ResourceAdapter(entity, entityManager, provider.getStoreFactory());
} }
@ -90,6 +90,7 @@ public class JPAResourceStore implements ResourceStore {
public List<Resource> findByOwner(String ownerId, String resourceServerId) { public List<Resource> findByOwner(String ownerId, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByOwner", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByOwner", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("owner", ownerId); query.setParameter("owner", ownerId);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
@ -108,6 +109,7 @@ public class JPAResourceStore implements ResourceStore {
public List<Resource> findByUri(String uri, String resourceServerId) { public List<Resource> findByUri(String uri, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByUri", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByUri", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("uri", uri); query.setParameter("uri", uri);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
@ -185,6 +187,7 @@ public class JPAResourceStore implements ResourceStore {
public List<Resource> findByScope(List<String> scopes, String resourceServerId) { public List<Resource> findByScope(List<String> scopes, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByScope", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByScope", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("scopeIds", scopes); query.setParameter("scopeIds", scopes);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
@ -203,8 +206,10 @@ public class JPAResourceStore implements ResourceStore {
public Resource findByName(String name, String resourceServerId) { public Resource findByName(String name, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByName", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByName", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
query.setParameter("name", name); query.setParameter("name", name);
try { try {
String id = query.getSingleResult(); String id = query.getSingleResult();
return provider.getStoreFactory().getResourceStore().findById(id, resourceServerId); return provider.getStoreFactory().getResourceStore().findById(id, resourceServerId);
@ -217,6 +222,7 @@ public class JPAResourceStore implements ResourceStore {
public List<Resource> findByType(String type, String resourceServerId) { public List<Resource> findByType(String type, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByType", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByType", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("type", type); query.setParameter("type", type);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);

6
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAScopeStore.java
View file

@ -23,6 +23,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.FlushModeType;
import javax.persistence.NoResultException; import javax.persistence.NoResultException;
import javax.persistence.Query; import javax.persistence.Query;
import javax.persistence.TypedQuery; import javax.persistence.TypedQuery;
@ -32,7 +33,6 @@ import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root; import javax.persistence.criteria.Root;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
import org.keycloak.authorization.jpa.entities.ScopeEntity; import org.keycloak.authorization.jpa.entities.ScopeEntity;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
@ -61,6 +61,7 @@ public class JPAScopeStore implements ScopeStore {
entity.setResourceServer(ResourceServerAdapter.toEntity(entityManager, resourceServer)); entity.setResourceServer(ResourceServerAdapter.toEntity(entityManager, resourceServer));
this.entityManager.persist(entity); this.entityManager.persist(entity);
this.entityManager.flush();
return new ScopeAdapter(entity, entityManager, provider.getStoreFactory()); return new ScopeAdapter(entity, entityManager, provider.getStoreFactory());
} }
@ -91,8 +92,10 @@ public class JPAScopeStore implements ScopeStore {
try { try {
TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByName", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByName", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("serverId", resourceServerId); query.setParameter("serverId", resourceServerId);
query.setParameter("name", name); query.setParameter("name", name);
String id = query.getSingleResult(); String id = query.getSingleResult();
return provider.getStoreFactory().getScopeStore().findById(id, resourceServerId); return provider.getStoreFactory().getScopeStore().findById(id, resourceServerId);
} catch (NoResultException nre) { } catch (NoResultException nre) {
@ -104,6 +107,7 @@ public class JPAScopeStore implements ScopeStore {
public List<Scope> findByResourceServer(final String serverId) { public List<Scope> findByResourceServer(final String serverId) {
TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByResourceServer", String.class); TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByResourceServer", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("serverId", serverId); query.setParameter("serverId", serverId);
List<String> result = query.getResultList(); List<String> result = query.getResultList();

74
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -1930,24 +1930,21 @@ public class RepresentationToModel {
resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode()); resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement()); resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
rep.getScopes().forEach(scope -> { for (ScopeRepresentation scope : rep.getScopes()) {
toModel(scope, resourceServer, authorization); toModel(scope, resourceServer, authorization);
}); }
KeycloakSession session = authorization.getKeycloakSession(); KeycloakSession session = authorization.getKeycloakSession();
RealmModel realm = authorization.getRealm(); RealmModel realm = authorization.getRealm();
rep.getResources().forEach(resourceRepresentation -> { for (ResourceRepresentation resource : rep.getResources()) {
ResourceOwnerRepresentation owner = resourceRepresentation.getOwner(); ResourceOwnerRepresentation owner = resource.getOwner();
if (owner == null) { if (owner == null) {
owner = new ResourceOwnerRepresentation(); owner = new ResourceOwnerRepresentation();
resourceRepresentation.setOwner(owner); owner.setId(resourceServer.getClientId());
} resource.setOwner(owner);
} else if (owner.getName() != null) {
owner.setId(resourceServer.getClientId());
if (owner.getName() != null) {
UserModel user = session.users().getUserByUsername(owner.getName(), realm); UserModel user = session.users().getUserByUsername(owner.getName(), realm);
if (user != null) { if (user != null) {
@ -1955,8 +1952,8 @@ public class RepresentationToModel {
} }
} }
toModel(resourceRepresentation, resourceServer, authorization); toModel(resource, resourceServer, authorization);
}); }
importPolicies(authorization, resourceServer, rep.getPolicies(), null); importPolicies(authorization, resourceServer, rep.getPolicies(), null);
} }
@ -1975,7 +1972,9 @@ public class RepresentationToModel {
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
try { try {
List<String> policies = (List<String>) JsonSerialization.readValue(applyPolicies, List.class); List<String> policies = (List<String>) JsonSerialization.readValue(applyPolicies, List.class);
config.put("applyPolicies", JsonSerialization.writeValueAsString(policies.stream().map(policyName -> { Set<String> policyIds = new HashSet<>();
for (String policyName : policies) {
Policy policy = policyStore.findByName(policyName, resourceServer.getId()); Policy policy = policyStore.findByName(policyName, resourceServer.getId());
if (policy == null) { if (policy == null) {
@ -1989,8 +1988,10 @@ public class RepresentationToModel {
} }
} }
return policy.getId(); policyIds.add(policy.getId());
}).collect(Collectors.toList()))); }
config.put("applyPolicies", JsonSerialization.writeValueAsString(policyIds));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e); throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
} }
@ -2029,33 +2030,40 @@ public class RepresentationToModel {
if (representation instanceof PolicyRepresentation) { if (representation instanceof PolicyRepresentation) {
PolicyRepresentation policy = PolicyRepresentation.class.cast(representation); PolicyRepresentation policy = PolicyRepresentation.class.cast(representation);
String resourcesConfig = policy.getConfig().get("resources");
if (resourcesConfig != null) { if (resources == null) {
try { String resourcesConfig = policy.getConfig().get("resources");
resources = JsonSerialization.readValue(resourcesConfig, Set.class);
} catch (IOException e) { if (resourcesConfig != null) {
throw new RuntimeException(e); try {
resources = JsonSerialization.readValue(resourcesConfig, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
} }
} }
String scopesConfig = policy.getConfig().get("scopes"); if (scopes == null) {
String scopesConfig = policy.getConfig().get("scopes");
if (scopesConfig != null) { if (scopesConfig != null) {
try { try {
scopes = JsonSerialization.readValue(scopesConfig, Set.class); scopes = JsonSerialization.readValue(scopesConfig, Set.class);
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
}
} }
} }
String policiesConfig = policy.getConfig().get("applyPolicies"); if (policies == null) {
String policiesConfig = policy.getConfig().get("applyPolicies");
if (policiesConfig != null) { if (policiesConfig != null) {
try { try {
policies = JsonSerialization.readValue(policiesConfig, Set.class); policies = JsonSerialization.readValue(policiesConfig, Set.class);
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
}
} }
} }

12
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/permission/Permissions.java
View file

@ -27,6 +27,7 @@ import org.keycloak.testsuite.console.page.clients.authorization.policy.PolicyTy
import org.keycloak.testsuite.page.Form; import org.keycloak.testsuite.page.Form;
import org.keycloak.testsuite.util.URLUtils; import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.WaitUtils; import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement; import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select; import org.openqa.selenium.support.ui.Select;
@ -123,4 +124,15 @@ public class Permissions extends Form {
} }
} }
} }
public void deleteFromList(String name) {
for (WebElement row : permissions().rows()) {
PolicyRepresentation actual = permissions().toRepresentation(row);
if (actual.getName().equalsIgnoreCase(name)) {
row.findElements(tagName("td")).get(4).click();
driver.findElement(By.xpath(".//button[text()='Delete']")).click();
return;
}
}
}
} }

12
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/Policies.java
View file

@ -32,6 +32,7 @@ import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.page.Form; import org.keycloak.testsuite.page.Form;
import org.keycloak.testsuite.util.URLUtils; import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.WaitUtils; import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement; import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select; import org.openqa.selenium.support.ui.Select;
@ -199,4 +200,15 @@ public class Policies extends Form {
} }
} }
} }
public void deleteFromList(String name) {
for (WebElement row : policies().rows()) {
PolicyRepresentation actual = policies().toRepresentation(row);
if (actual.getName().equalsIgnoreCase(name)) {
row.findElements(tagName("td")).get(4).click();
driver.findElement(By.xpath(".//button[text()='Delete']")).click();
return;
}
}
}
} }

12
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/resource/Resources.java
View file

@ -23,6 +23,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.testsuite.page.Form; import org.keycloak.testsuite.page.Form;
import org.keycloak.testsuite.util.URLUtils; import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.WaitUtils; import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement; import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.FindBy;
@ -73,6 +74,17 @@ public class Resources extends Form {
} }
} }
public void deleteFromList(String name) {
for (WebElement row : resources().rows()) {
ResourceRepresentation actual = resources().toRepresentation(row);
if (actual.getName().equalsIgnoreCase(name)) {
row.findElements(tagName("td")).get(6).click();
driver.findElement(By.xpath(".//button[text()='Delete']")).click();
return;
}
}
}
public Resource name(String name) { public Resource name(String name) {
for (WebElement row : resources().rows()) { for (WebElement row : resources().rows()) {
ResourceRepresentation actual = resources().toRepresentation(row); ResourceRepresentation actual = resources().toRepresentation(row);

11
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/scope/Scopes.java
View file

@ -22,6 +22,7 @@ import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.testsuite.page.Form; import org.keycloak.testsuite.page.Form;
import org.keycloak.testsuite.util.URLUtils; import org.keycloak.testsuite.util.URLUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement; import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.FindBy;
@ -67,4 +68,14 @@ public class Scopes extends Form {
} }
} }
} }
public void deleteFromList(String name) {
for (WebElement row : scopes().rows()) {
ScopeRepresentation actual = scopes().toRepresentation(row);
if (actual.getName().equalsIgnoreCase(name)) {
row.findElements(tagName("td")).get(3).click();
driver.findElement(By.xpath(".//button[text()='Delete']")).click();
}
}
}
} }

16
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AggregatePolicyManagementTest.java
View file

@ -122,6 +122,22 @@ public class AggregatePolicyManagementTest extends AbstractAuthorizationSettings
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
AggregatePolicyRepresentation expected = new AggregatePolicyRepresentation();
expected.setName("Test Delete Aggregate Policy");
expected.setDescription("description");
expected.addPolicy("Policy C");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private AggregatePolicyRepresentation createPolicy(AggregatePolicyRepresentation expected) { private AggregatePolicyRepresentation createPolicy(AggregatePolicyRepresentation expected) {
AggregatePolicy policy = authorizationPage.authorizationTabs().policies().create(expected); AggregatePolicy policy = authorizationPage.authorizationTabs().policies().create(expected);
assertAlertSuccess(); assertAlertSuccess();

18
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/ClientPolicyManagementTest.java
View file

@ -76,7 +76,7 @@ public class ClientPolicyManagementTest extends AbstractAuthorizationSettingsTes
} }
@Test @Test
public void testDeletePolicy() throws InterruptedException { public void testDelete() throws InterruptedException {
authorizationPage.navigateTo(); authorizationPage.navigateTo();
ClientPolicyRepresentation expected = new ClientPolicyRepresentation(); ClientPolicyRepresentation expected = new ClientPolicyRepresentation();
@ -92,6 +92,22 @@ public class ClientPolicyManagementTest extends AbstractAuthorizationSettingsTes
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
ClientPolicyRepresentation expected = new ClientPolicyRepresentation();
expected.setName("Test Client Policy");
expected.setDescription("description");
expected.addClient("client c");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private ClientPolicyRepresentation createPolicy(ClientPolicyRepresentation expected) { private ClientPolicyRepresentation createPolicy(ClientPolicyRepresentation expected) {
ClientPolicy policy = authorizationPage.authorizationTabs().policies().create(expected); ClientPolicy policy = authorizationPage.authorizationTabs().policies().create(expected);
assertAlertSuccess(); assertAlertSuccess();

19
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/GroupPolicyManagementTest.java
View file

@ -135,6 +135,25 @@ public class GroupPolicyManagementTest extends AbstractAuthorizationSettingsTest
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
GroupPolicyRepresentation expected = new GroupPolicyRepresentation();
expected.setName("Test Delete Group Policy");
expected.setDescription("description");
expected.setGroupsClaim("groups");
expected.addGroupPath("/Group A", true);
expected.addGroupPath("/Group A/Group B/Group D");
expected.addGroupPath("Group F");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private GroupPolicyRepresentation createPolicy(GroupPolicyRepresentation expected) { private GroupPolicyRepresentation createPolicy(GroupPolicyRepresentation expected) {
GroupPolicy policy = authorizationPage.authorizationTabs().policies().create(expected); GroupPolicy policy = authorizationPage.authorizationTabs().policies().create(expected);
assertAlertSuccess(); assertAlertSuccess();

16
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/JSPolicyManagementTest.java
View file

@ -74,6 +74,22 @@ public class JSPolicyManagementTest extends AbstractAuthorizationSettingsTest {
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
JSPolicyRepresentation expected = new JSPolicyRepresentation();
expected.setName("Test JS Policy");
expected.setDescription("description");
expected.setCode("$evaluation.deny();");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private JSPolicyRepresentation createPolicy(JSPolicyRepresentation expected) { private JSPolicyRepresentation createPolicy(JSPolicyRepresentation expected) {
JSPolicy policy = authorizationPage.authorizationTabs().policies().create(expected); JSPolicy policy = authorizationPage.authorizationTabs().policies().create(expected);
assertAlertSuccess(); assertAlertSuccess();

11
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/ResourceManagementTest.java
View file

@ -72,7 +72,7 @@ public class ResourceManagementTest extends AbstractAuthorizationSettingsTest {
} }
@Test @Test
public void testDelete() { public void testDeleteFromDetails() {
ResourceRepresentation expected = createResource(); ResourceRepresentation expected = createResource();
authorizationPage.navigateTo(); authorizationPage.navigateTo();
authorizationPage.authorizationTabs().resources().delete(expected.getName()); authorizationPage.authorizationTabs().resources().delete(expected.getName());
@ -80,6 +80,15 @@ public class ResourceManagementTest extends AbstractAuthorizationSettingsTest {
assertNull(authorizationPage.authorizationTabs().resources().resources().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().resources().resources().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() {
ResourceRepresentation expected = createResource();
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().resources().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().resources().resources().findByName(expected.getName()));
}
private ResourceRepresentation createResource() { private ResourceRepresentation createResource() {
ResourceRepresentation expected = new ResourceRepresentation(); ResourceRepresentation expected = new ResourceRepresentation();

17
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/ResourcePermissionManagementTest.java
View file

@ -165,6 +165,23 @@ public class ResourcePermissionManagementTest extends AbstractAuthorizationSetti
assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
expected.setName("Test Delete Resource Permission");
expected.setDescription("description");
expected.addResource("Resource B");
expected.addPolicy("Policy C");
expected = createPermission(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().permissions().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
}
private ResourcePermissionRepresentation createPermission(ResourcePermissionRepresentation expected) { private ResourcePermissionRepresentation createPermission(ResourcePermissionRepresentation expected) {
ResourcePermission policy = authorizationPage.authorizationTabs().permissions().create(expected); ResourcePermission policy = authorizationPage.authorizationTabs().permissions().create(expected);
assertAlertSuccess(); assertAlertSuccess();

18
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RolePolicyManagementTest.java
View file

@ -208,6 +208,24 @@ public class RolePolicyManagementTest extends AbstractAuthorizationSettingsTest
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
RolePolicyRepresentation expected = new RolePolicyRepresentation();
expected.setName("Test Delete Role Policy");
expected.setDescription("description");
expected.addRole("Realm Role A");
expected.addRole("Realm Role B");
expected.addRole("Realm Role C");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private RolePolicyRepresentation createPolicy(RolePolicyRepresentation expected) { private RolePolicyRepresentation createPolicy(RolePolicyRepresentation expected) {
RolePolicy policy = authorizationPage.authorizationTabs().policies().create(expected); RolePolicy policy = authorizationPage.authorizationTabs().policies().create(expected);
assertAlertSuccess(); assertAlertSuccess();

12
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java
View file

@ -71,6 +71,18 @@ public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
RulePolicyRepresentation expected =createDefaultRepresentation("Delete Rule Policy");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private RulePolicyRepresentation createDefaultRepresentation(String name) { private RulePolicyRepresentation createDefaultRepresentation(String name) {
RulePolicyRepresentation expected = new RulePolicyRepresentation(); RulePolicyRepresentation expected = new RulePolicyRepresentation();

9
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/ScopeManagementTest.java
View file

@ -49,6 +49,15 @@ public class ScopeManagementTest extends AbstractAuthorizationSettingsTest {
assertNull(authorizationPage.authorizationTabs().scopes().scopes().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().scopes().scopes().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() {
ScopeRepresentation expected = createScope();
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().scopes().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().scopes().scopes().findByName(expected.getName()));
}
private ScopeRepresentation createScope() { private ScopeRepresentation createScope() {
ScopeRepresentation expected = new ScopeRepresentation(); ScopeRepresentation expected = new ScopeRepresentation();

17
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/ScopePermissionManagementTest.java
View file

@ -166,6 +166,23 @@ public class ScopePermissionManagementTest extends AbstractAuthorizationSettings
assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
ScopePermissionRepresentation expected = new ScopePermissionRepresentation();
expected.setName("Test Delete Scope Permission");
expected.setDescription("description");
expected.addScope("Scope C");
expected.addPolicy("Policy C");
expected = createPermission(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().permissions().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
}
private ScopePermissionRepresentation createPermission(ScopePermissionRepresentation expected) { private ScopePermissionRepresentation createPermission(ScopePermissionRepresentation expected) {
ScopePermission policy = authorizationPage.authorizationTabs().permissions().create(expected); ScopePermission policy = authorizationPage.authorizationTabs().permissions().create(expected);
assertAlertSuccess(); assertAlertSuccess();

27
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/TimePolicyManagementTest.java
View file

@ -109,6 +109,33 @@ public class TimePolicyManagementTest extends AbstractAuthorizationSettingsTest
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
TimePolicyRepresentation expected = new TimePolicyRepresentation();
expected.setName("Test Time Policy");
expected.setDescription("description");
expected.setNotBefore("2017-01-01 00:00:00");
expected.setNotBefore("2018-01-01 00:00:00");
expected.setDayMonth("1");
expected.setDayMonthEnd("2");
expected.setMonth("3");
expected.setMonthEnd("4");
expected.setYear("5");
expected.setYearEnd("6");
expected.setHour("7");
expected.setHourEnd("8");
expected.setMinute("9");
expected.setMinuteEnd("10");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private TimePolicyRepresentation createPolicy(TimePolicyRepresentation expected) { private TimePolicyRepresentation createPolicy(TimePolicyRepresentation expected) {
TimePolicy policy = authorizationPage.authorizationTabs().policies().create(expected); TimePolicy policy = authorizationPage.authorizationTabs().policies().create(expected);
assertAlertSuccess(); assertAlertSuccess();

18
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/UserPolicyManagementTest.java
View file

@ -76,7 +76,7 @@ public class UserPolicyManagementTest extends AbstractAuthorizationSettingsTest
} }
@Test @Test
public void testDeletePolicy() throws InterruptedException { public void testDelete() throws InterruptedException {
authorizationPage.navigateTo(); authorizationPage.navigateTo();
UserPolicyRepresentation expected = new UserPolicyRepresentation(); UserPolicyRepresentation expected = new UserPolicyRepresentation();
@ -92,6 +92,22 @@ public class UserPolicyManagementTest extends AbstractAuthorizationSettingsTest
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName())); assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
} }
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
UserPolicyRepresentation expected = new UserPolicyRepresentation();
expected.setName("Test User Policy");
expected.setDescription("description");
expected.addUser("user c");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
private UserPolicyRepresentation createPolicy(UserPolicyRepresentation expected) { private UserPolicyRepresentation createPolicy(UserPolicyRepresentation expected) {
UserPolicy policy = authorizationPage.authorizationTabs().policies().create(expected); UserPolicy policy = authorizationPage.authorizationTabs().policies().create(expected);
assertAlertSuccess(); assertAlertSuccess();

238
themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
View file

@ -79,7 +79,72 @@ module.controller('ResourceServerDetailCtrl', function($scope, $http, $route, $l
}); });
}); });
module.controller('ResourceServerResourceCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerResource, client) { var Resources = {
delete: function(ResourceServerResource, realm, client, $scope, AuthzDialog, $location, Notifications, $route) {
ResourceServerResource.permissions({
realm : realm,
client : client.id,
rsrid : $scope.resource._id
}, function (permissions) {
var msg = "";
if (permissions.length > 0 && !$scope.deleteConsent) {
msg = "<p>This resource is referenced in some permissions:</p>";
msg += "<ul>";
for (i = 0; i < permissions.length; i++) {
msg+= "<li><strong>" + permissions[i].name + "</strong></li>";
}
msg += "</ul>";
msg += "<p>If you remove this resource, the permissions above will be affected and will not be associated with this resource anymore.</p>";
}
AuthzDialog.confirmDeleteWithMsg($scope.resource.name, "Resource", msg, function() {
ResourceServerResource.delete({realm : realm, client : $scope.client.id, rsrid : $scope.resource._id}, null, function() {
$location.url("/realms/" + realm + "/clients/" + $scope.client.id + "/authz/resource-server/resource");
$route.reload();
Notifications.success("The resource has been deleted.");
});
});
});
}
}
var Policies = {
delete: function(service, realm, client, $scope, AuthzDialog, $location, Notifications, $route, isPermission) {
var msg = "";
service.dependentPolicies({
realm : realm,
client : client.id,
id : $scope.policy.id
}, function (dependentPolicies) {
if (dependentPolicies.length > 0 && !$scope.deleteConsent) {
msg = "<p>This policy is being used by other policies:</p>";
msg += "<ul>";
for (i = 0; i < dependentPolicies.length; i++) {
msg+= "<li><strong>" + dependentPolicies[i].name + "</strong></li>";
}
msg += "</ul>";
msg += "<p>If you remove this policy, the policies above will be affected and will not be associated with this policy anymore.</p>";
}
AuthzDialog.confirmDeleteWithMsg($scope.policy.name, isPermission ? "Permission" : "Policy", msg, function() {
service.delete({realm : realm, client : $scope.client.id, id : $scope.policy.id}, null, function() {
if (isPermission) {
$location.url("/realms/" + realm + "/clients/" + $scope.client.id + "/authz/resource-server/permission");
Notifications.success("The permission has been deleted.");
} else {
$location.url("/realms/" + realm + "/clients/" + $scope.client.id + "/authz/resource-server/policy");
Notifications.success("The policy has been deleted.");
}
$route.reload();
});
});
});
}
}
module.controller('ResourceServerResourceCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerResource, client, AuthzDialog, Notifications) {
$scope.realm = realm; $scope.realm = realm;
$scope.client = client; $scope.client = client;
@ -171,6 +236,11 @@ module.controller('ResourceServerResourceCtrl', function($scope, $http, $route,
} }
} }
}; };
$scope.delete = function(resource) {
$scope.resource = resource;
Resources.delete(ResourceServerResource, $route.current.params.realm, client, $scope, AuthzDialog, $location, Notifications, $route);
};
}); });
module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $route, $location, realm, ResourceServer, client, ResourceServerResource, ResourceServerScope, AuthzDialog, Notifications) { module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $route, $location, realm, ResourceServer, client, ResourceServerResource, ResourceServerScope, AuthzDialog, Notifications) {
@ -282,30 +352,7 @@ module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $r
} }
$scope.remove = function() { $scope.remove = function() {
ResourceServerResource.permissions({ Resources.delete(ResourceServerResource, $route.current.params.realm, client, $scope, AuthzDialog, $location, Notifications, $route);
realm : $route.current.params.realm,
client : client.id,
rsrid : $scope.resource._id
}, function (permissions) {
var msg = "";
if (permissions.length > 0 && !$scope.deleteConsent) {
msg = "<p>This resource is referenced in some policies:</p>";
msg += "<ul>";
for (i = 0; i < permissions.length; i++) {
msg+= "<li><strong>" + permissions[i].name + "</strong></li>";
}
msg += "</ul>";
msg += "<p>If you remove this resource, the policies above will be affected and will not be associated with this resource anymore.</p>";
}
AuthzDialog.confirmDeleteWithMsg($scope.resource.name, "Resource", msg, function() {
ResourceServerResource.delete({realm : realm.realm, client : $scope.client.id, rsrid : $scope.resource._id}, null, function() {
$location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/resource");
Notifications.success("The resource has been deleted.");
});
});
});
} }
$scope.reset = function() { $scope.reset = function() {
@ -338,7 +385,37 @@ module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $r
} }
}); });
module.controller('ResourceServerScopeCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerScope, client) { var Scopes = {
delete: function(ResourceServerScope, realm, client, $scope, AuthzDialog, $location, Notifications, $route) {
ResourceServerScope.permissions({
realm : realm,
client : client.id,
id : $scope.scope.id
}, function (permissions) {
var msg = "";
if (permissions.length > 0 && !$scope.deleteConsent) {
msg = "<p>This scope is referenced in some permissions:</p>";
msg += "<ul>";
for (i = 0; i < permissions.length; i++) {
msg+= "<li><strong>" + permissions[i].name + "</strong></li>";
}
msg += "</ul>";
msg += "<p>If you remove this scope, the permissions above will be affected and will not be associated with this scope anymore.</p>";
}
AuthzDialog.confirmDeleteWithMsg($scope.scope.name, "Scope", msg, function() {
ResourceServerScope.delete({realm : realm, client : $scope.client.id, id : $scope.scope.id}, null, function() {
$location.url("/realms/" + realm + "/clients/" + $scope.client.id + "/authz/resource-server/scope");
$route.reload();
Notifications.success("The scope has been deleted.");
});
});
});
}
}
module.controller('ResourceServerScopeCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerScope,client, AuthzDialog, Notifications) {
$scope.realm = realm; $scope.realm = realm;
$scope.client = client; $scope.client = client;
@ -430,6 +507,11 @@ module.controller('ResourceServerScopeCtrl', function($scope, $http, $route, $lo
} }
} }
}; };
$scope.delete = function(scope) {
$scope.scope = scope;
Scopes.delete(ResourceServerScope, $route.current.params.realm, client, $scope, AuthzDialog, $location, Notifications, $route);
};
}); });
module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $route, $location, realm, ResourceServer, client, ResourceServerScope, AuthzDialog, Notifications) { module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $route, $location, realm, ResourceServer, client, ResourceServerScope, AuthzDialog, Notifications) {
@ -499,30 +581,7 @@ module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $rout
} }
$scope.remove = function() { $scope.remove = function() {
ResourceServerScope.permissions({ Scopes.delete(ResourceServerScope, $route.current.params.realm, client, $scope, AuthzDialog, $location, Notifications, $route);
realm : $route.current.params.realm,
client : client.id,
id : $scope.scope.id
}, function (permissions) {
var msg = "";
if (permissions.length > 0 && !$scope.deleteConsent) {
msg = "<p>This scope is referenced in some policies:</p>";
msg += "<ul>";
for (i = 0; i < permissions.length; i++) {
msg+= "<li><strong>" + permissions[i].name + "</strong></li>";
}
msg += "</ul>";
msg += "<p>If you remove this scope, the policies above will be affected and will not be associated with this scope anymore.</p>";
}
AuthzDialog.confirmDeleteWithMsg($scope.scope.name, "Scope", msg, function() {
ResourceServerScope.delete({realm : realm.realm, client : $scope.client.id, id : $scope.scope.id}, null, function() {
$location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/scope");
Notifications.success("The scope has been deleted.");
});
});
});
} }
$scope.reset = function() { $scope.reset = function() {
@ -554,7 +613,7 @@ module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $rout
} }
}); });
module.controller('ResourceServerPolicyCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerPolicy, PolicyProvider, client) { module.controller('ResourceServerPolicyCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerPolicy, PolicyProvider, client, AuthzDialog, Notifications) {
$scope.realm = realm; $scope.realm = realm;
$scope.client = client; $scope.client = client;
$scope.policyProviders = []; $scope.policyProviders = [];
@ -650,9 +709,14 @@ module.controller('ResourceServerPolicyCtrl', function($scope, $http, $route, $l
} }
} }
}; };
$scope.delete = function(policy) {
$scope.policy = policy;
Policies.delete(ResourceServerPolicy, $route.current.params.realm, client, $scope, AuthzDialog, $location, Notifications, $route, false);
};
}); });
module.controller('ResourceServerPermissionCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerPermission, PolicyProvider, client) { module.controller('ResourceServerPermissionCtrl', function($scope, $http, $route, $location, realm, ResourceServer, ResourceServerPermission, PolicyProvider, client, AuthzDialog, Notifications) {
$scope.realm = realm; $scope.realm = realm;
$scope.client = client; $scope.client = client;
$scope.policyProviders = []; $scope.policyProviders = [];
@ -747,6 +811,11 @@ module.controller('ResourceServerPermissionCtrl', function($scope, $http, $route
} }
} }
}; };
$scope.delete = function(policy) {
$scope.policy = policy;
Policies.delete(ResourceServerPermission, $route.current.params.realm, client, $scope, AuthzDialog, $location, Notifications, $route, true);
};
}); });
module.controller('ResourceServerPolicyDroolsDetailCtrl', function($scope, $http, $route, realm, client, PolicyController) { module.controller('ResourceServerPolicyDroolsDetailCtrl', function($scope, $http, $route, realm, client, PolicyController) {
@ -1137,27 +1206,28 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
rsrid: resource[0]._id rsrid: resource[0]._id
}, function (scopes) { }, function (scopes) {
$scope.resourceScopes = scopes; $scope.resourceScopes = scopes;
ResourceServerPolicy.scopes({
realm : $route.current.params.realm,
client : client.id,
id : policy.id
}, function(scopes) {
$scope.selectedScopes = [];
for (i = 0; i < scopes.length; i++) {
scopes[i].text = scopes[i].name;
$scope.selectedScopes.push(scopes[i].id);
}
var copy = angular.copy($scope.selectedScopes);
$scope.$watch('selectedScopes', function() {
if (!angular.equals($scope.selectedScopes, copy)) {
$scope.changed = true;
}
}, true);
});
}); });
}); });
}); });
} }
ResourceServerPolicy.scopes({
realm : $route.current.params.realm,
client : client.id,
id : policy.id
}, function(scopes) {
$scope.selectedScopes = [];
for (i = 0; i < scopes.length; i++) {
scopes[i].text = scopes[i].name;
$scope.selectedScopes.push(scopes[i].id);
}
var copy = angular.copy($scope.selectedScopes);
$scope.$watch('selectedScopes', function() {
if (!angular.equals($scope.selectedScopes, copy)) {
$scope.changed = true;
}
}, true);
});
} else { } else {
$scope.selectedResource = null; $scope.selectedResource = null;
var copy = angular.copy($scope.selectedResource); var copy = angular.copy($scope.selectedResource);
@ -2098,35 +2168,7 @@ module.service("PolicyController", function($http, $route, $location, ResourceSe
}); });
$scope.remove = function() { $scope.remove = function() {
var msg = ""; Policies.delete(ResourceServerPolicy, $route.current.params.realm, client, $scope, AuthzDialog, $location, Notifications, $route, delegate.isPermission());
service.dependentPolicies({
realm : $route.current.params.realm,
client : client.id,
id : $scope.policy.id
}, function (dependentPolicies) {
if (dependentPolicies.length > 0 && !$scope.deleteConsent) {
msg = "<p>This policy is being used by other policies:</p>";
msg += "<ul>";
for (i = 0; i < dependentPolicies.length; i++) {
msg+= "<li><strong>" + dependentPolicies[i].name + "</strong></li>";
}
msg += "</ul>";
msg += "<p>If you remove this policy, the policies above will be affected and will not be associated with this policy anymore.</p>";
}
AuthzDialog.confirmDeleteWithMsg($scope.policy.name, "Policy", msg, function() {
service.delete({realm : $scope.realm.realm, client : $scope.client.id, id : $scope.policy.id}, null, function() {
if (delegate.isPermission()) {
$location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/permission");
Notifications.success("The permission has been deleted.");
} else {
$location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/policy");
Notifications.success("The policy has been deleted.");
}
});
});
});
} }
} }
}); });

1
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/provider/resource-server-policy-scope-detail.html
View file

@ -38,7 +38,6 @@
</div> </div>
<div class="form-group clearfix" data-ng-show="selectedResource"> <div class="form-group clearfix" data-ng-show="selectedResource">
<label class="col-md-2 control-label" for="resourceScopes">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label> <label class="col-md-2 control-label" for="resourceScopes">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
<div class="col-md-6"> <div class="col-md-6">
<select ui-select2 id="resourceScopes" <select ui-select2 id="resourceScopes"
data-ng-model="selectedScopes" data-ng-model="selectedScopes"