diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/aggregated/AggregatePolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/aggregated/AggregatePolicyProviderFactory.java index 73443d1f06..0cfbabd55e 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/aggregated/AggregatePolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/aggregated/AggregatePolicyProviderFactory.java @@ -73,6 +73,11 @@ public class AggregatePolicyProviderFactory implements PolicyProviderFactory()); } + @Override + public void onImport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) { + verifyCircularReference(policy, new ArrayList<>()); + } + private void verifyCircularReference(Policy policy, List ids) { if (!policy.getType().equals("aggregate")) { return; diff --git a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js index a032243e23..3db9401325 100644 --- a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js @@ -1340,6 +1340,8 @@ module.controller('ResourceServerPolicyUserDetailCtrl', function($scope, $route, $scope.$watch('selectedUsers', function() { if (!angular.equals($scope.selectedUsers, selectedUsers)) { $scope.changed = true; + } else { + $scope.changed = false; } }, true); }, @@ -1413,8 +1415,11 @@ module.controller('ResourceServerPolicyClientDetailCtrl', function($scope, $rout $scope.selectedClients.push(client); } - $scope.removeFromList = function(list, index) { - list.splice(index, 1); + $scope.removeFromList = function(client) { + var index = $scope.selectedClients.indexOf(client); + if (index != -1) { + $scope.selectedClients.splice(index, 1); + } } }, @@ -1435,6 +1440,8 @@ module.controller('ResourceServerPolicyClientDetailCtrl', function($scope, $rout $scope.$watch('selectedClients', function() { if (!angular.equals($scope.selectedClients, selectedClients)) { $scope.changed = true; + } else { + $scope.changed = false; } }, true); }, @@ -1449,6 +1456,16 @@ module.controller('ResourceServerPolicyClientDetailCtrl', function($scope, $rout $scope.policy.config.clients = JSON.stringify(clients); }, + onInitCreate : function() { + var selectedClients = []; + + $scope.$watch('selectedClients', function() { + if (!angular.equals($scope.selectedClients, selectedClients)) { + $scope.changed = true; + } + }, true); + }, + onCreate : function() { var clients = []; @@ -1572,6 +1589,8 @@ module.controller('ResourceServerPolicyRoleDetailCtrl', function($scope, $route, $scope.$watch('selectedRoles', function() { if (!angular.equals($scope.selectedRoles, selectedRoles)) { $scope.changed = true; + } else { + $scope.changed = false; } }, true); }, @@ -1589,6 +1608,7 @@ module.controller('ResourceServerPolicyRoleDetailCtrl', function($scope, $route, } $scope.policy.roles = roles; + delete $scope.policy.config; }, onCreate : function() { @@ -1604,6 +1624,7 @@ module.controller('ResourceServerPolicyRoleDetailCtrl', function($scope, $route, } $scope.policy.roles = roles; + delete $scope.policy.config; } }, realm, client, $scope); @@ -1774,18 +1795,25 @@ module.controller('ResourceServerPolicyAggregateDetailCtrl', function($scope, $r client : client.id, id : policy.id }, function(policies) { + $scope.selectedPolicies = []; for (i = 0; i < policies.length; i++) { policies[i].text = policies[i].name; - $scope.policy.config.applyPolicies.push(policies[i]); + $scope.selectedPolicies.push(policies[i]); } + var copy = angular.copy($scope.selectedPolicies); + $scope.$watch('selectedPolicies', function() { + if (!angular.equals($scope.selectedPolicies, copy)) { + $scope.changed = true; + } + }, true); }); }, onUpdate : function() { var policies = []; - for (i = 0; i < $scope.policy.config.applyPolicies.length; i++) { - policies.push($scope.policy.config.applyPolicies[i].id); + for (i = 0; i < $scope.selectedPolicies.length; i++) { + policies.push($scope.selectedPolicies[i].id); } $scope.policy.config.applyPolicies = JSON.stringify(policies); @@ -1799,8 +1827,8 @@ module.controller('ResourceServerPolicyAggregateDetailCtrl', function($scope, $r onCreate : function() { var policies = []; - for (i = 0; i < $scope.policy.config.applyPolicies.length; i++) { - policies.push($scope.policy.config.applyPolicies[i].id); + for (i = 0; i < $scope.selectedPolicies.length; i++) { + policies.push($scope.selectedPolicies[i].id); } $scope.policy.config.applyPolicies = JSON.stringify(policies); diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js index 108d609b98..a2cbea4c84 100755 --- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js @@ -1111,6 +1111,12 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, templates, } else if ($scope.clientEdit.bearerOnly) { $scope.clientEdit.serviceAccountsEnabled = false; } + if ($scope.client.authorizationServicesEnabled && !$scope.clientEdit.authorizationServicesEnabled) { + Dialog.confirm("Disable Authorization Settings", "Are you sure you want to disable authorization ? Once you save your changes, all authorization settings associated with this client will be removed. This operation can not be reverted.", function () { + }, function () { + $scope.clientEdit.authorizationServicesEnabled = true; + }); + } } $scope.$watch('clientEdit', function() { @@ -1240,15 +1246,6 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, templates, $scope.cancel = function() { $location.url("/realms/" + realm.realm + "/clients"); }; - - $scope.onAuthorizationSettingsChange = function () { - if ($scope.client.authorizationServicesEnabled && !$scope.clientEdit.authorizationServicesEnabled) { - Dialog.confirm("Disable Authorization Settings", "Are you sure you want to disable authorization ? Once you save your changes, all authorization settings associated with this client will be removed. This operation can not be reverted.", function () { - }, function () { - $scope.clientEdit.authorizationServicesEnabled = true; - }); - } - } }); module.controller('CreateClientCtrl', function($scope, realm, client, templates, $route, serverInfo, Client, ClientDescriptionConverter, $location, $modal, Dialog, Notifications) { diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-aggregate-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-aggregate-detail.html index 2544d3c2d4..adb586b039 100644 --- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-aggregate-detail.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-aggregate-detail.html @@ -34,7 +34,7 @@
- +
{{:: 'authz-policy-apply-policy.tooltip' | translate}} diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-client-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-client-detail.html index 634b836913..dda34a2ae7 100644 --- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-client-detail.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-client-detail.html @@ -53,7 +53,7 @@ {{client.clientId}} - + diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html index 6b890e5cf5..3eb084f44d 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html @@ -114,7 +114,7 @@ {{:: 'authz-authorization-services-enabled.tooltip' | translate}}
- +