libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

fix

Browse source
This commit is contained in:
Bill Burke 2017-06-23 09:57:25 -04:00
parent 39dea4b078
commit e7f781df5a
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java
View file

@ -289,7 +289,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
if (root.evaluatePermission(roleResource, mapRoleScope, resourceServer)) { if (root.evaluatePermission(roleResource, mapRoleScope, resourceServer)) {
return checkAdminRoles(role); return checkAdminRoles(role);
} else { } else {
return true; return false;
} }
} }
@ -348,7 +348,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
@Override @Override
public boolean canMapComposite(RoleModel role) { public boolean canMapComposite(RoleModel role) {
if (canManageDefault(role)) return true; if (canManageDefault(role)) return checkAdminRoles(role);
if (!root.isAdminSameRealm()) { if (!root.isAdminSameRealm()) {
return false; return false;
@ -370,7 +370,11 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
Resource roleResource = resource(role); Resource roleResource = resource(role);
Scope scope = mapCompositeScope(resourceServer); Scope scope = mapCompositeScope(resourceServer);
return root.evaluatePermission(roleResource, scope, resourceServer); if (root.evaluatePermission(roleResource, scope, resourceServer)) {
return checkAdminRoles(role);
} else {
return false;
}
} }
@Override @Override