Avoid running org related code if there are no orgs in a realm
Closes #33424 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor
Alexander Schwartz
parent
ebfb42f9c5
commit
ef48a3a360
3 changed files with 47 additions and 23 deletions
|
|
@ -338,15 +338,13 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
|
|||
protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
|
||||
int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
|
||||
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
|
||||
if (isOrganizationDisabled(session, delegate)) {
|
||||
return new ReadOnlyUserModelDelegate(delegate) {
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
}
|
||||
if (isReadOnlyOrganizationMember(delegate)) {
|
||||
return new ReadOnlyUserModelDelegate(delegate) {
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
CachedUser cached;
|
||||
|
|
@ -978,10 +976,22 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
|
|||
return List.of();
|
||||
}
|
||||
|
||||
private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) {
|
||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
||||
private boolean isReadOnlyOrganizationMember(UserModel delegate) {
|
||||
if (delegate == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
|
||||
|
||||
if (organizationProvider.count() == 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
||||
return organizationProvider.getByMember(delegate)
|
||||
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
|
||||
(!organizationProvider.isEnabled() && org.isManaged(delegate)));
|
||||
|
|
|
|||
|
|
@ -114,16 +114,13 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
|
|||
*/
|
||||
protected UserModel importValidation(RealmModel realm, UserModel user) {
|
||||
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION) && user != null) {
|
||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
||||
if (isOrganizationDisabled(session, user)) {
|
||||
return new ReadOnlyUserModelDelegate(user) {
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
}
|
||||
if (isReadOnlyOrganizationMember(user)) {
|
||||
return new ReadOnlyUserModelDelegate(user) {
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
if (user == null || user.getFederationLink() == null) return user;
|
||||
|
|
@ -932,10 +929,22 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
|
|||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) {
|
||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
||||
private boolean isReadOnlyOrganizationMember(UserModel delegate) {
|
||||
if (delegate == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
|
||||
|
||||
if (organizationProvider.count() == 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
||||
return organizationProvider.getByMember(delegate)
|
||||
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
|
||||
(!organizationProvider.isEnabled() && org.isManaged(delegate)));
|
||||
|
|
|
|||
|
|
@ -191,6 +191,11 @@ public class Organizations {
|
|||
}
|
||||
|
||||
OrganizationProvider provider = getProvider(session);
|
||||
|
||||
if (provider.count() == 0) {
|
||||
return null;
|
||||
}
|
||||
|
||||
AuthenticationSessionModel authSession = session.getContext().getAuthenticationSession();
|
||||
|
||||
if (authSession != null) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue