Remove effective roles filtering to avoid inconsistency (#28099)

* Changed effective roles filtering method

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>

* Adjusted remaining endpoints

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>

---------

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>
This commit is contained in:
Andreas Blättlinger 2024-07-08 14:56:55 +02:00 committed by GitHub
parent a918eb1e30
commit f4178bfa26
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -60,7 +60,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
this.auth.clients().requireView(clientScope);
return toSortedClientRoles(
addSubClientRoles(clientScope.getScopeMappingsStream())
.filter(auth.roles()::canMapClientScope));
);
}
@GET
@ -90,7 +90,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
auth.clients().requireView(client);
return toSortedClientRoles(
addSubClientRoles(client.getScopeMappingsStream())
.filter(auth.roles()::canMapRole));
);
}
@GET
@ -120,7 +120,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
auth.groups().requireView(group);
return toSortedClientRoles(
addSubClientRoles(addParents(group).flatMap(GroupModel::getRoleMappingsStream))
.filter(auth.roles()::canMapRole));
);
}
@GET
@ -154,7 +154,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
user.getGroupsStream()
.flatMap(g -> addParents(g))
.flatMap(GroupModel::getRoleMappingsStream)))
.filter(auth.roles()::canMapRole));
);
}
@GET
@ -179,9 +179,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
auth.roles().requireList(realm);
final RoleModel defaultRole = this.realm.getDefaultRole();
//this definitely does not return what the descriptions says
return toSortedClientRoles(
addSubClientRoles(Stream.of(defaultRole))
.filter(auth.roles()::canMapRole));
return toSortedClientRoles(addSubClientRoles(Stream.of(defaultRole)));
}
private Stream<RoleModel> addSubClientRoles(Stream<RoleModel> roles) {