From 479295cfd247e6c97e60c6421e939e9596e447fe Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Fri, 28 Oct 2016 10:13:49 +0200 Subject: [PATCH] KEYCLOAK-3225 Modifying user's Identity Provider Links requires manage-realm client role --- .../UserFederationProvidersResource.java | 2 +- .../testsuite/admin/PermissionsTest.java | 26 +++++++++---------- .../resources/partials/federated-generic.html | 4 +-- .../partials/federated-kerberos.html | 4 +-- .../resources/partials/federated-ldap.html | 4 +-- .../partials/realm-keys-providers.html | 2 +- .../resources/partials/user-federation.html | 4 +-- .../partials/user-storage-generic.html | 4 +-- .../resources/partials/user-storage.html | 2 +- .../admin/resources/templates/kc-menu.html | 2 +- 10 files changed, 27 insertions(+), 27 deletions(-) diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java index 8a7046300b..8854a7bbd1 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java @@ -90,7 +90,7 @@ public class UserFederationProvidersResource { this.realm = realm; this.adminEvent = adminEvent.resource(ResourceType.USER_FEDERATION_PROVIDER); - auth.init(RealmAuth.Resource.USER); + auth.init(RealmAuth.Resource.REALM); } /** diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java index e1fe92c098..29252d98d4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java @@ -1512,69 +1512,69 @@ public class PermissionsTest extends AbstractKeycloakTest { public void invoke(RealmResource realm) { realm.userFederation().getProviderInstances(); } - }, Resource.USER, false); + }, Resource.REALM, false); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().getProviderFactories(); } - }, Resource.USER, false); + }, Resource.REALM, false); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().getProviderFactory("nosuch"); } - }, Resource.USER, false); + }, Resource.REALM, false); invoke(new InvocationWithResponse() { public void invoke(RealmResource realm, AtomicReference response) { UserFederationProviderRepresentation rep = new UserFederationProviderRepresentation(); rep.setProviderName("ldap"); response.set(realm.userFederation().create(rep)); } - }, Resource.USER, true); + }, Resource.REALM, true); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").toRepresentation(); } - }, Resource.USER, false); + }, Resource.REALM, false); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").update(new UserFederationProviderRepresentation()); } - }, Resource.USER, true); + }, Resource.REALM, true); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").remove(); } - }, Resource.USER, true); + }, Resource.REALM, true); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").syncUsers("nosuch"); } - }, Resource.USER, true); + }, Resource.REALM, true); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").getMapperTypes(); } - }, Resource.USER, false); + }, Resource.REALM, false); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").getMappers(); } - }, Resource.USER, false); + }, Resource.REALM, false); invoke(new InvocationWithResponse() { public void invoke(RealmResource realm, AtomicReference response) { response.set(realm.userFederation().get("nosuch").addMapper(new UserFederationMapperRepresentation())); } - }, Resource.USER, true); + }, Resource.REALM, true); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").getMapperById("nosuch"); } - }, Resource.USER, false); + }, Resource.REALM, false); invoke(new Invocation() { public void invoke(RealmResource realm) { realm.userFederation().get("nosuch").syncMapperData("nosuch", "nosuch"); } - }, Resource.USER, true); + }, Resource.REALM, true); } @Test diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html b/themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html index 06c64d6152..b680b6581f 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html @@ -75,14 +75,14 @@
-
+
-
+
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html b/themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html index 74ac52fcbd..6e4305d585 100644 --- a/themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html @@ -91,14 +91,14 @@
-
+
-
+
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html b/themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html index d2a75c22b6..1208c3b801 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html @@ -280,14 +280,14 @@
-
+
-
+
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html index af25c11220..810569a193 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html @@ -26,7 +26,7 @@ - + - +
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html b/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html index 92ec018cb7..e4d2e4fb32 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html @@ -13,7 +13,7 @@

Keycloak can federate external user databases. Out of the box we have support for LDAP and Active Directory.

To get started select a provider from the dropdown below:

-
+
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/user-storage-generic.html b/themes/src/main/resources/theme/base/admin/resources/partials/user-storage-generic.html index 0108cdeb69..7d0f5e967a 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/user-storage-generic.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/user-storage-generic.html @@ -217,14 +217,14 @@
-
+
-
+
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/user-storage.html b/themes/src/main/resources/theme/base/admin/resources/partials/user-storage.html index 156a1ff651..aaf2158291 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/user-storage.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/user-storage.html @@ -5,7 +5,7 @@ - +
diff --git a/themes/src/main/resources/theme/base/admin/resources/templates/kc-menu.html b/themes/src/main/resources/theme/base/admin/resources/templates/kc-menu.html index daa0b347fb..e38cf3c193 100755 --- a/themes/src/main/resources/theme/base/admin/resources/templates/kc-menu.html +++ b/themes/src/main/resources/theme/base/admin/resources/templates/kc-menu.html @@ -39,7 +39,7 @@ || path[2] == 'identity-provider-mappers' || path[1] == 'identity-provider-mappers' || path[1] == 'identity-provider') && 'active'"> {{:: 'identity-providers' | translate}} -
  • {{:: 'user-federation' | translate}}
  • {{:: 'authentication' | translate}}