don't clean up properly

2017-06-29 17:36:45 -04:00 · 2017-06-29 17:36:45 -04:00 · f5389b0e17
commit f5389b0e17
parent b771960e21
4 changed files with 29 additions and 32 deletions
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
@ -157,32 +157,32 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
        ResourceServer server = root.realmResourceServer();
        if (server == null) return;
        Policy policy = managePermission();
-        if (policy == null) {
+        if (policy != null) {
            authz.getStoreFactory().getPolicyStore().delete(policy.getId());

        }
        policy = viewPermission();
-        if (policy == null) {
+        if (policy != null) {
            authz.getStoreFactory().getPolicyStore().delete(policy.getId());

        }
        policy = mapRolesPermission();
-        if (policy == null) {
+        if (policy != null) {
            authz.getStoreFactory().getPolicyStore().delete(policy.getId());

        }
        policy = manageGroupMembershipPermission();
-        if (policy == null) {
+        if (policy != null) {
            authz.getStoreFactory().getPolicyStore().delete(policy.getId());

        }
        policy = adminImpersonatingPermission();
-        if (policy == null) {
+        if (policy != null) {
            authz.getStoreFactory().getPolicyStore().delete(policy.getId());

        }
        policy = userImpersonatedPermission();
-        if (policy == null) {
+        if (policy != null) {
            authz.getStoreFactory().getPolicyStore().delete(policy.getId());

        }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java
@ -168,6 +168,10 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
        user.setUsername("child");
        user.setEnabled(true);
        childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
+        UserRepresentation user2 = new UserRepresentation();
+        user2.setUsername("child2");
+        user2.setEnabled(true);
+        String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");

        // have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
        realm.roles().create(new RoleRepresentation("user", null, false));
@ -175,11 +179,13 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
        List<RoleRepresentation> roles = new LinkedList<>();
        roles.add(role);
        realm.users().get(childUserId).roles().realmLevel().add(roles);
+        realm.users().get(user2Id).roles().realmLevel().add(roles);
        ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
        role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
        roles.clear();
        roles.add(role);
        realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
+        realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);

    }

@ -192,11 +198,6 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
        BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
    }

-//    @Test
-    public void testUi() throws Exception {
-        Thread.sleep(1000000000);
-
-    }

    @Test
    public void testErrorConditions() throws Exception {
@ -388,6 +389,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
        String linkUrl = linkBuilder.clone()
                .queryParam("realm", CHILD_IDP)
                .queryParam("provider", PARENT_IDP).build().toString();
+        System.out.println("linkUrl: " + linkUrl);
        navigateTo(linkUrl);
        Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
        Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java
@ -16,6 +16,7 @@
 */
 package org.keycloak.testsuite.adapter.undertow.servlet;

+import org.junit.Test;
 import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
 import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;

@ -26,4 +27,15 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
@AppServerContainer("auth-server-undertow")
 public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {

+    //@Test
+    public void testUi() throws Exception {
+        Thread.sleep(1000000000);
+
+    }
+
+    @Override
+    @Test
+    public void testAccountLink() throws Exception {
+        super.testAccountLink();
+    }
 }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
@ -75,38 +75,21 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
    }
    public static void setupDemo(KeycloakSession session) {
        RealmModel realm = session.realms().getRealmByName(TEST);
-        ClientModel client = realm.addClient("sales-pipeline-application");
+        realm.addRole("realm-role");
+        ClientModel client = realm.addClient("sales-application");
        RoleModel clientAdmin = client.addRole("admin");
        client.addRole("leader-creator");
        client.addRole("viewLeads");
-        ClientModel client2 = realm.addClient("market-analysis-application");
-        RoleModel client2Admin = client2.addRole("admin");
-        client2.addRole("market-manager");
-        client2.addRole("viewMarkets");
        GroupModel sales = realm.createGroup("sales");
-        RoleModel salesAppsAdminRole = realm.addRole("sales-apps-admin");
-        salesAppsAdminRole.addCompositeRole(clientAdmin);
-        salesAppsAdminRole.addCompositeRole(client2Admin);
-        ClientModel realmManagementClient = realm.getClientByClientId("realm-management");
-        RoleModel queryClient = realmManagementClient.getRole(AdminRoles.QUERY_CLIENTS);


        UserModel admin = session.users().addUser(realm, "salesManager");
        admin.setEnabled(true);
        session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
-        admin = session.users().addUser(realm, "sales-group-admin");
+
+        admin = session.users().addUser(realm, "sales-admin");
        admin.setEnabled(true);
        session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
-        admin = session.users().addUser(realm, "sales-it");
-        admin.setEnabled(true);
-        session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
-        admin = session.users().addUser(realm, "sales-pipeline-admin");
-        admin.setEnabled(true);
-        session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
-        admin = session.users().addUser(realm, "client-admin");
-        admin.setEnabled(true);
-        admin.grantRole(queryClient);
-        session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));

        UserModel user = session.users().addUser(realm, "salesman");
        user.setEnabled(true);