import React, { useState } from "react"; import { useTranslation } from "react-i18next"; import { Controller, FormProvider, useForm } from "react-hook-form"; import { FormGroup, Select, SelectVariant, SelectOption, PageSection, ActionGroup, Button, Switch, ExpandableSection, } from "@patternfly/react-core"; import type ClientRepresentation from "@keycloak/keycloak-admin-client/lib/defs/clientRepresentation"; import type RoleRepresentation from "@keycloak/keycloak-admin-client/lib/defs/roleRepresentation"; import type EvaluationResultRepresentation from "@keycloak/keycloak-admin-client/lib/defs/evaluationResultRepresentation"; import type ResourceEvaluation from "@keycloak/keycloak-admin-client/lib/defs/resourceEvaluation"; import type ResourceRepresentation from "@keycloak/keycloak-admin-client/lib/defs/resourceRepresentation"; import type ScopeRepresentation from "@keycloak/keycloak-admin-client/lib/defs/scopeRepresentation"; import type PolicyEvaluationResponse from "@keycloak/keycloak-admin-client/lib/defs/policyEvaluationResponse"; import type { KeyValueType } from "../../components/key-value-form/key-value-convert"; import { KeycloakTextInput } from "../../components/keycloak-text-input/KeycloakTextInput"; import { FormAccess } from "../../components/form-access/FormAccess"; import { HelpItem } from "../../components/help-enabler/HelpItem"; import { FormPanel } from "../../components/scroll-form/FormPanel"; import { useAdminClient, useFetch } from "../../context/auth/AdminClient"; import { useRealm } from "../../context/realm-context/RealmContext"; import { KeyBasedAttributeInput } from "./KeyBasedAttributeInput"; import { defaultContextAttributes } from "../utils"; import { useAccess } from "../../context/access/Access"; import { ForbiddenSection } from "../../ForbiddenSection"; import { Results } from "./evaluate/Results"; import { ClientSelect } from "../../components/client/ClientSelect"; import "./auth-evaluate.css"; import { UserSelect } from "../../components/users/UserSelect"; interface EvaluateFormInputs extends Omit { alias: string; authScopes: string[]; context: { attributes: Record[]; }; resources?: Record[]; client: ClientRepresentation; user: string[]; } export type AttributeType = { key: string; name: string; custom?: boolean; values?: { [key: string]: string; }[]; }; type ClientSettingsProps = { client: ClientRepresentation; save: () => void; }; export type AttributeForm = Omit< EvaluateFormInputs, "context" | "resources" > & { context: { attributes?: KeyValueType[]; }; resources?: KeyValueType[]; }; type Props = ClientSettingsProps & EvaluationResultRepresentation; export const AuthorizationEvaluate = ({ client }: Props) => { const form = useForm({ mode: "onChange" }); const { control, register, reset, errors, trigger, formState: { isValid }, } = form; const { t } = useTranslation("clients"); const adminClient = useAdminClient(); const realm = useRealm(); const [scopesDropdownOpen, setScopesDropdownOpen] = useState(false); const [roleDropdownOpen, setRoleDropdownOpen] = useState(false); const [isExpanded, setIsExpanded] = useState(false); const [applyToResourceType, setApplyToResourceType] = useState(false); const [resources, setResources] = useState([]); const [scopes, setScopes] = useState([]); const [evaluateResult, setEvaluateResult] = useState(); const [clientRoles, setClientRoles] = useState([]); const { hasAccess } = useAccess(); if (!hasAccess("view-users")) return ; useFetch( () => adminClient.roles.find(), (roles) => { setClientRoles(roles); }, [] ); useFetch( () => Promise.all([ adminClient.clients.listResources({ id: client.id!, }), adminClient.clients.listAllScopes({ id: client.id!, }), ]), ([resources, scopes]) => { setResources(resources); setScopes(scopes); }, [] ); const evaluate = async () => { if (!(await trigger())) { return; } const formValues = form.getValues(); const keys = formValues.resources?.map(({ key }) => key); const resEval: ResourceEvaluation = { roleIds: formValues.roleIds ?? [], clientId: formValues.client.id!, userId: formValues.user[0], resources: formValues.resources?.filter((resource) => keys?.includes(resource.name!) ), entitlements: false, context: { attributes: Object.fromEntries( formValues.context.attributes .filter((item) => item.key || item.value !== "") .map(({ key, value }) => [key, value]) ), }, }; const evaluation = await adminClient.clients.evaluateResource( { id: client.id!, realm: realm.realm }, resEval ); setEvaluateResult(evaluation); return evaluation; }; if (evaluateResult) { return ( setEvaluateResult(undefined)} /> ); } return ( } fieldId="realmRole" validated={errors.roleIds ? "error" : "default"} helperTextInvalid={t("common:required")} isRequired > value.length > 0 }} render={({ onChange, value }) => ( )} /> } > {!applyToResourceType ? ( } helperTextInvalid={t("common:required")} fieldId="resourcesAndAuthScopes" > ((item) => ({ name: item.name!, key: item._id!, }))} resources={resources} name="resources" /> ) : ( <> } fieldId="client" validated={form.errors.alias ? "error" : "default"} helperTextInvalid={t("common:required")} > } fieldId="authScopes" > ( )} /> )} setIsExpanded(!isExpanded)} isExpanded={isExpanded} > } helperTextInvalid={t("common:required")} fieldId="contextualAttributes" > ); };