keycloak-uncached
Changes
services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java 12(+6 -6)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java 12(+7 -5)
Details
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
index 149e526..b1e1b75 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
@@ -157,32 +157,32 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
ResourceServer server = root.realmResourceServer();
if (server == null) return;
Policy policy = managePermission();
- if (policy == null) {
+ if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
}
policy = viewPermission();
- if (policy == null) {
+ if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
}
policy = mapRolesPermission();
- if (policy == null) {
+ if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
}
policy = manageGroupMembershipPermission();
- if (policy == null) {
+ if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
}
policy = adminImpersonatingPermission();
- if (policy == null) {
+ if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
}
policy = userImpersonatedPermission();
- if (policy == null) {
+ if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java
index ea9937e..f95fe7f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java
@@ -168,6 +168,10 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
user.setUsername("child");
user.setEnabled(true);
childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
+ UserRepresentation user2 = new UserRepresentation();
+ user2.setUsername("child2");
+ user2.setEnabled(true);
+ String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");
// have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
realm.roles().create(new RoleRepresentation("user", null, false));
@@ -175,11 +179,13 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
List<RoleRepresentation> roles = new LinkedList<>();
roles.add(role);
realm.users().get(childUserId).roles().realmLevel().add(roles);
+ realm.users().get(user2Id).roles().realmLevel().add(roles);
ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
roles.clear();
roles.add(role);
realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
+ realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);
}
@@ -192,11 +198,6 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
}
-// @Test
- public void testUi() throws Exception {
- Thread.sleep(1000000000);
-
- }
@Test
public void testErrorConditions() throws Exception {
@@ -388,6 +389,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
String linkUrl = linkBuilder.clone()
.queryParam("realm", CHILD_IDP)
.queryParam("provider", PARENT_IDP).build().toString();
+ System.out.println("linkUrl: " + linkUrl);
navigateTo(linkUrl);
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java
index a1eef97..336d6b7 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java
@@ -16,6 +16,7 @@
*/
package org.keycloak.testsuite.adapter.undertow.servlet;
+import org.junit.Test;
import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
@@ -26,4 +27,15 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
@AppServerContainer("auth-server-undertow")
public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
+ //@Test
+ public void testUi() throws Exception {
+ Thread.sleep(1000000000);
+
+ }
+
+ @Override
+ @Test
+ public void testAccountLink() throws Exception {
+ super.testAccountLink();
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
index d4fe55e..6f463c9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
@@ -84,37 +84,20 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
}
public static void setupDemo(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST);
- ClientModel client = realm.addClient("sales-pipeline-application");
+ realm.addRole("realm-role");
+ ClientModel client = realm.addClient("sales-application");
RoleModel clientAdmin = client.addRole("admin");
client.addRole("leader-creator");
client.addRole("viewLeads");
- ClientModel client2 = realm.addClient("market-analysis-application");
- RoleModel client2Admin = client2.addRole("admin");
- client2.addRole("market-manager");
- client2.addRole("viewMarkets");
GroupModel sales = realm.createGroup("sales");
- RoleModel salesAppsAdminRole = realm.addRole("sales-apps-admin");
- salesAppsAdminRole.addCompositeRole(clientAdmin);
- salesAppsAdminRole.addCompositeRole(client2Admin);
- ClientModel realmManagementClient = realm.getClientByClientId("realm-management");
- RoleModel queryClient = realmManagementClient.getRole(AdminRoles.QUERY_CLIENTS);
UserModel admin = session.users().addUser(realm, "salesManager");
admin.setEnabled(true);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
- admin = session.users().addUser(realm, "sales-group-admin");
- admin.setEnabled(true);
- session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
- admin = session.users().addUser(realm, "sales-it");
- admin.setEnabled(true);
- session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
- admin = session.users().addUser(realm, "sales-pipeline-admin");
- admin.setEnabled(true);
- session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
- admin = session.users().addUser(realm, "client-admin");
+
+ admin = session.users().addUser(realm, "sales-admin");
admin.setEnabled(true);
- admin.grantRole(queryClient);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
UserModel user = session.users().addUser(realm, "salesman");