Prosoft Git

keycloak-aplcache

Merge pull request #4726 from patriot1burke/master KEYCLOAK-5878

11/20/2017 8:39:58 PM
Bill Burke

Bill Burke

Commit: 186b10a

Tree: 95db4e7

Parents: 08ca030
06762ba

Changes

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java 15(+13 -2)

services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java 1(+1 -0)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java 24(+23 -1)

Details

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java 15(+13 -2) 

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
index b5fa96d..f478e0b 100755
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
@@ -49,8 +49,17 @@ public interface UsersResource {
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     List<UserRepresentation> search(@QueryParam("search") String search,
-                                           @QueryParam("first") Integer firstResult,
-                                           @QueryParam("max") Integer maxResults);
+                                    @QueryParam("first") Integer firstResult,
+                                    @QueryParam("max") Integer maxResults);
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<UserRepresentation> list(@QueryParam("first") Integer firstResult,
+                                  @QueryParam("max") Integer maxResults);
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<UserRepresentation> list();
 
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
@@ -67,4 +76,6 @@ public interface UsersResource {
     @Path("{id}")
     @DELETE
     Response delete(@PathParam("id") String id);
+
+
 }

services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java 1(+1 -0) 

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
index c6aa3c6..c2a4689 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
@@ -98,6 +98,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
             Set<Scope> scopeset = new HashSet<>();
             scopeset.add(manageScope);
             scopeset.add(viewScope);
+            scopeset.add(viewMembersScope);
             scopeset.add(manageMembershipScope);
             scopeset.add(manageMembersScope);
             groupResource.updateScopes(scopeset);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java 24(+23 -1) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
index 7c4314a..1df6612 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
@@ -294,8 +294,18 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
         clientConfigurePolicy.addAssociatedPolicy(userPolicy);
 
 
+        UserModel groupViewer = session.users().addUser(realm, "groupViewer");
+        groupViewer.grantRole(queryGroupsRole);
+        groupViewer.grantRole(queryUsersRole);
+        groupViewer.setEnabled(true);
+        session.userCredentialManager().updateCredential(realm, groupViewer, UserCredentialModel.password("password"));
 
-
+        UserPolicyRepresentation groupViewMembersRep = new UserPolicyRepresentation();
+        groupViewMembersRep.setName("groupMemberViewers");
+        groupViewMembersRep.addUser("groupViewer");
+        Policy groupViewMembersPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(groupViewMembersRep, server);
+        Policy groupViewMembersPermission = permissions.groups().viewMembersPermission(group);
+        groupViewMembersPermission.addAssociatedPolicy(groupViewMembersPolicy);
 
 
     }
@@ -600,7 +610,19 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
             }
         }
 
+        // KEYCLOAK-5878
 
+        {
+            Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
+                    TEST, "groupViewer", "password", Constants.ADMIN_CLI_CLIENT_ID, null);
+            // Should only return the list of users that belong to "top" group
+            List<UserRepresentation> queryUsers = realmClient.realm(TEST).users().list();
+            Assert.assertEquals(queryUsers.size(), 1);
+            Assert.assertEquals("groupmember", queryUsers.get(0).getUsername());
+            for (UserRepresentation user : queryUsers) {
+                System.out.println(user.getUsername());
+            }
+        }
     }
 
     @Test

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github