Prosoft Git

keycloak-aplcache

fixes

5/10/2017 3:19:10 PM
Bill Burke

Bill Burke

Commit: 46ec12c

Tree: 8c4dcff

Parents: a8a8ea4

Changes

services/src/main/java/org/keycloak/authorization/admin/permissions/MgmtPermissions.java 12(+12 -0)

services/src/main/java/org/keycloak/authorization/admin/permissions/RoleMgmtPermissions.java 6(+3 -3)

services/src/main/java/org/keycloak/authorization/admin/permissions/UsersPermissions.java 14(+9 -5)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java 2(+1 -1)

Details

services/src/main/java/org/keycloak/authorization/admin/permissions/MgmtPermissions.java 12(+12 -0) 

diff --git a/services/src/main/java/org/keycloak/authorization/admin/permissions/MgmtPermissions.java b/services/src/main/java/org/keycloak/authorization/admin/permissions/MgmtPermissions.java
index 84aa631..78e41e3 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/permissions/MgmtPermissions.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/permissions/MgmtPermissions.java
@@ -16,6 +16,7 @@
  */
 package org.keycloak.authorization.admin.permissions;
 
+import org.keycloak.Config;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.AuthorizationProviderFactory;
 import org.keycloak.authorization.common.KeycloakIdentity;
@@ -59,6 +60,17 @@ public class MgmtPermissions {
 
     }
 
+    public ClientModel getRealmManagementClient() {
+        ClientModel client = null;
+        if (realm.getName().equals(Config.getAdminRealm())) {
+            client = realm.getClientByClientId(Config.getAdminRealm() + "-realm");
+        } else {
+            client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
+
+        }
+        return client;
+    }
+
     public boolean isAdminSameRealm() {
         return auth == null || realm.getId().equals(auth.getRealm().getId());
     }

services/src/main/java/org/keycloak/authorization/admin/permissions/RoleMgmtPermissions.java 6(+3 -3) 

diff --git a/services/src/main/java/org/keycloak/authorization/admin/permissions/RoleMgmtPermissions.java b/services/src/main/java/org/keycloak/authorization/admin/permissions/RoleMgmtPermissions.java
index 4924131..3c784ce 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/permissions/RoleMgmtPermissions.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/permissions/RoleMgmtPermissions.java
@@ -17,6 +17,7 @@
 package org.keycloak.authorization.admin.permissions;
 
 import org.jboss.logging.Logger;
+import org.keycloak.Config;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.common.DefaultEvaluationContext;
@@ -153,19 +154,18 @@ public class RoleMgmtPermissions {
         }
     }
 
-
     private ClientModel getRoleClient(RoleModel role) {
         ClientModel client = null;
         if (role.getContainer() instanceof ClientModel) {
             client = (ClientModel)role.getContainer();
         } else {
-            client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
+            client = root.getRealmManagementClient();
         }
         return client;
     }
 
     public Policy manageUsersPolicy(ResourceServer server) {
-        RoleModel role = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID).getRole(AdminRoles.MANAGE_USERS);
+        RoleModel role = root.getRealmManagementClient().getRole(AdminRoles.MANAGE_USERS);
         return rolePolicy(server, role);
     }

services/src/main/java/org/keycloak/authorization/admin/permissions/UsersPermissions.java 14(+9 -5) 

diff --git a/services/src/main/java/org/keycloak/authorization/admin/permissions/UsersPermissions.java b/services/src/main/java/org/keycloak/authorization/admin/permissions/UsersPermissions.java
index 3f6b72a..d9a16ae 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/permissions/UsersPermissions.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/permissions/UsersPermissions.java
@@ -17,6 +17,7 @@
 package org.keycloak.authorization.admin.permissions;
 
 import org.jboss.logging.Logger;
+import org.keycloak.Config;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.common.DefaultEvaluationContext;
@@ -29,6 +30,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.authorization.permission.evaluator.PermissionEvaluator;
 import org.keycloak.authorization.policy.evaluation.DecisionResult;
 import org.keycloak.authorization.policy.evaluation.EvaluationContext;
+import org.keycloak.authorization.store.ResourceServerStore;
 import org.keycloak.authorization.util.Permissions;
 import org.keycloak.models.AdminRoles;
 import org.keycloak.models.ClientModel;
@@ -66,8 +68,9 @@ public class UsersPermissions {
         this.root = root;
     }
 
+
     private void initialize() {
-        ClientModel client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
+        ClientModel client = root.getRealmManagementClient();
         ResourceServer server = root.findOrCreateResourceServer(client);
         Scope manageScope = authz.getStoreFactory().getScopeStore().findByName(MgmtPermissions.MANAGE_SCOPE, server.getId());
         if (manageScope == null) {
@@ -101,7 +104,7 @@ public class UsersPermissions {
     }
 
     public void setPermissionsEnabled(boolean enable) {
-        ClientModel client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
+        ClientModel client = root.getRealmManagementClient();
         if (enable) {
             initialize();
         } else {
@@ -137,7 +140,7 @@ public class UsersPermissions {
     }
 
     private ResourceServer getRealmManagementResourceServer() {
-        ClientModel client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
+        ClientModel client = root.getRealmManagementClient();
         return root.findOrCreateResourceServer(client);
     }
 
@@ -147,7 +150,7 @@ public class UsersPermissions {
             auth.init(RealmAuth.Resource.USER);
             return auth.hasManage();
         } else {
-            ClientModel client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
+            ClientModel client = root.getRealmManagementClient();
             RoleModel manageUsers = client.getRole(AdminRoles.MANAGE_USERS);
             return admin.hasRole(manageUsers);
         }
@@ -232,7 +235,8 @@ public class UsersPermissions {
     }
 
     public ResourceServer resourceServer() {
-        ClientModel client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
+        ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore();
+        ClientModel client = root.getRealmManagementClient();
         return authz.getStoreFactory().getResourceServerStore().findByClient(client.getId());
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java 2(+1 -1) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
index add91cc..910d139 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
@@ -220,7 +220,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
     }
 
 
-    @Test
+    //@Test
     public void testUI() throws Exception {
         testingClient.server().run(FineGrainAdminUnitTest::setupPolices);
         testingClient.server().run(FineGrainAdminUnitTest::setupUsers);

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github