keycloak-aplcache
Changes
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html 6(+6 -0)
Details
diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
index 3caf2ea..8982a29 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
@@ -21,6 +21,7 @@ import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation;
import static org.keycloak.models.utils.RepresentationToModel.toModel;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -48,9 +49,9 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore;
+import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.Constants;
-import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
@@ -299,6 +300,7 @@ public class PolicyService {
@QueryParam("name") String name,
@QueryParam("type") String type,
@QueryParam("resource") String resource,
+ @QueryParam("scope") String scope,
@QueryParam("permission") Boolean permission,
@QueryParam("first") Integer firstResult,
@QueryParam("max") Integer maxResult) {
@@ -319,27 +321,40 @@ public class PolicyService {
}
StoreFactory storeFactory = authorization.getStoreFactory();
-
PolicyStore policyStore = storeFactory.getPolicyStore();
- if (resource != null && !"".equals(resource.trim())) {
+
+ if (resource != null || scope != null) {
List<Policy> policies = new ArrayList<>();
- HashMap<String, String[]> resourceSearch = new HashMap<>();
- resourceSearch.put("name", new String[] {resource});
+ if (resource != null && !"".equals(resource.trim())) {
+ HashMap<String, String[]> resourceSearch = new HashMap<>();
+
+ resourceSearch.put("name", new String[]{resource});
+
+ storeFactory.getResourceStore().findByResourceServer(resourceSearch, resourceServer.getId(), -1, 1).forEach(resource1 -> {
+ policies.addAll(policyStore.findByResource(resource1.getId(), resourceServer.getId()));
+ if (resource1.getType() != null) {
+ policies.addAll(policyStore.findByResourceType(resource1.getType(), resourceServer.getId()));
+ }
+ });
+ }
+
+ if (scope != null && !"".equals(scope.trim())) {
+ HashMap<String, String[]> scopeSearch = new HashMap<>();
+
+ scopeSearch.put("name", new String[]{scope});
- ResourceStore resourceStore = storeFactory.getResourceStore();
- resourceStore.findByResourceServer(resourceSearch, resourceServer.getId(), -1, -1).forEach(resource1 -> {
- policyStore.findByResource(resource1.getId(), resourceServer.getId()).forEach(policyRepresentation -> {
- Policy associated = policyStore.findById(policyRepresentation.getId(), resourceServer.getId());
- policies.add(associated);
- findAssociatedPolicies(associated, policies);
+ storeFactory.getScopeStore().findByResourceServer(scopeSearch, resourceServer.getId(), -1, 1).forEach(scope1 -> {
+ policies.addAll(policyStore.findByScopeIds(Arrays.asList(scope1.getId()), resourceServer.getId()));
});
- });
+ }
if (policies.isEmpty()) {
return Response.ok(Collections.emptyList()).build();
}
+ new ArrayList<>(policies).forEach(policy -> findAssociatedPolicies(policy, policies));
+
search.put("id", policies.stream().map(Policy::getId).toArray(String[]::new));
}
diff --git a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
index 774b6d7..e40fcec 100644
--- a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
@@ -245,7 +245,7 @@ module.controller('ResourceServerResourceDetailCtrl', function($scope, $http, $r
});
}
- $scope.cancel = function() {
+ $scope.reset = function() {
$location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/resource/");
}
} else {
@@ -465,6 +465,10 @@ module.controller('ResourceServerScopeDetailCtrl', function($scope, $http, $rout
});
});
}
+
+ $scope.reset = function() {
+ $location.url("/realms/" + realm.realm + "/clients/" + $scope.client.id + "/authz/resource-server/scope/");
+ }
} else {
ResourceServerScope.get({
realm : $route.current.params.realm,
@@ -1807,7 +1811,7 @@ module.service("PolicyController", function($http, $route, $location, ResourceSe
});
}
- $scope.cancel = function() {
+ $scope.reset = function() {
if (delegate.isPermission()) {
$location.url("/realms/" + realm.realm + "/clients/" + client.id + "/authz/resource-server/permission/");
} else {
diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
index acb7f86..108d609 100755
--- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
@@ -1240,6 +1240,15 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, templates,
$scope.cancel = function() {
$location.url("/realms/" + realm.realm + "/clients");
};
+
+ $scope.onAuthorizationSettingsChange = function () {
+ if ($scope.client.authorizationServicesEnabled && !$scope.clientEdit.authorizationServicesEnabled) {
+ Dialog.confirm("Disable Authorization Settings", "Are you sure you want to disable authorization ? Once you save your changes, all authorization settings associated with this client will be removed. This operation can not be reverted.", function () {
+ }, function () {
+ $scope.clientEdit.authorizationServicesEnabled = true;
+ });
+ }
+ }
});
module.controller('CreateClientCtrl', function($scope, realm, client, templates, $route, serverInfo, Client, ClientDescriptionConverter, $location, $modal, Dialog, Notifications) {
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
index aea5c01..3c761a5 100644
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
@@ -29,6 +29,12 @@
</div>
</div>
<div class="input-group">
+ <input type="text" placeholder="{{:: 'authz-scope' | translate}}" data-ng-model="query.scope" class="form-control search" onkeydown="if (event.keyCode == 13) document.getElementById('policySearch').click()">
+ <div class="input-group-addon">
+ <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
+ </div>
+ </div>
+ <div class="input-group">
<select class="form-control search" data-ng-model="query.type"
ng-options="p.type as p.name group by p.group for p in policyProviders track by p.type" data-ng-change="firstPage()">
<option value="" selected ng-click="query.type = ''">{{:: 'authz-all-types' | translate}}</option>
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
index 34360c3..999eb9f 100644
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
@@ -29,6 +29,12 @@
</div>
</div>
<div class="input-group">
+ <input type="text" placeholder="{{:: 'authz-scope' | translate}}" data-ng-model="query.scope" class="form-control search" onkeydown="if (event.keyCode == 13) document.getElementById('policySearch').click()">
+ <div class="input-group-addon">
+ <i class="fa fa-search" type="submit" data-ng-click="firstPage()"></i>
+ </div>
+ </div>
+ <div class="input-group">
<select class="form-control search" data-ng-model="query.type"
ng-options="p.type as p.name for p in policyProviders track by p.type" data-ng-change="firstPage()">
<option value="" selected ng-click="query.type = ''">{{:: 'authz-all-types' | translate}}</option>
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
index 3eb084f..6b890e5 100755
--- a/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
@@ -114,7 +114,7 @@
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
<div class="col-md-6">
- <input ng-model="clientEdit.authorizationServicesEnabled" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
+ <input ng-model="clientEdit.authorizationServicesEnabled" ng-click="onAuthorizationSettingsChange()" name="authorizationServicesEnabled" id="authorizationServicesEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
</div>
</div>
<div class="form-group clearfix block" data-ng-show="protocol == 'saml'">