use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.
the class UsersTest method setupTestEnvironmentWithPermissions.
private RealmResource setupTestEnvironmentWithPermissions(boolean grp1ViewPermissions) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
String testUserId = createUser(realmId, "test-user", "password", "", "", "");
// assign 'query-users' role to test user
ClientRepresentation clientRepresentation = realm.clients().findByClientId("realm-management").get(0);
String realmManagementId = clientRepresentation.getId();
RoleRepresentation roleRepresentation = realm.clients().get(realmManagementId).roles().get("query-users").toRepresentation();
realm.users().get(testUserId).roles().clientLevel(realmManagementId).add(Collections.singletonList(roleRepresentation));
// create test users and groups
List<GroupRepresentation> groups = setupUsersInGroupsWithPermissions();
if (grp1ViewPermissions) {
AuthorizationResource authorizationResource = realm.clients().get(realmManagementId).authorization();
// create a user policy for the test user
UserPolicyRepresentation policy = new UserPolicyRepresentation();
String policyName = "test-policy";
policy.setName(policyName);
policy.setUsers(Collections.singleton(testUserId));
authorizationResource.policies().user().create(policy).close();
PolicyRepresentation policyRepresentation = authorizationResource.policies().findByName(policyName);
// add the policy to grp1
Optional<GroupRepresentation> optional = groups.stream().filter(g -> g.getName().equals("grp1")).findFirst();
assertThat(optional.isPresent(), is(true));
GroupRepresentation grp1 = optional.get();
ScopePermissionRepresentation scopePermissionRepresentation = authorizationResource.permissions().scope().findByName("view.members.permission.group." + grp1.getId());
scopePermissionRepresentation.setPolicies(Collections.singleton(policyRepresentation.getId()));
scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
authorizationResource.permissions().scope().findById(scopePermissionRepresentation.getId()).update(scopePermissionRepresentation);
}
Keycloak testUserClient = AdminClientUtil.createAdminClient(true, realm.toRepresentation().getRealm(), "test-user", "password", "admin-cli", "");
return testUserClient.realm(realm.toRepresentation().getRealm());
}
use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.
the class ScopeManagementTest method testDeleteAndPolicyUpdate.
@Test(expected = NotFoundException.class)
public void testDeleteAndPolicyUpdate() {
ResourceScopeResource scopeResource = createDefaultScope();
ScopeRepresentation scopeRepresentation = scopeResource.toRepresentation();
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
representation.setName(scopeRepresentation.getName());
representation.addScope(scopeRepresentation.getId());
getClientResource().authorization().permissions().scope().create(representation);
ScopePermissionRepresentation permissionRepresentation = getClientResource().authorization().permissions().scope().findByName(scopeRepresentation.getName());
List<ScopeRepresentation> scopes = getClientResource().authorization().policies().policy(permissionRepresentation.getId()).scopes();
assertEquals(1, scopes.size());
scopeResource.remove();
assertTrue(getClientResource().authorization().policies().policy(permissionRepresentation.getId()).scopes().isEmpty());
}
use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.
the class ScopePermissionManagementTest method testDelete.
@Test
public void testDelete() {
AuthorizationResource authorization = getClient().authorization();
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
representation.setName("Test Delete Permission");
representation.addScope("execute");
representation.addPolicy("Only Marta Policy");
assertCreated(authorization, representation);
ScopePermissionsResource permissions = authorization.permissions().scope();
permissions.findById(representation.getId()).remove();
ScopePermissionResource removed = permissions.findById(representation.getId());
try {
removed.toRepresentation();
fail("Permission not removed");
} catch (NotFoundException ignore) {
}
}
use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.
the class ScopePermissionManagementTest method assertCreated.
private void assertCreated(AuthorizationResource authorization, ScopePermissionRepresentation representation) {
ScopePermissionsResource permissions = authorization.permissions().scope();
try (Response response = permissions.create(representation)) {
ScopePermissionRepresentation created = response.readEntity(ScopePermissionRepresentation.class);
ScopePermissionResource permission = permissions.findById(created.getId());
assertRepresentation(representation, permission);
}
}
use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.
the class ScopePermissionManagementTest method failCreateWithSameName.
@Test
public void failCreateWithSameName() {
AuthorizationResource authorization = getClient().authorization();
ScopePermissionRepresentation permission1 = new ScopePermissionRepresentation();
permission1.setName("Conflicting Name Permission");
permission1.addScope("read");
permission1.addPolicy("Only Marta Policy");
ScopePermissionsResource permissions = authorization.permissions().scope();
permissions.create(permission1).close();
ScopePermissionRepresentation permission2 = new ScopePermissionRepresentation();
permission2.setName(permission1.getName());
try (Response response = permissions.create(permission2)) {
assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
}
}
Aggregations