Skip to content

Handle resource IDs matching the resource type for "Enforce access to" -> "All"#47917

Merged
pedroigor merged 1 commit into
keycloak:mainfrom
dpiva97:47901
Apr 15, 2026
Merged

Handle resource IDs matching the resource type for "Enforce access to" -> "All"#47917
pedroigor merged 1 commit into
keycloak:mainfrom
dpiva97:47901

Conversation

@dpiva97

@dpiva97 dpiva97 commented Apr 9, 2026

Copy link
Copy Markdown

Closes #47901

@dpiva97 dpiva97 requested a review from a team as a code owner April 9, 2026 19:39
martin-kanis
martin-kanis suggested changes Apr 14, 2026
View reviewed changes

@martin-kanis martin-kanis left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dpiva97 Thanks for the PR. The fix seems to be correct, however we are missing a test. Probably, the simplest would be to add

        createPermission(client, PermissionBuilder.create()
                .resourceType(AdminPermissionsSchema.USERS.getType())
                .resources(Set.of(AdminPermissionsSchema.USERS.getType()))
                .scopes(AdminPermissionsSchema.USERS.getScopes())
                .build());

        createPermission(client, PermissionBuilder.create()
                .resourceType(AdminPermissionsSchema.GROUPS.getType())
                .resources(Set.of(AdminPermissionsSchema.GROUPS.getType()))
                .scopes(AdminPermissionsSchema.GROUPS.getScopes())
                .build());

        createPermission(client, PermissionBuilder.create()
                .resourceType(AdminPermissionsSchema.CLIENTS.getType())
                .resources(Set.of(AdminPermissionsSchema.CLIENTS.getType()))
                .scopes(AdminPermissionsSchema.CLIENTS.getScopes())
                .build());

        createPermission(client, PermissionBuilder.create()
                .resourceType(AdminPermissionsSchema.ROLES.getType())
                .resources(Set.of(AdminPermissionsSchema.ROLES.getType()))
                .scopes(AdminPermissionsSchema.ROLES.getScopes())
                .build());

into org.keycloak.tests.admin.authz.fgap.PermissionRESTTest#permissionsTest.

Can you add it please?

Handle resource IDs matching the resource type for "Enforce access to…
b400da5 
…" -> "All"

Closes keycloak#47901

Signed-off-by: Davide Piva <davide.piva@intesys.it>
@dpiva97

dpiva97 commented Apr 14, 2026

Copy link
Copy Markdown
Author

Thanks @martin-kanis, I've rebased on main and added the tests

martin-kanis
martin-kanis approved these changes Apr 15, 2026
View reviewed changes

@martin-kanis martin-kanis left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dpiva97 thanks!

@pedroigor pedroigor merged commit 055dc0e into keycloak:main Apr 15, 2026
84 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pedroigor pedroigor pedroigor approved these changes

+2 more reviewers

@vramik vramik vramik approved these changes

@martin-kanis martin-kanis martin-kanis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Realm import with --import-realm fails with ModelValidationException when Admin Permissions is enabled

4 participants

@dpiva97 @pedroigor @vramik @martin-kanis