commit

phrocker · phrocker · commit ed02fd0743ca · 2025-01-07T10:00:25.000-05:00
diff --git a/.gcp.env b/.gcp.env
@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.0.13
+SENTRIUS_VERSION=1.0.15
 SENTRIUS_SSH_VERSION=1.0.2
 SENTRIUS_KEYCLOAK_VERSION=1.0.4
 SENTRIUS_AGENT_VERSION=1.0.11
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/RuleApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/RuleApiController.java
@@ -77,14 +77,15 @@ public ResponseEntity<List<ProfileRuleDTO>> listRules(HttpServletRequest request
         boolean canEditRules = AccessUtil.canAccess(user, RuleAccessEnum.CAN_EDIT_RULES);
         boolean canDeleteRules = AccessUtil.canAccess(user, RuleAccessEnum.CAN_MANAGE_RULES);
         if (AccessUtil.canAccess(user, ApplicationAccessEnum.CAN_MANAGE_APPLICATION)) {
-
+            log.info("User can manage rules {}", user.getAuthorizationType());
             for(ProfileRule rule: ruleService.getAllRules()) {
                 var dto = new ProfileRuleDTO(rule, rule.getHostGroups().stream().toList(), canViewRules, canEditRules,
                     canDeleteRules);
                 rules.add(dto);
                 log.info("Adding {}", dto);
             }
         } else {
+            log.info("User can manage own rules");
             var groups = hostGroupService.getAllHostGroups(user);
             for (HostGroup group : groups) {
                 for(ProfileRule rule : group.getRules()) {
diff --git a/api/src/main/java/io/sentrius/sso/startup/ConfigurationApplicationTask.java b/api/src/main/java/io/sentrius/sso/startup/ConfigurationApplicationTask.java
@@ -29,6 +29,7 @@
 import io.sentrius.sso.core.model.dto.UserTypeDTO;
 import io.sentrius.sso.core.model.hostgroup.HostGroup;
 import io.sentrius.sso.core.model.security.UserType;
+import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
 import io.sentrius.sso.core.model.security.enums.AutomationAccessEnum;
 import io.sentrius.sso.core.model.security.enums.RuleAccessEnum;
 import io.sentrius.sso.core.model.security.enums.SSHAccessEnum;
@@ -337,6 +338,10 @@ protected List<UserType> createUserTypes(List<SideEffect> sideEffects, InstallCo
                     builder.ztAccessTokenAccess(ZeroTrustAccessTokenEnum.of(List.of(type.getZtAccessTokenAccess())));
                 }
 
+                if (null != type.getApplicationAccess()){
+                    builder.applicationAccess(ApplicationAccessEnum.of(List.of(type.getApplicationAccess())));
+                }
+
                 UserType newType = builder.userTypeName(type.getUserTypeName()).build();
                 userTypeRepository.findByUserTypeName(type.getUserTypeName())
                     .ifPresentOrElse(
diff --git a/api/src/main/resources/templates/sso/errors/list_errors.html b/api/src/main/resources/templates/sso/errors/list_errors.html
@@ -111,7 +111,7 @@
                         </div>
                     </div>
                     <div th:replace="~{fragments/alerts}"></div>
-                    <div  th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_MANAGE_USERS')}">
+                    <div  th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_MANAGE_SYSTEMS')}">
 
     <h3>Errors</h3>
     <table id="error-table" class="display" style="width:100%">
diff --git a/core/src/main/java/io/sentrius/sso/core/services/RuleService.java b/core/src/main/java/io/sentrius/sso/core/services/RuleService.java
@@ -32,7 +32,9 @@ public void deleteRule(ProfileRule rule) {
     public ProfileRule saveRule(ProfileRule rule) {
         try {
             log.info("Saving rule with id: {}", rule.getId());
-            return ruleRepository.save(rule);
+            var newRule = ruleRepository.save(rule);
+            log.info("Saving rule with id: {}", newRule.getId());
+            return newRule;
         } catch (Exception e) {
             log.error("Error while saving Rule", e);
             throw new RuntimeException("Failed to save Rule", e);
diff --git a/docker/keycloak/realms/sentrius-realm.json b/docker/keycloak/realms/sentrius-realm.json
@@ -8,7 +8,7 @@
       "clientAuthenticatorType": "client-secret",
       "secret": "nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0",
       "rootUrl": "${ROOT_URL}",
-      "baseUrl": "/",
+      "baseUrl": "${ROOT_URL}",
       "redirectUris": ["${REDIRECT_URIS}/*"],
       "protocol": "openid-connect"
     }
diff --git a/sentrius-gcp-chart/templates/keycloak-deployment.yaml b/sentrius-gcp-chart/templates/keycloak-deployment.yaml
@@ -49,9 +49,9 @@ spec:
             - name: ROOT_LOGLEVEL
               value: DEBUG
             - name: ROOT_URL
-              value: http://{{ .Values.subdomain }}/
+              value: https://{{ .Values.subdomain }}/
             - name: REDIRECT_URIS
-              value: http://{{ .Values.subdomain }}
+              value: https://{{ .Values.subdomain }}
             - name: PROXY_ADDRESS_FORWARDING
               value: "true"
             - name: KC_HOSTNAME_STRICT_HTTPS

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`"clientAuthenticatorType": "client-secret",`
`9`	`9`	`"secret": "nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0",`
`10`	`10`	`"rootUrl": "${ROOT_URL}",`
`11`		`- "baseUrl": "/",`
	`11`	`+ "baseUrl": "${ROOT_URL}",`
`12`	`12`	`"redirectUris": ["${REDIRECT_URIS}/*"],`
`13`	`13`	`"protocol": "openid-connect"`
`14`	`14`	`}`