ai-code-review-evaluations
diff --git a/‎js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties‎
Lines changed: 40 additions & 18 deletions b/‎js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties‎
Lines changed: 40 additions & 18 deletions
diff --git a/‎js/apps/admin-ui/src/clients/authorization/Policies.tsx‎
Lines changed: 49 additions & 27 deletions b/‎js/apps/admin-ui/src/clients/authorization/Policies.tsx‎
Lines changed: 49 additions & 27 deletions
diff --git a/‎js/apps/admin-ui/src/clients/authorization/ResourcesPolicySelect.tsx‎
Lines changed: 3 additions & 3 deletions b/‎js/apps/admin-ui/src/clients/authorization/ResourcesPolicySelect.tsx‎
Lines changed: 3 additions & 3 deletions
@@ -86,7 +86,7 @@ requiredUserActions=Required user actions
 noConsentsText=The consents will only be recorded when users try to access a client that is configured to require consent. In that case, users will get a consent page which asks them to grant access to the client.
 addStep=Add step
 clientAssertionAudience=Client assertion audience
-permissionPoliciesHelp=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
+permissionPoliciesHelp=Specifies all the policies that must be applied to the permission permission.
 userInitiatedActionLifespanHelp=Maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to a self-created action quickly.
 clearFileExplain=Are you sure you want to clear this file?
 userModelAttribute=User model attribute
@@ -3332,7 +3332,7 @@ deleteConfirmUsers_one=Delete user {{name}}?
 deleteConfirmUsers_other=Delete {{count}} users?
 downloadThemeJar=Download theme JAR
 themeColorInfo=Here you can set the patternfly color variables and create a "theme jar" file that you can download and put in your providers folder to apply the theme to your realm.
-permissionsSubTitle=Fine-grained admin permissions allow assigning detailed, specific access rights, controlling which resources and actions can be managed.
+permissionsSubTitle=Permissions control access to a resource or multiple resources of one type.
 signatureAlgorithmIdentityProviderMetadata=Signature algorithm SAML IdP metadata
 signatureAlgorithmIdentityProviderMetadataHelp=Signature algorithm to use for the SAML identity provider metadata, if none the metadata is not signed.
 connectionTrace=Connection trace
@@ -3342,18 +3342,18 @@ savingAdminEventsOff=Saving admin events turned off
 membershipEvents=Membership events
 childGroupEvents=Child group events
 titlePermissions=Permissions
-emptyPermissionsInstructions=If you want to create a permission, please click the button below.
+emptyPermissionsInstructions=No permissions exist in this realm.
 permissionsName=Permission name
 permissionsAssignedPolicy=Assigned policy
 chooseAResourceType=Choose a resource type
-chooseAResourceTypeInstructions=Please choose a resource type first to determine which type of resource to grant new permission to.
-resourceType.Clients=Client resource type description
-resourceType.Groups=Group resource type description
-resourceType.IdentityProviders=Identity providers resource type description
-resourceType.Organizations=Organization resource type description
-resourceType.Roles=Role resource type description
-resourceType.Users=User resource type description
-createPermissionOfType=Create {{resourceType}} permission
+chooseAResourceTypeInstructions=Choose a resource type for which you will create a permission.
+resourceType.Clients=Controls access to operations that can be  performed for clients in this realm
+resourceType.Groups=Controls access to operations that can be  performed for groups in this realm
+resourceType.IdentityProviders=Controls access to operations that can be  performed for identity providers in this realm
+resourceType.Organizations=Controls access to operations that can be  performed for organizations in this realm
+resourceType.Roles=Controls access to operations that can be  performed for roles in this realm
+resourceType.Users=Controls access to operations that can be  performed for users in this realm
+createPermissionOfType=This permission will be applied to the {{resourceType}}
 permissionUsersHelpText=Specifies which user(s) are allowed by this permission.
 permissionNameHelpText=The name of the permission. This name is used to identify the permission in the admin console.
 resourceScope=Resource scope
@@ -3364,9 +3364,9 @@ allUsers=All users
 specificUsers=Specific users
 assignedPolicies=Assigned policies
 assignExistingPolicies=Assign existing policies
-requiredAssignedPolicies=Please add at least one policy.
+requiredPolicies=Please add at least one policy.
 createNewPolicy=Create new policy
-createAPolicy=Create policy
+createPermissionPolicy=Create policy
 policy=Policy
 policyType=Policy type
 policyTypeHelpText=Specifies the type of policy. This is used to determine the type of policy that the permission is granted to.
@@ -3379,18 +3379,40 @@ noAssignedPoliciesInstructions=There are no assigned policies for this permissio
 unAssignPolicy=Unassign
 assignedPolicyType.allTypes=All types
 assignedPolicyType.user=User
-permissionPolicyDetails=Permission policy details
 authorizationScopeDetailsTitle=Authorization scope details
-authorizationScopeDetailsSubtitle=Authorization scope is ...
+authorizationScopeDetailsSubtitle=Authorization scope defines the actions that can be performed on a resource.
 authorizationScopeDetailsName=Name
 authorizationScopeDetailsDescription=Description
 authorizationScopeDetailsDescriptionText=Lorem ipsum
-applyPermissionTo=Apply persmission to
-applyPermissionToHelpText=Apply permission to helpp text
 allResources=All resources
 currentRealm=Current realm
 recentlyUsed=Recently used
 viewAll=View all
 currentRealmExplain=This realm is selected
 removeInvalidUsers=Remove invalid users during searches
-removeInvalidUsersHelp=Remove users from the local database if they are not available from the user storage when executing searches. If this is true, users no longer available from their corresponding user storage will be deleted from the local database whenever trying to look up users. If false, then users previously imported from the user storage will be kept in the local database, as read-only and disabled, even if that user is no longer available from the user storage. For example, user was deleted directly from LDAP or the `Users DN` is invalid. Note that this behavior will only happen when the user is not yet cached.
+removeInvalidUsersHelp=Remove users from the local database if they are not available from the user storage when executing searches. If this is true, users no longer available from their corresponding user storage will be deleted from the local database whenever trying to look up users. If false, then users previously imported from the user storage will be kept in the local database, as read-only and disabled, even if that user is no longer available from the user storage. For example, user was deleted directly from LDAP or the `Users DN` is invalid. Note that this behavior will only happen when the user is not yet cached.
+createPermissionPolicy=Create permission policy
+applyPermissionTo=Enforce access to
+applyPermissionToHelpText=Specifies the resource that the permission is applied to.
+emptyPermissionPoliciesInstructions=No policies exist in this realm.
+noPermissionSearchResultsInstructions=No permissions matched your filters.
+deleteAdminPermissionConfirm=If you delete permission {{ permission }}, administrators cannot perform the actions on resources that were defined by the permission.
+authorizationScope.Clients.configure=Performs basic management of a client
+authorizationScope.Clients.manage=Fully manages a client
+authorizationScope.Clients.map-roles=Map roles defined by this client to resources such as  users and groups
+authorizationScope.Clients.map-roles-client-scope=Applies roles defined by this client to the client scope of another client
+authorizationScope.Clients.map-roles-composite=Applies roles defined by this client as a composite to another role
+authorizationScope.Clients.token-exchange=Controls which clients can exchange tokens for a token that is targeted to this client
+authorizationScope.Clients.view=Views this client
+authorizationScope.Users.impersonate=Impersonates other users
+authorizationScope.Users.manage=Manages all users in the realm
+authorizationScope.Users.manage-group-membership=Manages group membership for all users in the realm (used in conjunction with a group policy)
+authorizationScope.Users.map-roles=Maps roles for all users
+authorizationScope.Users.user-impersonated=Controls which users can be impersonated
+authorizationScope.Users.view=Views all users in the realm
+authorizationScope.Groups.manage=Manages this group
+authorizationScope.Groups.manage-members=Manages group members
+authorizationScope.Groups.manage-membership=Adds or removes group members
+authorizationScope.Groups.view=Views this group
+authorizationScope.Groups.view-members=Views group members
+authorizationScope.IdentityProviders.token-exchange=Allows clients to exchange tokens for  tokens issued by this identity provider
@@ -41,6 +41,7 @@ import { NewPolicyDialog } from "./NewPolicyDialog";
 import { SearchDropdown, SearchForm } from "./SearchDropdown";
 import { useIsAdminPermissionsClient } from "../../utils/useIsAdminPermissionsClient";
 import { toCreatePermissionPolicy } from "../../permissions-configuration/routes/NewPermissionPolicy";
+import { toPermissionPolicyDetails } from "../../permissions-configuration/routes/PermissionPolicyDetails";
 
 type PoliciesProps = {
   clientId: string;
@@ -184,7 +185,17 @@ export const AuthorizationPolicies = ({
               policyProviders={policyProviders}
               onSelect={(p) =>
                 navigate(
-                  toCreatePolicy({ id: clientId, realm, policyType: p.type! }),
+                  isAdminPermissionsClient
+                    ? toCreatePermissionPolicy({
+                        realm,
+                        permissionClientId: clientId,
+                        policyType: p.type!,
+                      })
+                    : toCreatePolicy({
+                        id: clientId,
+                        realm,
+                        policyType: p.type!,
+                      }),
                 )
               }
               toggleDialog={toggleDialog}
@@ -214,20 +225,13 @@ export const AuthorizationPolicies = ({
                   <Button
                     data-testid="createPolicy"
                     onClick={() => {
-                      if (!isAdminPermissionsClient) {
-                        toggleDialog();
-                      } else {
-                        navigate(
-                          toCreatePermissionPolicy({
-                            realm,
-                            permissionClientId: clientId,
-                          }),
-                        );
-                      }
+                      toggleDialog();
                     }}
                     isDisabled={isDisabled}
                   >
-                    {t("createPolicy")}
+                    {isAdminPermissionsClient
+                      ? t("createPermissionPolicy")
+                      : t("createPolicy")}
                   </Button>
                 </ToolbarItem>
               </>
@@ -263,7 +267,18 @@ export const AuthorizationPolicies = ({
                         }}
                       />
                       <Td data-testid={`name-column-${policy.name}`}>
-                        {!isAdminPermissionsClient ? (
+                        {isAdminPermissionsClient ? (
+                          <Link
+                            to={toPermissionPolicyDetails({
+                              realm,
+                              permissionClientId: clientId,
+                              policyId: policy.id!,
+                              policyType: policy.type!,
+                            })}
+                          >
+                            {policy.name}
+                          </Link>
+                        ) : (
                           <Link
                             to={toPolicyDetails({
                               realm,
@@ -274,8 +289,6 @@ export const AuthorizationPolicies = ({
                           >
                             {policy.name}
                           </Link>
-                        ) : (
-                          policy.name
                         )}
                       </Td>
                       <Td>{toUpperCase(policy.type!)}</Td>
@@ -367,27 +380,36 @@ export const AuthorizationPolicies = ({
               )}
               onSelect={(p) =>
                 navigate(
-                  toCreatePolicy({ id: clientId, realm, policyType: p.type! }),
+                  isAdminPermissionsClient
+                    ? toCreatePermissionPolicy({
+                        realm,
+                        permissionClientId: clientId,
+                        policyType: p.type!,
+                      })
+                    : toCreatePolicy({
+                        id: clientId,
+                        realm,
+                        policyType: p.type!,
+                      }),
                 )
               }
               toggleDialog={toggleDialog}
             />
           )}
           <ListEmptyState
             message={t("emptyPolicies")}
-            instructions={t("emptyPoliciesInstructions")}
+            instructions={
+              isAdminPermissionsClient
+                ? t("emptyPermissionPoliciesInstructions")
+                : t("emptyPoliciesInstructions")
+            }
             isDisabled={isDisabled}
-            primaryActionText={t("createPolicy")}
-            onPrimaryAction={() =>
-              !isAdminPermissionsClient
-                ? toggleDialog()
-                : navigate(
-                    toCreatePermissionPolicy({
-                      realm,
-                      permissionClientId: clientId,
-                    }),
-                  )
+            primaryActionText={
+              isAdminPermissionsClient
+                ? t("createPermissionPolicy")
+                : t("createPolicy")
             }
+            onPrimaryAction={() => toggleDialog()}
           />
         </>
       )}
 
@@ -34,13 +34,13 @@ import { toCreatePolicy } from "../routes/NewPolicy";
 import { toPolicyDetails } from "../routes/PolicyDetails";
 import { toResourceDetails } from "../routes/Resource";
 import { NewPolicyDialog } from "./NewPolicyDialog";
+import { useIsAdminPermissionsClient } from "../../utils/useIsAdminPermissionsClient";
 
 type Type = "resources" | "policies";
 
 type ResourcesPolicySelectProps = {
   name: Type;
   clientId: string;
-  isPermissionClient?: boolean;
   permissionId?: string;
   variant?: Variant;
   preSelected?: string;
@@ -77,7 +77,6 @@ const typeMapping: TypeMapping = {
 export const ResourcesPolicySelect = ({
   name,
   clientId,
-  isPermissionClient,
   permissionId,
   variant = SelectVariant.typeaheadMulti,
   preSelected,
@@ -101,6 +100,7 @@ export const ResourcesPolicySelect = ({
     useState<PolicyProviderRepresentation[]>();
   const [onUnsavedChangesConfirm, setOnUnsavedChangesConfirm] =
     useState<() => void>();
+  const isAdminPermissionsClient = useIsAdminPermissionsClient(clientId);
 
   const functions = typeMapping[name];
 
@@ -282,7 +282,7 @@ export const ResourcesPolicySelect = ({
             typeAheadAriaLabel={t(name)}
             chipGroupComponent={toChipGroupItems(field)}
             footer={
-              name === "policies" && !isPermissionClient ? (
+              name === "policies" && !isAdminPermissionsClient ? (
                 <Button
                   variant="link"
                   isInline