Added UI support for Clients and Groups resource types (#37379)

* removed policyId from permission search form

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Adding support for Clients and Groups resource types

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Adding support for Clients and Groups resource types

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Added support for clients resourceType

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Added support for creating permission based on Clients and Groups resource types

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* updated messages

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* updated messages

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Fixing the search by resource type and resource

Signed-off-by: Pedro Igor <[email protected]>

* Fixing changing permissions from specific to all resources

Signed-off-by: Pedro Igor <[email protected]>

* made groups policy default instead of aggregate and fixed ClientSelect

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Added error handling for authorization scope field

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Added error handling for authorization scope field

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* improved policy creation from create permission

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* improved policy creation from create permission

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* improved policy creation from create permission

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* Improved ClientScope

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

* updated GroupSelect

Signed-off-by: Agnieszka Gancarczyk <[email protected]>

---------

Signed-off-by: Agnieszka Gancarczyk <[email protected]>
Signed-off-by: Pedro Igor <[email protected]>
Co-authored-by: Pedro Igor <[email protected]>

Author: agagancarczyk

js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties

@@ -3360,13 +3360,12 @@ resourceScope=Resource scope
 resourceScopeHelpText=Specifies the scope of the resource. This is used to determine the type of resource that the permission is granted to.
 allClients=All clients
 specificClients=Specific clients
-allUsers=All users
-specificUsers=Specific users
+allResourceType=All {{resourceType}}
+specificResourceType=Specific {{resourceType}}
 assignedPolicies=Assigned policies
 assignExistingPolicies=Assign existing policies
 requiredPolicies=Please add at least one policy.
 createNewPolicy=Create new policy
-createPermissionPolicy=Create policy
 policy=Policy
 policyType=Policy type
 policyTypeHelpText=Specifies the type of policy. This is used to determine the type of policy that the permission is granted to.
@@ -3383,16 +3382,16 @@ authorizationScopeDetailsTitle=Authorization scope details
 authorizationScopeDetailsSubtitle=Authorization scope defines the actions that can be performed on a resource.
 authorizationScopeDetailsName=Name
 authorizationScopeDetailsDescription=Description
-authorizationScopeDetailsDescriptionText=Lorem ipsum
 allResources=All resources
 currentRealm=Current realm
 recentlyUsed=Recently used
 viewAll=View all
 currentRealmExplain=This realm is selected
 removeInvalidUsers=Remove invalid users during searches
 removeInvalidUsersHelp=Remove users from the local database if they are not available from the user storage when executing searches. If this is true, users no longer available from their corresponding user storage will be deleted from the local database whenever trying to look up users. If false, then users previously imported from the user storage will be kept in the local database, as read-only and disabled, even if that user is no longer available from the user storage. For example, user was deleted directly from LDAP or the `Users DN` is invalid. Note that this behavior will only happen when the user is not yet cached.
-applyPermissionTo=Enforce access to
-applyPermissionToHelpText=Specifies the resource that the permission is applied to.
+createPermissionPolicy=Create policy
+enforceAccessTo=Enforce access to
+enforceAccessToHelpText=Specifies the resource that the permission is applied to.
 emptyPermissionPoliciesInstructions=No policies exist in this realm.
 noPermissionSearchResultsInstructions=No permissions matched your filters.
 deleteAdminPermissionConfirm=If you delete permission {{ permission }}, administrators cannot perform the actions on resources that were defined by the permission.
@@ -3414,4 +3413,9 @@ authorizationScope.Groups.manage-members=Manages group members
 authorizationScope.Groups.manage-membership=Adds or removes group members
 authorizationScope.Groups.view=Views this group
 authorizationScope.Groups.view-members=Views group members
-authorizationScope.IdentityProviders.token-exchange=Allows clients to exchange tokens for  tokens issued by this identity provider
+authorizationScope.IdentityProviders.token-exchange=Allows clients to exchange tokens for  tokens issued by this identity provider
+usersResources=Users
+clientsResources=Clients
+groupsResources=Groups
+resourceTypeHelpText=Specifies which {{ resourceType }} are allowed by this permission.
+evaluation=Evaluation

js/apps/admin-ui/src/clients/authorization/ScopePicker.tsx

@@ -1,5 +1,6 @@
 import type ScopeRepresentation from "@keycloak/keycloak-admin-client/lib/defs/scopeRepresentation";
 import {
+  FormErrorText,
   HelpItem,
   KeycloakSelect,
   SelectVariant,
@@ -29,7 +30,10 @@ export const ScopePicker = ({
 }: ScopePickerProps) => {
   const { adminClient } = useAdminClient();
   const { t } = useTranslation();
-  const { control } = useFormContext();
+  const {
+    control,
+    formState: { errors },
+  } = useFormContext();
   const [open, setOpen] = useState(false);
   const [scopes, setScopes] = useState<ScopeRepresentation[]>();
   const [search, setSearch] = useState("");
@@ -77,44 +81,50 @@ export const ScopePicker = ({
         name="scopes"
         defaultValue={[]}
         control={control}
+        rules={isAdminPermissionsClient ? { required: t("requiredField") } : {}}
         render={({ field }) => {
           const selectedValues = field.value.map((o: Scope) => o.name);
           return (
-            <KeycloakSelect
-              toggleId="scopes"
-              variant={SelectVariant.typeaheadMulti}
-              chipGroupProps={{
-                numChips: 3,
-                expandedText: t("hide"),
-                collapsedText: t("showRemaining"),
-              }}
-              onToggle={(val) => setOpen(val)}
-              isOpen={open}
-              selections={selectedValues}
-              onFilter={(value) => {
-                setSearch(value);
-                return renderScopes(allScopes || []);
-              }}
-              onSelect={(selectedValue) => {
-                const option =
-                  typeof selectedValue === "string"
-                    ? selectedValue
-                    : (selectedValue as Scope).name;
-                const changedValue = field.value.find(
-                  (o: Scope) => o.name === option,
-                )
-                  ? field.value.filter((item: Scope) => item.name !== option)
-                  : [...field.value, { name: option }];
-                field.onChange(changedValue);
-              }}
-              onClear={() => {
-                setSearch("");
-                field.onChange([]);
-              }}
-              typeAheadAriaLabel={t("authorizationScopes")}
-            >
-              {renderScopes(allScopes || [])}
-            </KeycloakSelect>
+            <>
+              <KeycloakSelect
+                toggleId="scopes"
+                variant={SelectVariant.typeaheadMulti}
+                chipGroupProps={{
+                  numChips: 3,
+                  expandedText: t("hide"),
+                  collapsedText: t("showRemaining"),
+                }}
+                onToggle={(val) => setOpen(val)}
+                isOpen={open}
+                selections={selectedValues}
+                onFilter={(value) => {
+                  setSearch(value);
+                  return renderScopes(allScopes || []);
+                }}
+                onSelect={(selectedValue) => {
+                  const option =
+                    typeof selectedValue === "string"
+                      ? selectedValue
+                      : (selectedValue as Scope).name;
+                  const changedValue = field.value.find(
+                    (o: Scope) => o.name === option,
+                  )
+                    ? field.value.filter((item: Scope) => item.name !== option)
+                    : [...field.value, { name: option }];
+                  field.onChange(changedValue);
+                }}
+                onClear={() => {
+                  setSearch("");
+                  field.onChange([]);
+                }}
+                typeAheadAriaLabel={t("authorizationScopes")}
+              >
+                {renderScopes(allScopes || [])}
+              </KeycloakSelect>
+              {isAdminPermissionsClient && errors.scopes && (
+                <FormErrorText message={t("required")} />
+              )}
+            </>
           );
         }}
       />

js/apps/admin-ui/src/clients/authorization/SearchDropdown.tsx

@@ -23,11 +23,9 @@ export type SearchForm = {
   uri?: string;
   owner?: string;
   resourceType?: string;
-  policyId?: string;
 };
 
 type SearchDropdownProps = {
-  policies?: PolicyRepresentation[];
   resources?: UserRepresentation[];
   types?: PolicyRepresentation[];
   search: SearchForm;
@@ -36,7 +34,6 @@ type SearchDropdownProps = {
 };
 
 export const SearchDropdown = ({
-  policies,
   resources,
   types,
   search,
@@ -57,9 +54,6 @@ export const SearchDropdown = ({
 
   const [open, toggle] = useToggle();
   const [resourceScopes, setResourceScopes] = useState<string[]>([]);
-  const [localPolicies, setLocalPolicies] = useState<PolicyRepresentation[]>(
-    policies || [],
-  );
   const selectedType = useWatch({ control: form.control, name: "type" });
   const [key, setKey] = useState(0);
 
@@ -71,11 +65,7 @@ export const SearchDropdown = ({
   useEffect(() => {
     const type = types?.find((item) => item.type === selectedType);
     setResourceScopes(type?.scopes || []);
-
-    if (policies?.length) {
-      setLocalPolicies(policies);
-    }
-  }, [selectedType, types, policies]);
+  }, [selectedType, types]);
 
   useEffect(() => {
     reset(search);
@@ -125,7 +115,7 @@ export const SearchDropdown = ({
           )}
           {type !== "resource" && (
             <SelectControl
-              name={type !== "adminPermission" ? "type" : "type"}
+              name={type !== "adminPermission" ? "type" : "resourceType"}
               label={type !== "adminPermission" ? t("type") : t("resourceType")}
               controller={{
                 defaultValue: "",
@@ -173,21 +163,6 @@ export const SearchDropdown = ({
               ]}
             />
           )}
-          {type === "adminPermission" && (
-            <SelectControl
-              name={"policyId"}
-              label={t("policy")}
-              controller={{ defaultValue: search.policyId || "" }}
-              options={
-                localPolicies
-                  ? localPolicies.map(({ id, name }) => ({
-                      key: id!,
-                      value: name!,
-                    }))
-                  : []
-              }
-            />
-          )}
           <ActionGroup>
             <Button
               variant="primary"

js/apps/admin-ui/src/clients/authorization/policy/ClientScope.tsx

@@ -42,11 +42,10 @@ export const ClientScope = () => {
 
   useFetch(
     () => adminClient.clientScopes.find(),
-    (scopes) => {
+    (scopes = []) => {
+      const clientScopes = getValues("clientScopes") || [];
       setSelectedScopes(
-        getValues("clientScopes").map(
-          (s) => scopes.find((c) => c.id === s.id)!,
-        ),
+        clientScopes.map((s) => scopes.find((c) => c.id === s.id)!),
       );
       setScopes(localeSort(scopes, mapByKey("name")));
     },

js/apps/admin-ui/src/components/client/ClientSelect.tsx

@@ -62,7 +62,11 @@ export const ClientSelect = ({
       onFilter={(value) => setSearch(value)}
       variant={variant}
       isDisabled={isDisabled}
-      options={clients.map(({ clientId }) => clientId!)}
+      options={clients.map(({ id, clientId }) => ({
+        key: id!,
+        value: clientId!,
+        label: clientId,
+      }))}
     />
   );
 };

js/apps/admin-ui/src/permissions-configuration/NewPermissionConfigurationDialog.tsx

@@ -9,7 +9,6 @@ import {
   Alert,
 } from "@patternfly/react-core";
 import { Table, Tbody, Td, Th, Thead, Tr } from "@patternfly/react-table";
-import { isValidComponentType } from "./permission-configuration/PermissionConfigurationDetails";
 
 type NewPermissionConfigurationDialogProps = {
   resourceTypes?: ResourceTypesRepresentation[];
@@ -63,8 +62,7 @@ export const NewPermissionConfigurationDialog = ({
               >
                 <Td>{resourceType.type}</Td>
                 <Td style={{ textWrap: "wrap" }}>
-                  {isValidComponentType(resourceType.type!) &&
-                    t(`resourceType.${resourceType.type}`)}
+                  {t(`resourceType.${resourceType.type}`)}
                 </Td>
               </Tr>
             );

js/apps/admin-ui/src/permissions-configuration/PermissionsConfigurationSection.tsx

@@ -206,9 +206,9 @@ export default function PermissionsConfigurationSection() {
               </Tab>
               {hasViewUsers && (
                 <Tab
-                  id="evaluate"
-                  data-testid="permissionsEvaluate"
-                  title={<TabTitleText>{t("evaluate")}</TabTitleText>}
+                  id="evaluation"
+                  data-testid="permissionsEvaluation"
+                  title={<TabTitleText>{t("evaluation")}</TabTitleText>}
                   {...permissionsEvaluateTab}
                 >
                   <AuthorizationEvaluate

js/apps/admin-ui/src/permissions-configuration/PermissionsConfigurationTab.tsx

@@ -149,12 +149,6 @@ export const PermissionsConfigurationTab = ({
     [key, search, first, max],
   );
 
-  const policies = useMemo(() => {
-    return permissions
-      ?.flatMap((permission) => permission?.policies!)
-      .filter((policy) => policy?.name);
-  }, [permissions]);
-
   const [toggleDeleteDialog, DeleteConfirm] = useConfirmDialog({
     titleKey: "deletePermission",
     messageKey: t("deleteAdminPermissionConfirm", {
@@ -217,7 +211,6 @@ export const PermissionsConfigurationTab = ({
               <>
                 <ToolbarItem>
                   <SearchDropdown
-                    policies={policies!}
                     resources={users!}
                     types={resourceTypes}
                     search={search}
@@ -332,7 +325,7 @@ export const PermissionsConfigurationTab = ({
                                   (resource: ResourceRepresentation, index) => (
                                     <Td key={index}>
                                       <span style={{ marginLeft: "8px" }}>
-                                        {resource.displayName}
+                                        {resource.displayName || resource.name}
                                       </span>
                                     </Td>
                                   ),
@@ -371,7 +364,7 @@ export const PermissionsConfigurationTab = ({
         <>
           {newDialog && (
             <NewPermissionConfigurationDialog
-              resourceTypes={resourceServer?.authorizationSchema!.resourceTypes}
+              resourceTypes={resourceTypes}
               onSelect={(resourceType) =>
                 navigate(
                   toCreatePermissionConfiguration({