Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not return groups associated with organizations from the Admin Group API #28734

Closed
Tracked by #28133
pedroigor opened this issue Apr 15, 2024 · 2 comments · Fixed by #29046
Closed
Tracked by #28133

Do not return groups associated with organizations from the Admin Group API #28734

pedroigor opened this issue Apr 15, 2024 · 2 comments · Fixed by #29046
Assignees
@martin-kanis
Labels
release/25.0.0

Comments

@pedroigor
Copy link
Contributor

No description provided.

This was referenced Apr 15, 2024
Open
Closed
@martin-kanis martin-kanis self-assigned this Apr 17, 2024
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 24, 2024
@martin-kanis
Do not return groups associated with organizations from the Admin Gro…
aea93c0 
…up API

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
@martin-kanis martin-kanis mentioned this issue Apr 24, 2024
Merged
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 24, 2024
@martin-kanis
Do not return groups associated with organizations from the Admin Gro…
4303ea5 
…up API

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 24, 2024
@martin-kanis
Do not return groups associated with organizations from the Admin Gro…
78b469a 
…up API

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
@martin-kanis
Copy link
Contributor

As we discussed in the team, for the first iteration, we will still show organization related groups via group API. Reasons are:

  • filtering in the groups endpoint breaks pagination
  • count is done by a count query which means we would need to adjust query or fetch everything, filter and then count
  • we would like to avoid adjusting existing group queries

Instead, we will make organization related groups read-only in groups API and throw 403 Forbidden for non-read operations.

martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 26, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
ed6a1ea 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 26, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
7e6cd94 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
@martin-kanis
Copy link
Contributor

The issue aims to add following capabilities:

  • These groups should not be manageable by the Group API
  • Make sure the group name used and its format are reserved and can not be set to regular groups
  • Organization member accounts should not be manageable by the User API

martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 30, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
57f2f1b 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 30, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
5bb1f1f 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 30, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
e8329ec 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 30, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
1e4bbf0 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 30, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
5045645 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue Apr 30, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
d3d2905 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
pedroigor pushed a commit to martin-kanis/keycloak that referenced this issue May 2, 2024
@martin-kanis @pedroigor
Prevent to manage groups associated with organizations from different…
c0728c7 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue May 6, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
ad9f4a3 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue May 6, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
05cfed8 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue May 7, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
00863c7 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue May 7, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
b6b4acc 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
pedroigor pushed a commit to pedroigor/keycloak that referenced this issue May 7, 2024
@martin-kanis @pedroigor
Prevent to manage groups associated with organizations from different…
416cba3 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue May 7, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
32b355d 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
martin-kanis added a commit to martin-kanis/keycloak that referenced this issue May 7, 2024
@martin-kanis
Prevent to manage groups associated with organizations from different…
f96927a 
… APIs

Closes keycloak#28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
pedroigor pushed a commit that referenced this issue May 7, 2024
@martin-kanis @pedroigor
Prevent to manage groups associated with organizations from different…
d4b7e1a 
… APIs

Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@martin-kanis martin-kanis

Labels
release/25.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not return groups associated with organizations from the Admin Gro… martin-kanis/keycloak
2 participants
@pedroigor @martin-kanis