Fix matchRole lookup to include group-inherited and composite roles (#25)
All checks were successful
/ Verify (push) Successful in 48s
All checks were successful
/ Verify (push) Successful in 48s
getRoleMembersStream only returns users with the role assigned directly, so exported attributes silently excluded users who have matchRole via group membership. Filter all realm users with hasRole() instead, matching the resolution already used for authRole. Closes #20 Reviewed-on: #25
This commit is contained in:
parent
91554ec588
commit
dfd10b16dc
1 changed files with 3 additions and 1 deletions
|
|
@ -2,6 +2,7 @@ package de.ccc.hamburg.keycloak.attribute_endpoints;
|
|||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import java.util.stream.Stream;
|
||||
|
|
@ -118,7 +119,8 @@ public class AttributeEndpointsResourceProvider implements RealmResourceProvider
|
|||
.toList();
|
||||
|
||||
UserProvider userProvider = session.users();
|
||||
Stream<UserModel> users = userProvider.getRoleMembersStream(realm, matchRole);
|
||||
Stream<UserModel> users = userProvider.searchForUserStream(realm, Map.of())
|
||||
.filter(user -> user.hasRole(matchRole));
|
||||
|
||||
List<String> attribute_list = users
|
||||
.map(user -> {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue