Fix matchRole lookup to include group-inherited and composite roles #25
Labels
No labels
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Blocks
#26 Add exporting individual attributes and a map endpoint
CCCHH/keycloak-attribute-endpoints-provider
Reference
CCCHH/keycloak-attribute-endpoints-provider!25
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "fix-role-membership"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
getRoleMembersStream only returns users with the role assigned
directly, so exported attributes silently excluded users who have
matchRole via group membership. Filter all realm users with
hasRole() instead, matching the resolution already used for authRole.
Closes #20
@ -121,1 +122,3 @@Stream<UserModel> users = userProvider.getRoleMembersStream(realm, matchRole);// getRoleMembersStream only returns users with matchRole assigned directly; it misses// users who have the role via group membership (incl. parent groups) or composite roles.// hasRole() resolves the role the same way authUser.hasRole(authRole) does above.this comment isn't that useful, after this PR is merged, as it references old code. Please write such information in the PR discussion