Fixes access for credentials tab. (#19449)

Fixes #19134
2023-03-31 12:55:40 -04:00 · 2023-03-31 12:55:40 -04:00 · 139b809f72
parent d857ea8ec2
commit 139b809f72
3 changed files with 22 additions and 7 deletions
--- a/js/apps/admin-ui/src/clients/ClientDetails.tsx
+++ b/js/apps/admin-ui/src/clients/ClientDetails.tsx
@ -194,11 +194,14 @@ export default function ClientDetails() {
  const { profileInfo } = useServerInfo();

  const { hasAccess } = useAccess();
+  const hasManageAuthorization = hasAccess("manage-authorization");
  const permissionsEnabled =
    !profileInfo?.disabledFeatures?.includes("ADMIN_FINE_GRAINED_AUTHZ") &&
-    hasAccess("manage-authorization");
+    hasManageAuthorization;
  const hasManageClients = hasAccess("manage-clients");
+  const hasViewClients = hasAccess("view-clients");
  const hasViewUsers = hasAccess("view-users");
+  const hasQueryUsers = hasAccess("query-users");

  const navigate = useNavigate();

@ -452,7 +455,7 @@ export default function ClientDetails() {
            )}
            {!client.publicClient &&
              !isRealmClient(client) &&
-              (hasManageClients || client.access?.configure) && (
+              (hasViewClients || client.access?.configure) && (
                <Tab
                  id="credentials"
                  title={<TabTitleText>{t("credentials")}</TabTitleText>}
@ -488,7 +491,7 @@ export default function ClientDetails() {
                isReadOnly={!(hasManageClients || client.access?.configure)}
              />
            </Tab>
-            {!isRealmClient(client) && !client.bearerOnly && (
+            {!isRealmClient(client) && !client.bearerOnly && hasQueryUsers && (
              <Tab
                id="clientScopes"
                data-testid="clientScopesTab"
@ -527,7 +530,7 @@ export default function ClientDetails() {
                </RoutableTabs>
              </Tab>
            )}
-            {client!.authorizationServicesEnabled && (
+            {client!.authorizationServicesEnabled && hasManageAuthorization && (
              <Tab
                id="authorization"
                data-testid="authorizationTab"
--- a/js/apps/admin-ui/src/clients/credentials/ClientSecret.tsx
+++ b/js/apps/admin-ui/src/clients/credentials/ClientSecret.tsx
@ -17,6 +17,7 @@ import { useConfirmDialog } from "../../components/confirm-dialog/ConfirmDialog"
 import { useAdminClient } from "../../context/auth/AdminClient";
 import { useAlerts } from "../../components/alert/Alerts";
 import useFormatDate from "../../utils/useFormatDate";
+import { useAccess } from "../../context/access/Access";

 export type ClientSecretProps = {
  client: ClientRepresentation;
@ -24,14 +25,22 @@ export type ClientSecretProps = {
  toggle: () => void;
 };

-type SecretInputProps = Omit<ClientSecretProps, "client"> & {
+type SecretInputProps = ClientSecretProps & {
  id: string;
  buttonLabel: string;
 };

-const SecretInput = ({ id, buttonLabel, secret, toggle }: SecretInputProps) => {
+const SecretInput = ({
+  id,
+  buttonLabel,
+  client,
+  secret,
+  toggle,
+}: SecretInputProps) => {
  const { t } = useTranslation("clients");
  const form = useFormContext<ClientRepresentation>();
+  const { hasAccess } = useAccess();
+  const isManager = hasAccess("manage-clients") || client.access?.configure;

  return (
    <Split hasGutter>
@ -49,7 +58,7 @@ const SecretInput = ({ id, buttonLabel, secret, toggle }: SecretInputProps) => {
      <SplitItem>
        <Button
          variant="secondary"
-          isDisabled={form.formState.isDirty}
+          isDisabled={form.formState.isDirty || !isManager}
          onClick={toggle}
        >
          {t(buttonLabel)}
@ -117,6 +126,7 @@ export const ClientSecret = ({ client, secret, toggle }: ClientSecretProps) => {
      >
        <SecretInput
          id="kc-client-secret"
+          client={client}
          secret={secret}
          toggle={toggle}
          buttonLabel="regenerate"
@ -130,6 +140,7 @@ export const ClientSecret = ({ client, secret, toggle }: ClientSecretProps) => {
        <FormGroup label={t("secretRotated")} fieldId="secretRotated">
          <SecretInput
            id="secretRotated"
+            client={client}
            secret={secretRotated}
            toggle={toggleInvalidateConfirm}
            buttonLabel="invalidateSecret"
--- a/js/apps/admin-ui/src/clients/credentials/Credentials.tsx
+++ b/js/apps/admin-ui/src/clients/credentials/Credentials.tsx
@ -140,6 +140,7 @@ export const Credentials = ({ client, save, refresh }: CredentialsProps) => {
        isHorizontal
        className="pf-u-mt-md"
        role="manage-clients"
+        fineGrainedAccess={client.access?.configure}
      >
        <ClientSecretConfirm />
        <AccessTokenConfirm />