Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add impersonate-members scope to group resource type #38659

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ahus1 merged 2 commits into from
Apr 7, 2025
Merged

Add impersonate-members scope to group resource type #38659

ahus1 merged 2 commits into from
Apr 7, 2025

Conversation

@pedroigor
Copy link
Contributor

@pedroigor pedroigor commented Apr 3, 2025

Closes #38566

@pedroigor pedroigor requested a review from a team as a code owner April 3, 2025 14:35
@pedroigor
Copy link
Contributor Author

pedroigor commented Apr 3, 2025

@sschu Can you please check this one? I think it is aligned with what we discussed ...

@vramik
Copy link
Contributor

vramik commented Apr 3, 2025
edited
Loading

@pedroigor I believe we should update this:

keycloak/docs/documentation/upgrading/topics/changes/changes-26_2_0.adoc

Line 119 in 29d3dcb

** The *user-impersonated* user permission has been _removed_.

by saying something like:

  ** The *user-impersonated* user permission has been _removed_ and _replaced_ by *impersonate-members* group permission.

@pedroigor
Copy link
Contributor Author

pedroigor commented Apr 3, 2025

@pedroigor I believe we should update this:

keycloak/docs/documentation/upgrading/topics/changes/changes-26_2_0.adoc

Line 119 in 29d3dcb

** The *user-impersonated* user permission has been _removed_.

by saying something like:

  ** The *user-impersonated* user permission has been _removed_ and _replaced_ by *impersonate-members* group permission.

Makes sense, I'll update the docs.

@pedroigor
Copy link
Contributor Author

pedroigor commented Apr 3, 2025

@vramik Added your suggestion to the upgrade guide.

@vramik
Copy link
Contributor

vramik commented Apr 3, 2025

@pedroigor thanks, lgtm. I'd love to have @sschu's review as well.

@sschu
Copy link
Contributor

sschu commented Apr 3, 2025

@pedroigor @vramik I'll have a look. Will probably only finish tomorrow, I hope thats OK.

vramik
vramik reviewed Apr 3, 2025
View reviewed changes
docs/documentation/server_admin/topics/admin-console-permissions/fine-grain-v2.adoc Outdated
The evaluation takes permissions for specific resources (specific user permissions and specific group permissions) first.
See <<_resolving-conflicting-permissions, Resolving Conflicting Permissions>> for more information.
- Similarly, the *manage* operation takes *manage-members* into account when managing group members.
- Similarly, the *manage* operation takes *manage-members* into account when managing group members.
Copy link
Contributor

@vramik vramik Apr 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pedroigor we should probably mention here that this "taking-into-account" applies to impersonation as well, wdyt?

Copy link
Contributor Author

@pedroigor pedroigor Apr 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a second commit with some updates to the docs. I can send a separate PR if you prefer, but perhaps we can just agree on it here.

@pedroigor pedroigor force-pushed the issue-38566 branch 2 times, most recently from e49c2a5 to 5045b62 Compare April 4, 2025 10:45
@sschu
Copy link
Contributor

sschu commented Apr 4, 2025

@pedroigor @vramik I finally tested this branch and the impersonate-part works as expected. However, I found some issues with the view-members and manage-members permissions. I'll send you a reproducer directly via mail.

@pedroigor pedroigor force-pushed the issue-38566 branch 2 times, most recently from e10192c to c609e34 Compare April 7, 2025 12:54
@ahus1 ahus1 enabled auto-merge (squash) April 7, 2025 12:58
ahus1
ahus1 approved these changes Apr 7, 2025
View reviewed changes
Copy link
Contributor

@ahus1 ahus1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on @vramik's review

@ahus1 ahus1 merged commit 87430fc into keycloak:main Apr 7, 2025
77 checks passed
@pedroigor pedroigor deleted the issue-38566 branch April 7, 2025 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahus1 ahus1 ahus1 approved these changes

+1 more reviewer

@vramik vramik vramik approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add impersonate-members scope to group resource type

4 participants

@pedroigor @vramik @sschu @ahus1