admin user needs realm management roles

cryptomator / hub

Cryptomator Hub helps you manage vaults in large teams

GNU Affero General Public License v3.0

41 stars 9 forks source link

admin user needs realm management roles #155

Closed overheadhunter closed 2 years ago

overheadhunter commented 2 years ago

Please agree to the following

[X] I have searched existing issues for duplicates
[X] I agree to follow this project's Code of Conduct

Summary

The setup wizard should make sure that the initial user has sufficient privileges to manage the realm

System Setup

- realm.json created for Hub 1.0.0-beta5

Steps to Reproduce

Try to log into keycloak admin console not using the server admin user but rather the realm admin

Expected Behavior

You are logged in and can manage your own realm (but can not see other realms)

Actual Behavior

Error 403

Reproducibility

Always

Relevant Log Output

No response

Anything else?

Related to #107

overheadhunter commented 2 years ago

fixed in https://github.com/cryptomator/cryptomator.github.io/commit/cc014b1ae135630905e5867df06f953048faaaf1

SailReal commented 2 years ago

@overheadhunter we need to fix it in https://github.com/cryptomator/hub/blob/c39b1e204a0a9a106b1607ee154897eff2fbedd0/backend/src/main/resources/dev-realm.json#L19-L28 too.

overheadhunter commented 2 years ago

dev-realm is only relevant during quarkus:dev, where we only have a global admin user anyway.

SailReal commented 2 years ago

Okay but on my device, running the latest state of the release/1.0.0-branch using quarkus:dev, I get a 403 when clicking on the admin link in Hub: Screenshot from 2022-09-28 13-27-43

If I grant the admin user the realm-roles, the link works as expected.

overheadhunter commented 2 years ago

ohhhhhhh my bad, I thought it would be the "other" admin user being used here.

SailReal commented 2 years ago

Works now :+1: