mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-20 14:00:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Workflow database queries not filtering based on the realm

Browse Source 
Closes #44858

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor
2025-12-11 15:25:26 -03:00
parent 84a0324d60
commit 0419d6711f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
model/jpa/src/main/java/org/keycloak/models/workflow/UserResourceTypeWorkflowProvider.java
View File

@@ -31,6 +31,7 @@ import jakarta.persistence.criteria.Subquery;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.connections.jpa.JpaConnectionProvider; import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.jpa.entities.UserEntity; import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.workflow.conditions.expression.BooleanConditionParser; import org.keycloak.models.workflow.conditions.expression.BooleanConditionParser;
import org.keycloak.models.workflow.conditions.expression.EvaluatorUtils; import org.keycloak.models.workflow.conditions.expression.EvaluatorUtils;
@@ -67,6 +68,8 @@ public class UserResourceTypeWorkflowProvider implements ResourceTypeSelector {
cb.equal(stateRoot.get("workflowId"), workflow.getId()) cb.equal(stateRoot.get("workflowId"), workflow.getId())
) )
); );
RealmModel realm = session.getContext().getRealm();
predicates.add(cb.equal(userRoot.get("realmId"), realm.getId()));
Predicate notExistsPredicate = cb.not(cb.exists(subquery)); Predicate notExistsPredicate = cb.not(cb.exists(subquery));
predicates.add(notExistsPredicate); predicates.add(notExistsPredicate);