[FGAP] Override canList() for V2.

Closes #38641 Signed-off-by: vramik <vramik@redhat.com>
2026-05-28 04:13:22 -04:00 · 2025-04-03 12:26:06 +02:00 · 2025-04-03 12:26:06 +02:00 · 999d9aa75b
commit 999d9aa75b
parent 669acefd5c
2 changed files with 8 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionEvaluator.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionEvaluator.java
@ -71,7 +71,9 @@ public interface ClientPermissionEvaluator {
    /**
     * Returns {@code true} if {@link #canView()} returns {@code true}.
     * <p/>
-     * Or if the caller has at least one of the {@link AdminRoles#QUERY_CLIENTS} or {@link AdminRoles#QUERY_USERS} roles.
+     * Or if the caller has at least one of the {@link AdminRoles#QUERY_CLIENTS} role.
+     * <p/>
+     * V1: or {@link AdminRoles#QUERY_USERS} roles.
     */
    boolean canList();

--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionsV2.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionsV2.java
@ -48,6 +48,11 @@ class ClientPermissionsV2 extends ClientPermissions {
        super(session, realm, authz, root);
    }

+    @Override
+    public boolean canList() {
+        return root.hasOneAdminRole(AdminRoles.QUERY_CLIENTS) || canView();
+    }
+
    @Override
    public boolean canConfigure(ClientModel client) {
        if (canManage(client)) return true;