Hi,
While debugging my Keycloak SPI, I think I found a bug.
When calling IterablePermissionEvaluator.evaluate(...), I can see that permissions and
policyEvaluator are used to update a decision with different results (field
Map<ResourcePermission, Result> results in AbstractDecisionCollector) then a call to
decision.onComplete() should validate found results.
In fact, decision.onComplete() is a method from AbstractDecisionCollector which calls
onComplete(Collection<Result> permissions) but this one is empty in
AbstractDecisionCollector and is not overridden in DecisionPermissionCollector which is
the actual instanciated class in IterablePermissionEvaluator.
Finally, when calling decision.results() in IterablePermissionEvaluator.evaluate(...), the
result will always be empty.
I think that AbstractDecisionCollector (or DecisionPermissionCollector) should be defined
with :
protected void onComplete(Collection<Result> permissions) {
permissions.forEach(this::onComplete);
}
Or maybe I missed something ?
Thanks,
Francis