rbac: fix invitations listing with restricted permissions (#8227)

* rbac: fix missing permission definition for list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* core: fix users's system_permissions not including role permissions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* core: don't require permissions for users/me/

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web/admin: catch error when listing stages on invitation page fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "rbac: fix missing permission definition for list"

This reverts commit fd7572e699.

* Revert "core: don't require permissions for users/me/"

This reverts commit 9df0dbda8a.

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2024-01-18 23:08:29 +01:00
committed by GitHub
parent abf1f0e348
commit 02791e765f
2 changed files with 21 additions and 17 deletions

View File

@ -227,9 +227,9 @@ class UserSelfSerializer(ModelSerializer):
def get_system_permissions(self, user: User) -> list[str]: def get_system_permissions(self, user: User) -> list[str]:
"""Get all system permissions assigned to the user""" """Get all system permissions assigned to the user"""
return list( return list(
user.user_permissions.filter( x.split(".", maxsplit=1)[1]
content_type__app_label="authentik_rbac", content_type__model="systempermission" for x in user.get_all_permissions()
).values_list("codename", flat=True) if x.startswith("authentik_rbac")
) )
class Meta: class Meta:

View File

@ -62,6 +62,7 @@ export class InvitationListPage extends TablePage<Invitation> {
multipleEnrollmentFlows = false; multipleEnrollmentFlows = false;
async apiEndpoint(page: number): Promise<PaginatedResponse<Invitation>> { async apiEndpoint(page: number): Promise<PaginatedResponse<Invitation>> {
try {
// Check if any invitation stages exist // Check if any invitation stages exist
const stages = await new StagesApi(DEFAULT_CONFIG).stagesInvitationStagesList({ const stages = await new StagesApi(DEFAULT_CONFIG).stagesInvitationStagesList({
noFlows: false, noFlows: false,
@ -76,6 +77,9 @@ export class InvitationListPage extends TablePage<Invitation> {
this.multipleEnrollmentFlows = true; this.multipleEnrollmentFlows = true;
} }
}); });
} catch {
// assuming we can't fetch stages, ignore the error
}
return new StagesApi(DEFAULT_CONFIG).stagesInvitationInvitationsList({ return new StagesApi(DEFAULT_CONFIG).stagesInvitationInvitationsList({
ordering: this.order, ordering: this.order,
page: page, page: page,