core: show users and groups when user has overall user permissions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 01:02:47 +02:00
parent 32934fcd38
commit 1a02049104
4 changed files with 42 additions and 4 deletions
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -1,7 +1,7 @@
 """Outpost models"""
 from dataclasses import asdict, dataclass, field
 from datetime import datetime
-from typing import Any, Iterable, Optional, Union
+from typing import Iterable, Optional, Union
 from uuid import uuid4

 from dacite import from_dict
@ -336,7 +336,7 @@ class Outpost(models.Model):
        # the ones the user needs
        with transaction.atomic():
            UserObjectPermission.objects.filter(user=user).delete()
-            Permission.objects.filter(user=user).delete()
+            user.user_permissions.clear()
            for model_or_perm in self.get_required_objects():
                if isinstance(model_or_perm, models.Model):
                    model_or_perm: models.Model
@ -346,7 +346,15 @@ class Outpost(models.Model):
                    )
                    assign_perm(code_name, user, model_or_perm)
                else:
-                    assign_perm(model_or_perm, user)
+                    app_label, perm = model_or_perm.split(".")
+                    permission = Permission.objects.filter(
+                        codename=perm,
+                        content_type__app_label=app_label,
+                    )
+                    if not permission.exists():
+                        LOGGER.warning("permission doesn't exist", perm=model_or_perm)
+                        continue
+                    user.user_permissions.add(permission.first())
            LOGGER.debug("Updated service account's permissions")
        return user