habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: delegated group member management (#9254)

Browse Source 
* fix API permissions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix group member remove notification label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* consistent naming assign vs grant

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only set table search query when searching is enabled

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix hidden object permissions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* replace checkmark/cross with fa icons

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests and fix permission bug

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* reword

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2024-04-15 14:14:26 +02:00
committed by GitHub
parent bcc8d5e76c
commit 4a9c95b44e
18 changed files with 160 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
authentik/core/api/groups.py
View File

@ -146,15 +146,14 @@ class GroupFilter(FilterSet):
fields = ["name", "is_superuser", "members_by_pk", "attributes", "members_by_username"]
class UserAccountSerializer(PassiveSerializer):
"""Account adding/removing operations"""
pk = IntegerField(required=True)
class GroupViewSet(UsedByMixin, ModelViewSet):
"""Group Viewset"""
class UserAccountSerializer(PassiveSerializer):
"""Account adding/removing operations"""
pk = IntegerField(required=True)
queryset = Group.objects.all().select_related("parent").prefetch_related("users")
serializer_class = GroupSerializer
search_fields = ["name", "is_superuser"]
@ -169,7 +168,7 @@ class GroupViewSet(UsedByMixin, ModelViewSet):
def list(self, request, *args, **kwargs):
return super().list(request, *args, **kwargs)
@permission_required(None, ["authentik_core.add_user"])
@permission_required("authentik_core.add_user_to_group")
@extend_schema(
request=UserAccountSerializer,
responses={
@ -177,7 +176,13 @@ class GroupViewSet(UsedByMixin, ModelViewSet):
404: OpenApiResponse(description="User not found"),
},
)
@action(detail=True, methods=["POST"], pagination_class=None, filter_backends=[])
@action(
detail=True,
methods=["POST"],
pagination_class=None,
filter_backends=[],
permission_classes=[],
)
def add_user(self, request: Request, pk: str) -> Response:
"""Add user to group"""
group: Group = self.get_object()
@ -193,7 +198,7 @@ class GroupViewSet(UsedByMixin, ModelViewSet):
group.users.add(user)
return Response(status=204)
@permission_required(None, ["authentik_core.add_user"])
@permission_required("authentik_core.remove_user_from_group")
@extend_schema(
request=UserAccountSerializer,
responses={
@ -201,7 +206,13 @@ class GroupViewSet(UsedByMixin, ModelViewSet):
404: OpenApiResponse(description="User not found"),
},
)
@action(detail=True, methods=["POST"], pagination_class=None, filter_backends=[])
@action(
detail=True,
methods=["POST"],
pagination_class=None,
filter_backends=[],
permission_classes=[],
)
def remove_user(self, request: Request, pk: str) -> Response:
"""Add user to group"""
group: Group = self.get_object()