website/docs: RBAC docs (#7191)

* draft rbac docs * tweaks * add a permissions topic * tweaks * more changes * draft permissions topic * more content on roles * links * typo * more conceptual info * Optimised images with calibre/image-actions * more content on roles * add more x-ref links * fix links * more content * links * typos * polishing * Update website/docs/user-group-role/access-control/permissions.md Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * separwate conceptual vs procedural in permissions * finished groups procedurals * new page * added link * Update website/docs/user-group-role/access-control/permissions.md Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * polish * edits from PR review * restructured view section to remove repetition * rest of edits from PR review * polished flows and stages * polish * typo --------- Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana Berry <tana@goauthentik.io> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> Co-authored-by: Jens L. <jens@goauthentik.io>
2023-10-26 05:31:32 -05:00
parent 3f5d5e0408
commit 84fdd3c750
20 changed files with 355 additions and 35 deletions
--- a/website/docs/policies/expression.mdx
+++ b/website/docs/policies/expression.mdx
@ -41,7 +41,7 @@ import Objects from "../expressions/_objects.md";

 -   `request`: A PolicyRequest object, which has the following properties:

-    -   `request.user`: The current user, against which the policy is applied. See [User](../user-group/user/user_ref.md#object-properties)
+    -   `request.user`: The current user, against which the policy is applied. See [User](../user-group-role/user/user_ref.md#object-properties)

        :::caution
        When a policy is executed in the context of a flow, this will be set to the user initiaing request, and will only be changed by a `user_login` stage. For that reason, using this value in authentication flow policies may not return the expected user. Use `context['pending_user']` instead; User Identification and other stages update this value during flow execution.
@ -77,7 +77,7 @@ This includes the following:
 -   `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional)
 -   `context['application']`: The application the user is in the process of authorizing. (Optional)
 -   `context['source']`: The source the user is authenticating/enrolling with. (Optional)
-   `context['pending_user']`: The currently pending user, see [User](../user-group/user/user_ref.md#object-properties)
+-   `context['pending_user']`: The currently pending user, see [User](../user-group-role/user/user_ref.md#object-properties)
 -   `context['is_restored']`: Contains the flow token when the flow plan was restored from a link, for example the user clicked a link to a flow which was sent by an email stage. (Optional)
 -   `context['auth_method']`: Authentication method (this value is set by password stages) (Optional)