From 9d15fa4a57e9a31862fd675b54280eb9ac69459c Mon Sep 17 00:00:00 2001
From: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Date: Thu, 9 Jan 2025 14:36:57 +0100
Subject: [PATCH] rbac: permissions endpoint: allow authenticated users
 (#12608)

---
 authentik/rbac/api/rbac.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/authentik/rbac/api/rbac.py b/authentik/rbac/api/rbac.py
index 397d8696d6..9e6a2517f3 100644
--- a/authentik/rbac/api/rbac.py
+++ b/authentik/rbac/api/rbac.py
@@ -5,6 +5,7 @@ from django.contrib.auth.models import Permission
 from django.db.models import QuerySet
 from django_filters.filters import ModelChoiceFilter
 from django_filters.filterset import FilterSet
+from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.exceptions import ValidationError
 from rest_framework.fields import (
     CharField,
@@ -13,6 +14,8 @@ from rest_framework.fields import (
     ReadOnlyField,
     SerializerMethodField,
 )
+from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.viewsets import ReadOnlyModelViewSet
 
 from authentik.core.api.utils import ModelSerializer, PassiveSerializer
@@ -92,7 +95,9 @@ class RBACPermissionViewSet(ReadOnlyModelViewSet):
     queryset = Permission.objects.none()
     serializer_class = PermissionSerializer
     ordering = ["name"]
+    filter_backends = [DjangoFilterBackend, OrderingFilter, SearchFilter]
     filterset_class = PermissionFilter
+    permission_classes = [IsAuthenticated]
     search_fields = [
         "codename",
         "content_type__model",