core: fix missing permission check for group creating when creating service account

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 12:33:29 +01:00
parent 3c8bbc2621
commit c1ea78c422
1 changed files with 1 additions and 1 deletions
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -314,7 +314,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
                    name=username,
                    attributes={USER_ATTRIBUTE_SA: True, USER_ATTRIBUTE_TOKEN_EXPIRING: False},
                )
-                if create_group:
+                if create_group and self.request.user.has_perm("authentik_core.add_group"):
                    group = Group.objects.create(
                        name=username,
                    )