remove leftover code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-01-08 18:47:35 +01:00
parent f35457492b
commit d1fbf2ed65
2 changed files with 5 additions and 43 deletions
--- a/authentik/core/api/tokens.py
+++ b/authentik/core/api/tokens.py
@ -4,7 +4,7 @@ from typing import Any

 from django.utils.timezone import now
 from drf_spectacular.utils import OpenApiResponse, extend_schema, inline_serializer
-from guardian.shortcuts import assign_perm, get_anonymous_user
+from guardian.shortcuts import assign_perm
 from rest_framework.decorators import action
 from rest_framework.exceptions import ValidationError
 from rest_framework.fields import CharField
@ -138,13 +138,8 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
    owner_field = "user"
    rbac_allow_create_without_perm = True

-    def get_queryset(self):
-        user = self.request.user if self.request else get_anonymous_user()
-        if user.is_superuser:
-            return super().get_queryset()
-        return super().get_queryset().filter(user=user.pk)
-
    def perform_create(self, serializer: TokenSerializer):
+        # TODO: better permission check
        if not self.request.user.is_superuser:
            instance = serializer.save(
                user=self.request.user,
--- a/authentik/providers/oauth2/api/tokens.py
+++ b/authentik/providers/oauth2/api/tokens.py
@ -2,11 +2,8 @@

 from json import dumps

-from django_filters.rest_framework import DjangoFilterBackend
-from guardian.utils import get_anonymous_user
 from rest_framework import mixins
 from rest_framework.fields import CharField, ListField, SerializerMethodField
-from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.viewsets import GenericViewSet

 from authentik.core.api.used_by import UsedByMixin
@ -66,17 +63,7 @@ class AuthorizationCodeViewSet(
    serializer_class = ExpiringBaseGrantModelSerializer
    filterset_fields = ["user", "provider"]
    ordering = ["provider", "expires"]
-    filter_backends = [
-        DjangoFilterBackend,
-        OrderingFilter,
-        SearchFilter,
-    ]
-
-    def get_queryset(self):
-        user = self.request.user if self.request else get_anonymous_user()
-        if user.is_superuser:
-            return super().get_queryset()
-        return super().get_queryset().filter(user=user.pk)
+    owner_field = "user"


 class RefreshTokenViewSet(
@ -92,17 +79,7 @@ class RefreshTokenViewSet(
    serializer_class = TokenModelSerializer
    filterset_fields = ["user", "provider"]
    ordering = ["provider", "expires"]
-    filter_backends = [
-        DjangoFilterBackend,
-        OrderingFilter,
-        SearchFilter,
-    ]
-
-    def get_queryset(self):
-        user = self.request.user if self.request else get_anonymous_user()
-        if user.is_superuser:
-            return super().get_queryset()
-        return super().get_queryset().filter(user=user.pk)
+    owner_field = "user"


 class AccessTokenViewSet(
@ -118,14 +95,4 @@ class AccessTokenViewSet(
    serializer_class = TokenModelSerializer
    filterset_fields = ["user", "provider"]
    ordering = ["provider", "expires"]
-    filter_backends = [
-        DjangoFilterBackend,
-        OrderingFilter,
-        SearchFilter,
-    ]
-
-    def get_queryset(self):
-        user = self.request.user if self.request else get_anonymous_user()
-        if user.is_superuser:
-            return super().get_queryset()
-        return super().get_queryset().filter(user=user.pk)
+    owner_field = "user"