d24e2abe7f
* rbac: rework API slightly to improve terraform compatibility Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission support for users global permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add role support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix yaml tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add generated read-only role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make permissions optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add object permission support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests kinda Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests and fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
29 lines
665 B
YAML
29 lines
665 B
YAML
metadata:
|
|
name: Default - RBAC - Read-only
|
|
version: 1
|
|
entries:
|
|
- model: authentik_rbac.role
|
|
identifiers:
|
|
name: authentik Read-only
|
|
id: role
|
|
attrs:
|
|
permissions: !Enumerate [
|
|
!Context goauthentik.io/rbac/models,
|
|
SEQ,
|
|
!Format [
|
|
"%s.view_%s",
|
|
!Value 0,
|
|
!Index 0,
|
|
],
|
|
]
|
|
- model: authentik_core.group
|
|
identifiers:
|
|
name: authentik Read-only
|
|
attrs:
|
|
roles:
|
|
- !KeyOf role
|
|
is_superuser: false
|
|
attributes:
|
|
notes: |
|
|
An group with an auto-generated role that allows read-only permissions on all objects.
|