From 3c8bbc26216381a93f228f0a437cee4a507ad0e3 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 6 Dec 2021 12:22:40 +0100
Subject: [PATCH] sources/*: only allow superusers to directly create source
 connections

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/sources/oauth/api/source_connection.py | 9 ++-------
 authentik/sources/plex/api/source_connection.py  | 9 ++-------
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/authentik/sources/oauth/api/source_connection.py b/authentik/sources/oauth/api/source_connection.py
index 9ef4c11ec..b0bdc9e8d 100644
--- a/authentik/sources/oauth/api/source_connection.py
+++ b/authentik/sources/oauth/api/source_connection.py
@@ -3,7 +3,7 @@ from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.viewsets import ModelViewSet
 
-from authentik.api.authorization import OwnerFilter, OwnerPermissions
+from authentik.api.authorization import OwnerFilter, OwnerSuperuserPermissions
 from authentik.core.api.sources import SourceSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.sources.oauth.models import UserOAuthSourceConnection
@@ -27,11 +27,6 @@ class UserOAuthSourceConnectionViewSet(UsedByMixin, ModelViewSet):
     queryset = UserOAuthSourceConnection.objects.all()
     serializer_class = UserOAuthSourceConnectionSerializer
     filterset_fields = ["source__slug"]
-    permission_classes = [OwnerPermissions]
+    permission_classes = [OwnerSuperuserPermissions]
     filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
     ordering = ["source__slug"]
-
-    def perform_create(self, serializer: UserOAuthSourceConnectionSerializer):
-        if not self.request.user.is_superuser:
-            return serializer.save()
-        return serializer.save(user=self.request.user)
diff --git a/authentik/sources/plex/api/source_connection.py b/authentik/sources/plex/api/source_connection.py
index 936afb7f7..0368adec8 100644
--- a/authentik/sources/plex/api/source_connection.py
+++ b/authentik/sources/plex/api/source_connection.py
@@ -3,7 +3,7 @@ from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.viewsets import ModelViewSet
 
-from authentik.api.authorization import OwnerFilter, OwnerPermissions
+from authentik.api.authorization import OwnerFilter, OwnerSuperuserPermissions
 from authentik.core.api.sources import SourceSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.sources.plex.models import PlexSourceConnection
@@ -32,11 +32,6 @@ class PlexSourceConnectionViewSet(UsedByMixin, ModelViewSet):
     queryset = PlexSourceConnection.objects.all()
     serializer_class = PlexSourceConnectionSerializer
     filterset_fields = ["source__slug"]
-    permission_classes = [OwnerPermissions]
+    permission_classes = [OwnerSuperuserPermissions]
     filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
     ordering = ["pk"]
-
-    def perform_create(self, serializer: PlexSourceConnectionSerializer):
-        if not self.request.user.is_superuser:
-            return serializer.save()
-        return serializer.save(user=self.request.user)