trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

*/api: simplify lookups for per-user 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-27 14:53:01 +02:00
parent 7b29a1e485
commit 48c0c0baca
7 changed files with 27 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/events/api/notification.py
View File

@ -1,4 +1,5 @@
"""Notification API Views""" """Notification API Views"""
from guardian.utils import get_anonymous_user
from rest_framework import mixins from rest_framework import mixins
from rest_framework.fields import ReadOnlyField from rest_framework.fields import ReadOnlyField
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
@ -48,6 +49,5 @@ class NotificationViewSet(
] ]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
return super().get_queryset() return Notification.objects.filter(user=user)
return Notification.objects.filter(user=self.request.user)

15
authentik/providers/oauth2/api/tokens.py
View File

@ -1,4 +1,5 @@
"""OAuth2Provider API Views""" """OAuth2Provider API Views"""
from guardian.utils import get_anonymous_user
from rest_framework import mixins from rest_framework import mixins
from rest_framework.fields import CharField, ListField from rest_framework.fields import CharField, ListField
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
@ -38,11 +39,10 @@ class AuthorizationCodeViewSet(
ordering = ["provider", "expires"] ordering = ["provider", "expires"]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
if user.is_superuser:
return super().get_queryset() return super().get_queryset()
if self.request.user.is_superuser: return super().get_queryset().filter(user=user)
return super().get_queryset()
return super().get_queryset().filter(user=self.request.user)
class RefreshTokenViewSet( class RefreshTokenViewSet(
@ -59,8 +59,7 @@ class RefreshTokenViewSet(
ordering = ["provider", "expires"] ordering = ["provider", "expires"]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
if user.is_superuser:
return super().get_queryset() return super().get_queryset()
if self.request.user.is_superuser: return super().get_queryset().filter(user=user)
return super().get_queryset()
return super().get_queryset().filter(user=self.request.user)

8
authentik/sources/oauth/api/source_connection.py
View File

@ -1,4 +1,5 @@
"""OAuth Source Serializer""" """OAuth Source Serializer"""
from guardian.utils import get_anonymous_user
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.core.api.sources import SourceSerializer from authentik.core.api.sources import SourceSerializer
@ -26,8 +27,7 @@ class UserOAuthSourceConnectionViewSet(ModelViewSet):
filterset_fields = ["source__slug"] filterset_fields = ["source__slug"]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
if user.is_superuser:
return super().get_queryset() return super().get_queryset()
if self.request.user.is_superuser: return super().get_queryset().filter(user=user)
return super().get_queryset()
return super().get_queryset().filter(user=self.request.user)

6
authentik/stages/authenticator_static/api.py
View File

@ -1,5 +1,6 @@
"""AuthenticatorStaticStage API Views""" """AuthenticatorStaticStage API Views"""
from django_otp.plugins.otp_static.models import StaticDevice from django_otp.plugins.otp_static.models import StaticDevice
from guardian.utils import get_anonymous_user
from rest_framework.permissions import IsAdminUser from rest_framework.permissions import IsAdminUser
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
@ -44,9 +45,8 @@ class StaticDeviceViewSet(ModelViewSet):
ordering = ["name"] ordering = ["name"]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
return super().get_queryset() return StaticDevice.objects.filter(user=user)
return StaticDevice.objects.filter(user=self.request.user)
class StaticAdminDeviceViewSet(ReadOnlyModelViewSet): class StaticAdminDeviceViewSet(ReadOnlyModelViewSet):

6
authentik/stages/authenticator_totp/api.py
View File

@ -1,5 +1,6 @@
"""AuthenticatorTOTPStage API Views""" """AuthenticatorTOTPStage API Views"""
from django_otp.plugins.otp_totp.models import TOTPDevice from django_otp.plugins.otp_totp.models import TOTPDevice
from guardian.utils import get_anonymous_user
from rest_framework.permissions import IsAdminUser from rest_framework.permissions import IsAdminUser
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
@ -47,9 +48,8 @@ class TOTPDeviceViewSet(ModelViewSet):
ordering = ["name"] ordering = ["name"]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
return super().get_queryset() return TOTPDevice.objects.filter(user=user)
return TOTPDevice.objects.filter(user=self.request.user)
class TOTPAdminDeviceViewSet(ReadOnlyModelViewSet): class TOTPAdminDeviceViewSet(ReadOnlyModelViewSet):

6
authentik/stages/authenticator_webauthn/api.py
View File

@ -1,4 +1,5 @@
"""AuthenticateWebAuthnStage API Views""" """AuthenticateWebAuthnStage API Views"""
from guardian.utils import get_anonymous_user
from rest_framework.permissions import IsAdminUser from rest_framework.permissions import IsAdminUser
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
@ -46,9 +47,8 @@ class WebAuthnDeviceViewSet(ModelViewSet):
ordering = ["name"] ordering = ["name"]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
return super().get_queryset() return WebAuthnDevice.objects.filter(user=user)
return WebAuthnDevice.objects.filter(user=self.request.user)
class WebAuthnAdminDeviceViewSet(ReadOnlyModelViewSet): class WebAuthnAdminDeviceViewSet(ReadOnlyModelViewSet):

8
authentik/stages/consent/api.py
View File

@ -1,4 +1,5 @@
"""ConsentStage API Views""" """ConsentStage API Views"""
from guardian.utils import get_anonymous_user
from rest_framework import mixins from rest_framework import mixins
from rest_framework.viewsets import GenericViewSet, ModelViewSet from rest_framework.viewsets import GenericViewSet, ModelViewSet
@ -50,8 +51,7 @@ class UserConsentViewSet(
ordering = ["application", "expires"] ordering = ["application", "expires"]
def get_queryset(self): def get_queryset(self):
if not self.request: user = self.request.user if self.request else get_anonymous_user()
if user.is_superuser:
return super().get_queryset() return super().get_queryset()
if self.request.user.is_superuser: return super().get_queryset().filter(user=user)
return super().get_queryset()
return super().get_queryset().filter(user=self.request.user)