stages/consent: add API to get user's given consent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-03-18 16:07:33 +01:00
parent 9ad10863de
commit 5b4c5d0f31
3 changed files with 162 additions and 3 deletions

View file

@ -79,7 +79,7 @@ from authentik.stages.authenticator_webauthn.api import (
WebAuthnDeviceViewSet,
)
from authentik.stages.captcha.api import CaptchaStageViewSet
from authentik.stages.consent.api import ConsentStageViewSet
from authentik.stages.consent.api import ConsentStageViewSet, UserConsentViewSet
from authentik.stages.deny.api import DenyStageViewSet
from authentik.stages.dummy.api import DummyStageViewSet
from authentik.stages.email.api import EmailStageViewSet
@ -104,6 +104,7 @@ router.register("admin/system_tasks", TaskViewSet, basename="admin_system_tasks"
router.register("core/applications", ApplicationViewSet)
router.register("core/groups", GroupViewSet)
router.register("core/users", UserViewSet)
router.register("core/user_consent", UserConsentViewSet)
router.register("core/tokens", TokenViewSet)
router.register("outposts/outposts", OutpostViewSet)

View file

@ -1,8 +1,11 @@
"""ConsentStage API Views"""
from rest_framework.viewsets import ModelViewSet
from rest_framework import mixins
from rest_framework.viewsets import GenericViewSet, ModelViewSet
from authentik.core.api.applications import ApplicationSerializer
from authentik.core.api.users import UserSerializer
from authentik.flows.api.stages import StageSerializer
from authentik.stages.consent.models import ConsentStage
from authentik.stages.consent.models import ConsentStage, UserConsent
class ConsentStageSerializer(StageSerializer):
@ -19,3 +22,36 @@ class ConsentStageViewSet(ModelViewSet):
queryset = ConsentStage.objects.all()
serializer_class = ConsentStageSerializer
class UserConsentSerializer(StageSerializer):
"""UserConsent Serializer"""
user = UserSerializer()
application = ApplicationSerializer()
class Meta:
model = UserConsent
fields = ["pk", "expires", "user", "application"]
class UserConsentViewSet(
mixins.RetrieveModelMixin,
mixins.DestroyModelMixin,
mixins.ListModelMixin,
GenericViewSet,
):
"""UserConsent Viewset"""
queryset = UserConsent.objects.all()
serializer_class = UserConsentSerializer
filterset_fields = ["user", "application"]
ordering = ["application", "expires"]
def get_queryset(self):
if not self.request:
return super().get_queryset()
if self.request.user.is_superuser:
return super().get_queryset()
return super().get_queryset().filter(user=self.request.user)

View file

@ -1369,6 +1369,109 @@ paths:
type: string
format: slug
pattern: ^[-a-zA-Z0-9_]+$
/core/user_consent/:
get:
operationId: core_user_consent_list
description: UserConsent Viewset
parameters:
- name: user
in: query
description: ''
required: false
type: string
- name: application
in: query
description: ''
required: false
type: string
- name: ordering
in: query
description: Which field to use when ordering the results.
required: false
type: string
- name: search
in: query
description: A search term.
required: false
type: string
- name: page
in: query
description: Page Index
required: false
type: integer
- name: page_size
in: query
description: Page Size
required: false
type: integer
responses:
'200':
description: ''
schema:
required:
- results
- pagination
type: object
properties:
pagination:
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
results:
type: array
items:
$ref: '#/definitions/UserConsent'
tags:
- core
parameters: []
/core/user_consent/{id}/:
get:
operationId: core_user_consent_read
description: UserConsent Viewset
parameters: []
responses:
'200':
description: ''
schema:
$ref: '#/definitions/UserConsent'
tags:
- core
delete:
operationId: core_user_consent_delete
description: UserConsent Viewset
parameters: []
responses:
'204':
description: ''
tags:
- core
parameters:
- name: id
in: path
description: A unique integer value identifying this User Consent.
required: true
type: integer
/core/users/:
get:
operationId: core_users_list
@ -10799,6 +10902,25 @@ definitions:
type: string
readOnly: true
minLength: 1
UserConsent:
description: UserConsent Serializer
required:
- user
- application
type: object
properties:
pk:
title: ID
type: integer
readOnly: true
expires:
title: Expires
type: string
format: date-time
user:
$ref: '#/definitions/User'
application:
$ref: '#/definitions/Application'
CertificateKeyPair:
description: CertificateKeyPair Serializer
required: