From 5b4c5d0f3117348d9216c15603d7c026be89daf5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 18 Mar 2021 16:07:33 +0100 Subject: [PATCH] stages/consent: add API to get user's given consent Signed-off-by: Jens Langhammer --- authentik/api/v2/urls.py | 3 +- authentik/stages/consent/api.py | 40 ++++++++++- swagger.yaml | 122 ++++++++++++++++++++++++++++++++ 3 files changed, 162 insertions(+), 3 deletions(-) diff --git a/authentik/api/v2/urls.py b/authentik/api/v2/urls.py index 2548064e2..b50dea7b6 100644 --- a/authentik/api/v2/urls.py +++ b/authentik/api/v2/urls.py @@ -79,7 +79,7 @@ from authentik.stages.authenticator_webauthn.api import ( WebAuthnDeviceViewSet, ) from authentik.stages.captcha.api import CaptchaStageViewSet -from authentik.stages.consent.api import ConsentStageViewSet +from authentik.stages.consent.api import ConsentStageViewSet, UserConsentViewSet from authentik.stages.deny.api import DenyStageViewSet from authentik.stages.dummy.api import DummyStageViewSet from authentik.stages.email.api import EmailStageViewSet @@ -104,6 +104,7 @@ router.register("admin/system_tasks", TaskViewSet, basename="admin_system_tasks" router.register("core/applications", ApplicationViewSet) router.register("core/groups", GroupViewSet) router.register("core/users", UserViewSet) +router.register("core/user_consent", UserConsentViewSet) router.register("core/tokens", TokenViewSet) router.register("outposts/outposts", OutpostViewSet) diff --git a/authentik/stages/consent/api.py b/authentik/stages/consent/api.py index 926c3d3b8..7a66efa3e 100644 --- a/authentik/stages/consent/api.py +++ b/authentik/stages/consent/api.py @@ -1,8 +1,11 @@ """ConsentStage API Views""" -from rest_framework.viewsets import ModelViewSet +from rest_framework import mixins +from rest_framework.viewsets import GenericViewSet, ModelViewSet +from authentik.core.api.applications import ApplicationSerializer +from authentik.core.api.users import UserSerializer from authentik.flows.api.stages import StageSerializer -from authentik.stages.consent.models import ConsentStage +from authentik.stages.consent.models import ConsentStage, UserConsent class ConsentStageSerializer(StageSerializer): @@ -19,3 +22,36 @@ class ConsentStageViewSet(ModelViewSet): queryset = ConsentStage.objects.all() serializer_class = ConsentStageSerializer + + +class UserConsentSerializer(StageSerializer): + """UserConsent Serializer""" + + user = UserSerializer() + application = ApplicationSerializer() + + class Meta: + + model = UserConsent + fields = ["pk", "expires", "user", "application"] + + +class UserConsentViewSet( + mixins.RetrieveModelMixin, + mixins.DestroyModelMixin, + mixins.ListModelMixin, + GenericViewSet, +): + """UserConsent Viewset""" + + queryset = UserConsent.objects.all() + serializer_class = UserConsentSerializer + filterset_fields = ["user", "application"] + ordering = ["application", "expires"] + + def get_queryset(self): + if not self.request: + return super().get_queryset() + if self.request.user.is_superuser: + return super().get_queryset() + return super().get_queryset().filter(user=self.request.user) diff --git a/swagger.yaml b/swagger.yaml index 93245dde1..80d106180 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -1369,6 +1369,109 @@ paths: type: string format: slug pattern: ^[-a-zA-Z0-9_]+$ + /core/user_consent/: + get: + operationId: core_user_consent_list + description: UserConsent Viewset + parameters: + - name: user + in: query + description: '' + required: false + type: string + - name: application + in: query + description: '' + required: false + type: string + - name: ordering + in: query + description: Which field to use when ordering the results. + required: false + type: string + - name: search + in: query + description: A search term. + required: false + type: string + - name: page + in: query + description: Page Index + required: false + type: integer + - name: page_size + in: query + description: Page Size + required: false + type: integer + responses: + '200': + description: '' + schema: + required: + - results + - pagination + type: object + properties: + pagination: + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + results: + type: array + items: + $ref: '#/definitions/UserConsent' + tags: + - core + parameters: [] + /core/user_consent/{id}/: + get: + operationId: core_user_consent_read + description: UserConsent Viewset + parameters: [] + responses: + '200': + description: '' + schema: + $ref: '#/definitions/UserConsent' + tags: + - core + delete: + operationId: core_user_consent_delete + description: UserConsent Viewset + parameters: [] + responses: + '204': + description: '' + tags: + - core + parameters: + - name: id + in: path + description: A unique integer value identifying this User Consent. + required: true + type: integer /core/users/: get: operationId: core_users_list @@ -10799,6 +10902,25 @@ definitions: type: string readOnly: true minLength: 1 + UserConsent: + description: UserConsent Serializer + required: + - user + - application + type: object + properties: + pk: + title: ID + type: integer + readOnly: true + expires: + title: Expires + type: string + format: date-time + user: + $ref: '#/definitions/User' + application: + $ref: '#/definitions/Application' CertificateKeyPair: description: CertificateKeyPair Serializer required: