From 5d370120756bccd221a50ba7cd91ebf06d504047 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 29 Mar 2021 17:28:28 +0200
Subject: [PATCH] api: allow @permission_required with no object permission

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/api/decorators.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/authentik/api/decorators.py b/authentik/api/decorators.py
index fd89c01dc..539553dad 100644
--- a/authentik/api/decorators.py
+++ b/authentik/api/decorators.py
@@ -1,13 +1,13 @@
 """API Decorators"""
 from functools import wraps
-from typing import Callable
+from typing import Callable, Optional
 
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.viewsets import ModelViewSet
 
 
-def permission_required(perm: str, *other_perms: str):
+def permission_required(perm: Optional[str] = None, *other_perms: str):
     """Check permissions for a single custom action"""
 
     def wrapper_outter(func: Callable):
@@ -15,9 +15,10 @@ def permission_required(perm: str, *other_perms: str):
 
         @wraps(func)
         def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response:
-            obj = self.get_object()
-            if not request.user.has_perm(perm, obj):
-                return self.permission_denied(request)
+            if perm:
+                obj = self.get_object()
+                if not request.user.has_perm(perm, obj):
+                    return self.permission_denied(request)
             for other_perm in other_perms:
                 if not request.user.has_perm(other_perm):
                     return self.permission_denied(request)