trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts: ensure outpost SAs always have permissions to fake IP 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-07-22 10:02:20 +02:00
parent 477c8b099e
commit 7370dd5f3f
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
authentik/outposts/models.py
View File

@ -344,12 +344,13 @@ class Outpost(ManagedModel):
users = User.objects.filter(username=self.user_identifier) users = User.objects.filter(username=self.user_identifier)
if not users.exists(): if not users.exists():
user: User = User.objects.create(username=self.user_identifier) user: User = User.objects.create(username=self.user_identifier)
user.attributes[USER_ATTRIBUTE_SA] = True
user.attributes[USER_ATTRIBUTE_CAN_OVERRIDE_IP] = True
user.set_unusable_password() user.set_unusable_password()
user.save() user.save()
else: else:
user = users.first() user = users.first()
user.attributes[USER_ATTRIBUTE_SA] = True
user.attributes[USER_ATTRIBUTE_CAN_OVERRIDE_IP] = True
user.save()
# To ensure the user only has the correct permissions, we delete all of them and re-add # To ensure the user only has the correct permissions, we delete all of them and re-add
# the ones the user needs # the ones the user needs
with transaction.atomic(): with transaction.atomic():