From 8c16dfc478c82f4c0ab32d759615784a7509380c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 14 Dec 2021 15:56:13 +0100 Subject: [PATCH] stages/invitation: use GroupMemberSerializer serializer to prevent all of the user's groups and their users from being returned Signed-off-by: Jens Langhammer --- authentik/stages/invitation/api.py | 4 ++-- schema.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/authentik/stages/invitation/api.py b/authentik/stages/invitation/api.py index 8e85bcb1b..9132504b9 100644 --- a/authentik/stages/invitation/api.py +++ b/authentik/stages/invitation/api.py @@ -5,8 +5,8 @@ from rest_framework.fields import JSONField from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet +from authentik.core.api.groups import GroupMemberSerializer from authentik.core.api.used_by import UsedByMixin -from authentik.core.api.users import UserSerializer from authentik.core.api.utils import is_dict from authentik.flows.api.stages import StageSerializer from authentik.stages.invitation.models import Invitation, InvitationStage @@ -46,7 +46,7 @@ class InvitationStageViewSet(UsedByMixin, ModelViewSet): class InvitationSerializer(ModelSerializer): """Invitation Serializer""" - created_by = UserSerializer(read_only=True) + created_by = GroupMemberSerializer(read_only=True) fixed_data = JSONField(validators=[is_dict], required=False) class Meta: diff --git a/schema.yml b/schema.yml index 782cf6a0e..134add65c 100644 --- a/schema.yml +++ b/schema.yml @@ -22127,7 +22127,7 @@ components: additionalProperties: {} created_by: allOf: - - $ref: '#/components/schemas/User' + - $ref: '#/components/schemas/GroupMember' readOnly: true single_use: type: boolean