From b14c5039ed19dbbe632ebabf20f29a07e3324813 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 12 Jan 2021 23:06:42 +0100 Subject: [PATCH] events: set default admin group to receive default triggers --- .../0011_notification_trigger_default_v1.py | 22 ++++++++++++++++--- authentik/events/signals.py | 4 ++-- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/authentik/events/migrations/0011_notification_trigger_default_v1.py b/authentik/events/migrations/0011_notification_trigger_default_v1.py index 98ca10c93..cb3055057 100644 --- a/authentik/events/migrations/0011_notification_trigger_default_v1.py +++ b/authentik/events/migrations/0011_notification_trigger_default_v1.py @@ -9,18 +9,23 @@ from authentik.events.models import EventAction def notify_configuration_error(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): db_alias = schema_editor.connection.alias + Group = apps.get_model("authentik_core", "Group") PolicyBinding = apps.get_model("authentik_policies", "PolicyBinding") EventMatcherPolicy = apps.get_model( "authentik_policies_event_matcher", "EventMatcherPolicy" ) NotificationTrigger = apps.get_model("authentik_events", "NotificationTrigger") + admin_group = Group.objects.using(db_alias).filter( + name="authentik Admins", is_superuser=True + ) + policy, _ = EventMatcherPolicy.objects.using(db_alias).update_or_create( name="default-match-configuration-error", defaults={"action": EventAction.CONFIGURATION_ERROR}, ) trigger, _ = NotificationTrigger.objects.using(db_alias).update_or_create( - name="default-notify-configuration-error", + name="default-notify-configuration-error", defaults={"trigger": admin_group} ) PolicyBinding.objects.using(db_alias).update_or_create( target=trigger, @@ -33,18 +38,23 @@ def notify_configuration_error(apps: Apps, schema_editor: BaseDatabaseSchemaEdit def notify_update(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): db_alias = schema_editor.connection.alias + Group = apps.get_model("authentik_core", "Group") PolicyBinding = apps.get_model("authentik_policies", "PolicyBinding") EventMatcherPolicy = apps.get_model( "authentik_policies_event_matcher", "EventMatcherPolicy" ) NotificationTrigger = apps.get_model("authentik_events", "NotificationTrigger") + admin_group = Group.objects.using(db_alias).filter( + name="authentik Admins", is_superuser=True + ) + policy, _ = EventMatcherPolicy.objects.using(db_alias).update_or_create( name="default-match-update", defaults={"action": EventAction.UPDATE_AVAILABLE}, ) trigger, _ = NotificationTrigger.objects.using(db_alias).update_or_create( - name="default-notify-update", + name="default-notify-update", defaults={"trigger": admin_group} ) PolicyBinding.objects.using(db_alias).update_or_create( target=trigger, @@ -57,12 +67,17 @@ def notify_update(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): def notify_exception(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): db_alias = schema_editor.connection.alias + Group = apps.get_model("authentik_core", "Group") PolicyBinding = apps.get_model("authentik_policies", "PolicyBinding") EventMatcherPolicy = apps.get_model( "authentik_policies_event_matcher", "EventMatcherPolicy" ) NotificationTrigger = apps.get_model("authentik_events", "NotificationTrigger") + admin_group = Group.objects.using(db_alias).filter( + name="authentik Admins", is_superuser=True + ) + policy_policy_exc, _ = EventMatcherPolicy.objects.using(db_alias).update_or_create( name="default-match-policy-exception", defaults={"action": EventAction.POLICY_EXCEPTION}, @@ -72,7 +87,7 @@ def notify_exception(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): defaults={"action": EventAction.PROPERTY_MAPPING_EXCEPTION}, ) trigger, _ = NotificationTrigger.objects.using(db_alias).update_or_create( - name="default-notify-exception", + name="default-notify-exception", defaults={"trigger": admin_group} ) PolicyBinding.objects.using(db_alias).update_or_create( target=trigger, @@ -97,6 +112,7 @@ class Migration(migrations.Migration): "authentik_events", "0010_notification_notificationtransport_notificationtrigger", ), + ("authentik_core", "0016_auto_20201202_2234"), ("authentik_policies_event_matcher", "0003_auto_20210110_1907"), ("authentik_policies", "0004_policy_execution_logging"), ] diff --git a/authentik/events/signals.py b/authentik/events/signals.py index a4478239c..d2ef3b6cf 100644 --- a/authentik/events/signals.py +++ b/authentik/events/signals.py @@ -1,6 +1,4 @@ """authentik events signal listener""" -from authentik.flows.planner import FlowPlan, PLAN_CONTEXT_SOURCE -from authentik.flows.views import SESSION_KEY_PLAN from threading import Thread from typing import Any, Dict, Optional @@ -17,6 +15,8 @@ from authentik.core.models import User from authentik.core.signals import password_changed from authentik.events.models import Event, EventAction from authentik.events.tasks import event_notification_handler +from authentik.flows.planner import PLAN_CONTEXT_SOURCE, FlowPlan +from authentik.flows.views import SESSION_KEY_PLAN from authentik.stages.invitation.models import Invitation from authentik.stages.invitation.signals import invitation_used from authentik.stages.user_write.signals import user_write