api: cleanup args for @permission_required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-03-29 17:33:55 +02:00
parent a445b03523
commit b3d54b7620
3 changed files with 9 additions and 6 deletions

View file

@ -7,7 +7,9 @@ from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet
def permission_required(perm: Optional[str] = None, *other_perms: str):
def permission_required(
perm: Optional[str] = None, other_perms: Optional[list[str]] = None
):
"""Check permissions for a single custom action"""
def wrapper_outter(func: Callable):
@ -19,9 +21,10 @@ def permission_required(perm: Optional[str] = None, *other_perms: str):
obj = self.get_object()
if not request.user.has_perm(perm, obj):
return self.permission_denied(request)
for other_perm in other_perms:
if not request.user.has_perm(other_perm):
return self.permission_denied(request)
if other_perms:
for other_perm in other_perms:
if not request.user.has_perm(other_perm):
return self.permission_denied(request)
return func(self, request, *args, **kwargs)
return wrapper

View file

@ -131,7 +131,7 @@ class UserViewSet(ModelViewSet):
serializer.is_valid()
return Response(serializer.data)
@permission_required("authentik_core.view_user", "authentik_events.view_event")
@permission_required("authentik_core.view_user", ["authentik_events.view_event"])
@swagger_auto_schema(responses={200: UserMetricsSerializer(many=False)})
@action(detail=False)
def metrics(self, request: Request) -> Response:

View file

@ -113,7 +113,7 @@ class CertificateKeyPairViewSet(ModelViewSet):
queryset = CertificateKeyPair.objects.all()
serializer_class = CertificateKeyPairSerializer
@permission_required(None, "authentik_crypto.add_certificatekeypair")
@permission_required(None, ["authentik_crypto.add_certificatekeypair"])
@swagger_auto_schema(
request_body=CertificateGenerationSerializer(),
responses={200: CertificateKeyPairSerializer},