api: cleanup args for @permission_required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-03-29 17:33:55 +02:00
parent a445b03523
commit b3d54b7620
3 changed files with 9 additions and 6 deletions

View file

@ -7,7 +7,9 @@ from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
def permission_required(perm: Optional[str] = None, *other_perms: str): def permission_required(
perm: Optional[str] = None, other_perms: Optional[list[str]] = None
):
"""Check permissions for a single custom action""" """Check permissions for a single custom action"""
def wrapper_outter(func: Callable): def wrapper_outter(func: Callable):
@ -19,6 +21,7 @@ def permission_required(perm: Optional[str] = None, *other_perms: str):
obj = self.get_object() obj = self.get_object()
if not request.user.has_perm(perm, obj): if not request.user.has_perm(perm, obj):
return self.permission_denied(request) return self.permission_denied(request)
if other_perms:
for other_perm in other_perms: for other_perm in other_perms:
if not request.user.has_perm(other_perm): if not request.user.has_perm(other_perm):
return self.permission_denied(request) return self.permission_denied(request)

View file

@ -131,7 +131,7 @@ class UserViewSet(ModelViewSet):
serializer.is_valid() serializer.is_valid()
return Response(serializer.data) return Response(serializer.data)
@permission_required("authentik_core.view_user", "authentik_events.view_event") @permission_required("authentik_core.view_user", ["authentik_events.view_event"])
@swagger_auto_schema(responses={200: UserMetricsSerializer(many=False)}) @swagger_auto_schema(responses={200: UserMetricsSerializer(many=False)})
@action(detail=False) @action(detail=False)
def metrics(self, request: Request) -> Response: def metrics(self, request: Request) -> Response:

View file

@ -113,7 +113,7 @@ class CertificateKeyPairViewSet(ModelViewSet):
queryset = CertificateKeyPair.objects.all() queryset = CertificateKeyPair.objects.all()
serializer_class = CertificateKeyPairSerializer serializer_class = CertificateKeyPairSerializer
@permission_required(None, "authentik_crypto.add_certificatekeypair") @permission_required(None, ["authentik_crypto.add_certificatekeypair"])
@swagger_auto_schema( @swagger_auto_schema(
request_body=CertificateGenerationSerializer(), request_body=CertificateGenerationSerializer(),
responses={200: CertificateKeyPairSerializer}, responses={200: CertificateKeyPairSerializer},