From c1f302fb7c297fb6d016584b1b34e88098d69ea8 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 5 Oct 2021 12:31:25 +0200
Subject: [PATCH] core: only return group names for user_self

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/core/api/users.py | 7 ++++++-
 schema.yml                  | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py
index 013d82685..e299c9ca4 100644
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@@ -101,9 +101,14 @@ class UserSelfSerializer(ModelSerializer):
 
     is_superuser = BooleanField(read_only=True)
     avatar = CharField(read_only=True)
-    groups = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups")
+    groups = SerializerMethodField()
     uid = CharField(read_only=True)
 
+    def get_groups(self, user: User) -> list[str]:
+        """Return only the group names a user is member of"""
+        for group in user.ak_groups.all():
+            yield group.name
+
     class Meta:
 
         model = User
diff --git a/schema.yml b/schema.yml
index 371eae18e..96e80f3b7 100644
--- a/schema.yml
+++ b/schema.yml
@@ -29209,7 +29209,7 @@ components:
         groups:
           type: array
           items:
-            $ref: '#/components/schemas/Group'
+            type: string
           readOnly: true
         email:
           type: string