core: revert check_access API to get to prevent CSRF errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-13 21:47:49 +02:00
parent c9dda17c68
commit cabbd18880
2 changed files with 14 additions and 22 deletions

View file

@ -107,15 +107,19 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
return applications
@extend_schema(
request=inline_serializer(
"CheckAccessRequest", fields={"for_user": IntegerField(required=False)}
),
parameters=[
OpenApiParameter(
name="for_user",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.INT,
)
],
responses={
200: PolicyTestResultSerializer(),
404: OpenApiResponse(description="for_user user not found"),
},
)
@action(detail=True, methods=["POST"])
@action(detail=True, methods=["GET"])
# pylint: disable=unused-argument
def check_access(self, request: Request, slug: str) -> Response:
"""Check access to a single application by slug"""

View file

@ -1504,10 +1504,14 @@ paths:
'403':
$ref: '#/components/schemas/GenericError'
/api/v2beta/core/applications/{slug}/check_access/:
post:
operationId: core_applications_check_access_create
get:
operationId: core_applications_check_access_retrieve
description: Check access to a single application by slug
parameters:
- in: query
name: for_user
schema:
type: integer
- in: path
name: slug
schema:
@ -1516,17 +1520,6 @@ paths:
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CheckAccessRequestRequest'
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/CheckAccessRequestRequest'
multipart/form-data:
schema:
$ref: '#/components/schemas/CheckAccessRequestRequest'
security:
- authentik: []
- cookieAuth: []
@ -18415,11 +18408,6 @@ components:
- shell
- redirect
type: string
CheckAccessRequestRequest:
type: object
properties:
for_user:
type: integer
ClientTypeEnum:
enum:
- confidential