From d4fd6153c83cafebff2efdf4a1f8e34cbfb34eca Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 14 May 2022 21:36:00 +0200 Subject: [PATCH] api: fix OwnerFilter filtering out objects for superusers Signed-off-by: Jens Langhammer --- authentik/api/authorization.py | 2 ++ authentik/core/api/sources.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/authentik/api/authorization.py b/authentik/api/authorization.py index 059eeeaf6..1ff4da61b 100644 --- a/authentik/api/authorization.py +++ b/authentik/api/authorization.py @@ -12,6 +12,8 @@ class OwnerFilter(BaseFilterBackend): owner_key = "user" def filter_queryset(self, request: Request, queryset: QuerySet, view) -> QuerySet: + if request.user.is_superuser: + return queryset return queryset.filter(**{self.owner_key: request.user}) diff --git a/authentik/core/api/sources.py b/authentik/core/api/sources.py index 63c028bce..97d47cd85 100644 --- a/authentik/core/api/sources.py +++ b/authentik/core/api/sources.py @@ -12,7 +12,7 @@ from rest_framework.serializers import ModelSerializer, SerializerMethodField from rest_framework.viewsets import GenericViewSet from structlog.stdlib import get_logger -from authentik.api.authorization import OwnerFilter, OwnerPermissions +from authentik.api.authorization import OwnerFilter, OwnerSuperuserPermissions from authentik.core.api.used_by import UsedByMixin from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer from authentik.core.models import Source, UserSourceConnection @@ -150,6 +150,6 @@ class UserSourceConnectionViewSet( queryset = UserSourceConnection.objects.all() serializer_class = UserSourceConnectionSerializer - permission_classes = [OwnerPermissions] + permission_classes = [OwnerSuperuserPermissions] filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] ordering = ["pk"]