From df92111296f8f65d1a7bf40b1cbb436f5d68895d Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 4 Jul 2021 19:13:59 +0200
Subject: [PATCH] outposts: update outpost permissions on m2m change

closes #1105

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/outposts/signals.py    | 10 +++++++++-
 tests/e2e/test_provider_ldap.py  |  4 ++++
 website/docs/releases/v2021.6.md |  1 +
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/authentik/outposts/signals.py b/authentik/outposts/signals.py
index 85667cf37..9a712613e 100644
--- a/authentik/outposts/signals.py
+++ b/authentik/outposts/signals.py
@@ -1,7 +1,7 @@
 """authentik outpost signals"""
 from django.core.cache import cache
 from django.db.models import Model
-from django.db.models.signals import post_save, pre_delete, pre_save
+from django.db.models.signals import m2m_changed, post_save, pre_delete, pre_save
 from django.dispatch import receiver
 from structlog.stdlib import get_logger
 
@@ -46,6 +46,14 @@ def pre_save_outpost(sender, instance: Outpost, **_):
         outpost_controller.delay(instance.pk.hex, action="down", from_cache=True)
 
 
+@receiver(m2m_changed, sender=Outpost.providers.through)
+# pylint: disable=unused-argument
+def m2m_changed_update(sender, instance: Model, action: str, **_):
+    """Update outpost on m2m change, when providers are added or removed"""
+    if action in ["post_add", "post_remove", "post_clear"]:
+        outpost_post_save.delay(class_to_path(instance.__class__), instance.pk)
+
+
 @receiver(post_save)
 # pylint: disable=unused-argument
 def post_save_update(sender, instance: Model, **_):
diff --git a/tests/e2e/test_provider_ldap.py b/tests/e2e/test_provider_ldap.py
index 8e95ad13e..fd0b3d056 100644
--- a/tests/e2e/test_provider_ldap.py
+++ b/tests/e2e/test_provider_ldap.py
@@ -195,6 +195,8 @@ class TestProviderLDAP(SeleniumTestCase):
                             "goauthentik.io/ldap/user",
                         ],
                         "memberOf": [],
+                        "accountStatus": ["true"],
+                        "superuser": ["false"],
                         "goauthentik.io/ldap/active": ["true"],
                         "goauthentik.io/ldap/superuser": ["false"],
                         "goauthentik.io/user/override-ips": ["true"],
@@ -218,6 +220,8 @@ class TestProviderLDAP(SeleniumTestCase):
                         "memberOf": [
                             "cn=authentik Admins,ou=groups,dc=ldap,dc=goauthentik,dc=io"
                         ],
+                        "accountStatus": ["true"],
+                        "superuser": ["true"],
                         "goauthentik.io/ldap/active": ["true"],
                         "goauthentik.io/ldap/superuser": ["true"],
                         "extraAttribute": ["bar"],
diff --git a/website/docs/releases/v2021.6.md b/website/docs/releases/v2021.6.md
index 2c6e92e36..dab310e0f 100644
--- a/website/docs/releases/v2021.6.md
+++ b/website/docs/releases/v2021.6.md
@@ -149,6 +149,7 @@ slug: "2021.6"
 - outposts: fix docker controller not checking env correctly
 - outposts: fix docker controller not checking ports correctly
 - outposts: fix empty message when docker outpost controller has changed nothing
+- outposts: fix permissions not being set correctly upon outpost creation
 - outposts/ldap: add support for boolean fields in ldap
 - outposts/proxy: always redirect to session-end interface on sign_out
 - providers/oauth2: add revoked field, create suspicious event when previous token is used