core: deepmerge user.group_attributes, use group_attributes for user settings
closes #1051 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
9cb7e6c606
commit
ede072889e
1
Pipfile
1
Pipfile
|
@ -46,6 +46,7 @@ webauthn = "*"
|
||||||
xmlsec = "*"
|
xmlsec = "*"
|
||||||
duo-client = "*"
|
duo-client = "*"
|
||||||
ua-parser = "*"
|
ua-parser = "*"
|
||||||
|
deepmerge = "*"
|
||||||
|
|
||||||
[requires]
|
[requires]
|
||||||
python_version = "3.9"
|
python_version = "3.9"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"_meta": {
|
"_meta": {
|
||||||
"hash": {
|
"hash": {
|
||||||
"sha256": "4fa1ad681762c867a95410074f31ac5d00119e187e0f38982cd59fdf301cccf5"
|
"sha256": "f90d9fb4713eaf9c5ffe6a3858e64843670f79ab5007e7debf914c1f094c8d63"
|
||||||
},
|
},
|
||||||
"pipfile-spec": 6,
|
"pipfile-spec": 6,
|
||||||
"requires": {
|
"requires": {
|
||||||
|
@ -324,6 +324,14 @@
|
||||||
"markers": "python_version >= '3.6'",
|
"markers": "python_version >= '3.6'",
|
||||||
"version": "==3.0.2"
|
"version": "==3.0.2"
|
||||||
},
|
},
|
||||||
|
"deepmerge": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:87166dbe9ba1a3348a45c9d4ada6778f518d41afc0b85aa017ea3041facc3f9c",
|
||||||
|
"sha256:f6fd7f1293c535fb599e197e750dbe8674503c5d2a89759b3c72a3c46746d4fd"
|
||||||
|
],
|
||||||
|
"index": "pypi",
|
||||||
|
"version": "==0.3.0"
|
||||||
|
},
|
||||||
"defusedxml": {
|
"defusedxml": {
|
||||||
"hashes": [
|
"hashes": [
|
||||||
"sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69",
|
"sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69",
|
||||||
|
@ -1557,7 +1565,7 @@
|
||||||
"sha256:0a943902919f65c5684ac4e0154b1ad4fac6dcaa5d9f3426b732f1c8b5419be6",
|
"sha256:0a943902919f65c5684ac4e0154b1ad4fac6dcaa5d9f3426b732f1c8b5419be6",
|
||||||
"sha256:2bb1680aad211e3c9944dbce1d4ba09a989f04e238296c87fe2139faa26d655d"
|
"sha256:2bb1680aad211e3c9944dbce1d4ba09a989f04e238296c87fe2139faa26d655d"
|
||||||
],
|
],
|
||||||
"markers": "python_version >= '3.6' and python_version < '4'",
|
"markers": "python_version >= '3.6' and python_version < '4.0'",
|
||||||
"version": "==5.8.0"
|
"version": "==5.8.0"
|
||||||
},
|
},
|
||||||
"lazy-object-proxy": {
|
"lazy-object-proxy": {
|
||||||
|
|
|
@ -6,6 +6,7 @@ from urllib.parse import urlencode
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
|
|
||||||
import django.db.models.options as options
|
import django.db.models.options as options
|
||||||
|
from deepmerge import always_merger
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth.models import AbstractUser
|
from django.contrib.auth.models import AbstractUser
|
||||||
from django.contrib.auth.models import UserManager as DjangoUserManager
|
from django.contrib.auth.models import UserManager as DjangoUserManager
|
||||||
|
@ -114,8 +115,8 @@ class User(GuardianUserMixin, AbstractUser):
|
||||||
including the users attributes"""
|
including the users attributes"""
|
||||||
final_attributes = {}
|
final_attributes = {}
|
||||||
for group in self.ak_groups.all().order_by("name"):
|
for group in self.ak_groups.all().order_by("name"):
|
||||||
final_attributes.update(group.attributes)
|
always_merger.merge(final_attributes, group.attributes)
|
||||||
final_attributes.update(self.attributes)
|
always_merger.merge(final_attributes, self.attributes)
|
||||||
return final_attributes
|
return final_attributes
|
||||||
|
|
||||||
@cached_property
|
@cached_property
|
||||||
|
|
|
@ -365,8 +365,11 @@ class FlowErrorResponse(TemplateResponse):
|
||||||
context = {}
|
context = {}
|
||||||
context["error"] = self.error
|
context["error"] = self.error
|
||||||
if self._request.user and self._request.user.is_authenticated:
|
if self._request.user and self._request.user.is_authenticated:
|
||||||
if self._request.user.is_superuser or self._request.user.attributes.get(
|
if (
|
||||||
USER_ATTRIBUTE_DEBUG, False
|
self._request.user.is_superuser
|
||||||
|
or self._request.user.group_attributes().get(
|
||||||
|
USER_ATTRIBUTE_DEBUG, False
|
||||||
|
)
|
||||||
):
|
):
|
||||||
context["tb"] = "".join(format_tb(self.error.__traceback__))
|
context["tb"] = "".join(format_tb(self.error.__traceback__))
|
||||||
return context
|
return context
|
||||||
|
|
|
@ -33,7 +33,7 @@ def _get_outpost_override_ip(request: HttpRequest) -> Optional[str]:
|
||||||
return None
|
return None
|
||||||
if OUTPOST_REMOTE_IP_HEADER not in request.META:
|
if OUTPOST_REMOTE_IP_HEADER not in request.META:
|
||||||
return None
|
return None
|
||||||
if request.user.attributes.get(USER_ATTRIBUTE_CAN_OVERRIDE_IP, False):
|
if request.user.group_attributes().get(USER_ATTRIBUTE_CAN_OVERRIDE_IP, False):
|
||||||
return None
|
return None
|
||||||
return request.META[OUTPOST_REMOTE_IP_HEADER]
|
return request.META[OUTPOST_REMOTE_IP_HEADER]
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,9 @@ class AccessDeniedResponse(TemplateResponse):
|
||||||
if self._request.user and self._request.user.is_authenticated:
|
if self._request.user and self._request.user.is_authenticated:
|
||||||
if (
|
if (
|
||||||
self._request.user.is_superuser
|
self._request.user.is_superuser
|
||||||
or self._request.user.attributes.get(USER_ATTRIBUTE_DEBUG, False)
|
or self._request.user.group_attributes().get(
|
||||||
|
USER_ATTRIBUTE_DEBUG, False
|
||||||
|
)
|
||||||
):
|
):
|
||||||
context["policy_result"] = self.policy_result
|
context["policy_result"] = self.policy_result
|
||||||
return context
|
return context
|
||||||
|
|
|
@ -4,7 +4,7 @@ title: Troubleshooting access problems
|
||||||
|
|
||||||
### I get an access denied error when trying to access an application.
|
### I get an access denied error when trying to access an application.
|
||||||
|
|
||||||
If your user is a superuser, or has the attribute `goauthentik.io/user/debug` set to true:
|
If your user is a superuser, or has the attribute `goauthentik.io/user/debug` set to true (can also be set on a group level):
|
||||||
|
|
||||||
![](./authentik_user_debug.png)
|
![](./authentik_user_debug.png)
|
||||||
|
|
||||||
|
|
Reference in New Issue