stages/consent: fix permimssions for consent API (allow owner to delete)
This commit is contained in:
parent
327df6529b
commit
f909b86338
|
@ -5,6 +5,7 @@ from rest_framework import mixins
|
|||
from rest_framework.filters import OrderingFilter, SearchFilter
|
||||
from rest_framework.viewsets import GenericViewSet, ModelViewSet
|
||||
|
||||
from authentik.api.authorization import OwnerFilter, OwnerSuperuserPermissions
|
||||
from authentik.core.api.applications import ApplicationSerializer
|
||||
from authentik.core.api.used_by import UsedByMixin
|
||||
from authentik.core.api.users import UserSerializer
|
||||
|
@ -56,12 +57,9 @@ class UserConsentViewSet(
|
|||
serializer_class = UserConsentSerializer
|
||||
filterset_fields = ["user", "application"]
|
||||
ordering = ["application", "expires"]
|
||||
filter_backends = [
|
||||
DjangoFilterBackend,
|
||||
OrderingFilter,
|
||||
SearchFilter,
|
||||
]
|
||||
search_fields = ["user__username"]
|
||||
permission_classes = [OwnerSuperuserPermissions]
|
||||
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
|
||||
|
||||
def get_queryset(self):
|
||||
user = self.request.user if self.request else get_anonymous_user()
|
||||
|
|
Reference in a new issue