stages/consent: fix permimssions for consent API (allow owner to delete)

This commit is contained in:
Jens Langhammer 2022-07-19 16:41:34 +00:00
parent 327df6529b
commit f909b86338
1 changed files with 3 additions and 5 deletions

View File

@ -5,6 +5,7 @@ from rest_framework import mixins
from rest_framework.filters import OrderingFilter, SearchFilter from rest_framework.filters import OrderingFilter, SearchFilter
from rest_framework.viewsets import GenericViewSet, ModelViewSet from rest_framework.viewsets import GenericViewSet, ModelViewSet
from authentik.api.authorization import OwnerFilter, OwnerSuperuserPermissions
from authentik.core.api.applications import ApplicationSerializer from authentik.core.api.applications import ApplicationSerializer
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.users import UserSerializer from authentik.core.api.users import UserSerializer
@ -56,12 +57,9 @@ class UserConsentViewSet(
serializer_class = UserConsentSerializer serializer_class = UserConsentSerializer
filterset_fields = ["user", "application"] filterset_fields = ["user", "application"]
ordering = ["application", "expires"] ordering = ["application", "expires"]
filter_backends = [
DjangoFilterBackend,
OrderingFilter,
SearchFilter,
]
search_fields = ["user__username"] search_fields = ["user__username"]
permission_classes = [OwnerSuperuserPermissions]
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
def get_queryset(self): def get_queryset(self):
user = self.request.user if self.request else get_anonymous_user() user = self.request.user if self.request else get_anonymous_user()