authentik/passbook/core/api/applications.py

"""Application API Views"""
from django.db.models import QuerySet
from rest_framework.decorators import action
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet
from rest_framework_guardian.filters import ObjectPermissionsFilter

from passbook.admin.api.overview_metrics import get_events_per_1h
from passbook.audit.models import EventAction
from passbook.core.models import Application
from passbook.policies.engine import PolicyEngine


class ApplicationSerializer(ModelSerializer):
    """Application Serializer"""

    class Meta:

        model = Application
        fields = [
            "pk",
            "name",
            "slug",
            "provider",
            "meta_launch_url",
            "meta_icon",
            "meta_description",
            "meta_publisher",
            "policies",
        ]


class ApplicationViewSet(ModelViewSet):
    """Application Viewset"""

    queryset = Application.objects.all()
    serializer_class = ApplicationSerializer
    lookup_field = "slug"

    def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet:
        """Custom filter_queryset method which ignores guardian, but still supports sorting"""
        for backend in list(self.filter_backends):
            if backend == ObjectPermissionsFilter:
                continue
            queryset = backend().filter_queryset(self.request, queryset, self)
        return queryset

    def list(self, request: Request, *args, **kwargs) -> Response:
        """Custom list method that checks Policy based access instead of guardian"""
        if request.user.is_superuser:
            # pylint: disable=no-member
            return super().list(request, *args, **kwargs)
        queryset = self._filter_queryset_for_list(self.get_queryset())
        self.paginate_queryset(queryset)
        allowed_applications = []
        for application in queryset.order_by("name"):
            engine = PolicyEngine(application, self.request.user, self.request)
            engine.build()
            if engine.passing:
                allowed_applications.append(application)
        serializer = self.get_serializer(allowed_applications, many=True)
        return self.get_paginated_response(serializer.data)

    @action(detail=True)
    def metrics(self, request: Request, slug: str):
        """Metrics for application logins"""
        # TODO: Check app read and audit read perms
        app = Application.objects.get(slug=slug)
        return Response(
            get_events_per_1h(
                action=EventAction.AUTHORIZE_APPLICATION,
                context__authorized_application__pk=app.pk.hex,
            )
        )
fix lint 2019-10-28 13:44:46 +00:00			`"""Application API Views"""`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`from django.db.models import QuerySet`
root: add more API methods 2020-11-27 17:37:45 +00:00			`from rest_framework.decorators import action`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`from rest_framework.request import Request`
			`from rest_framework.response import Response`
core(major): add api for most simple objects 2019-10-28 13:27:43 +00:00			`from rest_framework.serializers import ModelSerializer`
			`from rest_framework.viewsets import ModelViewSet`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`from rest_framework_guardian.filters import ObjectPermissionsFilter`
core(major): add api for most simple objects 2019-10-28 13:27:43 +00:00
root: add more API methods 2020-11-27 17:37:45 +00:00			`from passbook.admin.api.overview_metrics import get_events_per_1h`
			`from passbook.audit.models import EventAction`
core(major): add api for most simple objects 2019-10-28 13:27:43 +00:00			`from passbook.core.models import Application`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`from passbook.policies.engine import PolicyEngine`
core(major): add api for most simple objects 2019-10-28 13:27:43 +00:00

			`class ApplicationSerializer(ModelSerializer):`
fix lint 2019-10-28 13:44:46 +00:00			`"""Application Serializer"""`
core(major): add api for most simple objects 2019-10-28 13:27:43 +00:00
			`class Meta:`

			`model = Application`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`fields = [`
			`"pk",`
			`"name",`
			`"slug",`
			`"provider",`
core: add more fields for metadata of applications 2020-02-20 12:45:22 +00:00			`"meta_launch_url",`
Application Icon upload (#341) * core: add initial implementation for File Upload * root: add volumes to docker-compose for file upload * helm: add pvc for uploads * core: allow meta_icon to be overwritten with static files 2020-11-23 19:50:19 +00:00			`"meta_icon",`
core: add more fields for metadata of applications 2020-02-20 12:45:22 +00:00			`"meta_description",`
			`"meta_publisher",`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"policies",`
			`]`
core(major): add api for most simple objects 2019-10-28 13:27:43 +00:00

			`class ApplicationViewSet(ModelViewSet):`
fix lint 2019-10-28 13:44:46 +00:00			`"""Application Viewset"""`
core(major): add api for most simple objects 2019-10-28 13:27:43 +00:00
			`queryset = Application.objects.all()`
			`serializer_class = ApplicationSerializer`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`lookup_field = "slug"`

			`def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet:`
			`"""Custom filter_queryset method which ignores guardian, but still supports sorting"""`
			`for backend in list(self.filter_backends):`
			`if backend == ObjectPermissionsFilter:`
			`continue`
			`queryset = backend().filter_queryset(self.request, queryset, self)`
			`return queryset`

core: fix applications API not being same format as other APIs 2020-11-26 11:51:52 +00:00			`def list(self, request: Request, args, *kwargs) -> Response:`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`"""Custom list method that checks Policy based access instead of guardian"""`
core: fix applications API not being same format as other APIs 2020-11-26 11:51:52 +00:00			`if request.user.is_superuser:`
			`# pylint: disable=no-member`
			`return super().list(request, args, *kwargs)`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`queryset = self._filter_queryset_for_list(self.get_queryset())`
core: fix applications API not being same format as other APIs 2020-11-26 11:51:52 +00:00			`self.paginate_queryset(queryset)`
core: update application list API to show applications accessible by policy 2020-10-07 17:57:45 +00:00			`allowed_applications = []`
			`for application in queryset.order_by("name"):`
			`engine = PolicyEngine(application, self.request.user, self.request)`
			`engine.build()`
			`if engine.passing:`
			`allowed_applications.append(application)`
			`serializer = self.get_serializer(allowed_applications, many=True)`
core: fix applications API not being same format as other APIs 2020-11-26 11:51:52 +00:00			`return self.get_paginated_response(serializer.data)`
root: add more API methods 2020-11-27 17:37:45 +00:00
			`@action(detail=True)`
			`def metrics(self, request: Request, slug: str):`
root: fix formatting, update swagger 2020-11-27 17:42:22 +00:00			`"""Metrics for application logins"""`
root: add more API methods 2020-11-27 17:37:45 +00:00			`# TODO: Check app read and audit read perms`
			`app = Application.objects.get(slug=slug)`
			`return Response(`
			`get_events_per_1h(`
			`action=EventAction.AUTHORIZE_APPLICATION,`
			`context__authorized_application__pk=app.pk.hex,`
			`)`
			`)`