From 48c0c0bacae6fb26c18ed4433b54c101c694bbd4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 27 Apr 2021 14:53:01 +0200 Subject: [PATCH] */api: simplify lookups for per-user Signed-off-by: Jens Langhammer --- authentik/events/api/notification.py | 6 +++--- authentik/providers/oauth2/api/tokens.py | 15 +++++++-------- authentik/sources/oauth/api/source_connection.py | 8 ++++---- authentik/stages/authenticator_static/api.py | 6 +++--- authentik/stages/authenticator_totp/api.py | 6 +++--- authentik/stages/authenticator_webauthn/api.py | 6 +++--- authentik/stages/consent/api.py | 8 ++++---- 7 files changed, 27 insertions(+), 28 deletions(-) diff --git a/authentik/events/api/notification.py b/authentik/events/api/notification.py index 9908533ca..70066ae0e 100644 --- a/authentik/events/api/notification.py +++ b/authentik/events/api/notification.py @@ -1,4 +1,5 @@ """Notification API Views""" +from guardian.utils import get_anonymous_user from rest_framework import mixins from rest_framework.fields import ReadOnlyField from rest_framework.serializers import ModelSerializer @@ -48,6 +49,5 @@ class NotificationViewSet( ] def get_queryset(self): - if not self.request: - return super().get_queryset() - return Notification.objects.filter(user=self.request.user) + user = self.request.user if self.request else get_anonymous_user() + return Notification.objects.filter(user=user) diff --git a/authentik/providers/oauth2/api/tokens.py b/authentik/providers/oauth2/api/tokens.py index f8ec0d79a..f7e2ea3f2 100644 --- a/authentik/providers/oauth2/api/tokens.py +++ b/authentik/providers/oauth2/api/tokens.py @@ -1,4 +1,5 @@ """OAuth2Provider API Views""" +from guardian.utils import get_anonymous_user from rest_framework import mixins from rest_framework.fields import CharField, ListField from rest_framework.serializers import ModelSerializer @@ -38,11 +39,10 @@ class AuthorizationCodeViewSet( ordering = ["provider", "expires"] def get_queryset(self): - if not self.request: + user = self.request.user if self.request else get_anonymous_user() + if user.is_superuser: return super().get_queryset() - if self.request.user.is_superuser: - return super().get_queryset() - return super().get_queryset().filter(user=self.request.user) + return super().get_queryset().filter(user=user) class RefreshTokenViewSet( @@ -59,8 +59,7 @@ class RefreshTokenViewSet( ordering = ["provider", "expires"] def get_queryset(self): - if not self.request: + user = self.request.user if self.request else get_anonymous_user() + if user.is_superuser: return super().get_queryset() - if self.request.user.is_superuser: - return super().get_queryset() - return super().get_queryset().filter(user=self.request.user) + return super().get_queryset().filter(user=user) diff --git a/authentik/sources/oauth/api/source_connection.py b/authentik/sources/oauth/api/source_connection.py index 67d34db3b..763608150 100644 --- a/authentik/sources/oauth/api/source_connection.py +++ b/authentik/sources/oauth/api/source_connection.py @@ -1,4 +1,5 @@ """OAuth Source Serializer""" +from guardian.utils import get_anonymous_user from rest_framework.viewsets import ModelViewSet from authentik.core.api.sources import SourceSerializer @@ -26,8 +27,7 @@ class UserOAuthSourceConnectionViewSet(ModelViewSet): filterset_fields = ["source__slug"] def get_queryset(self): - if not self.request: + user = self.request.user if self.request else get_anonymous_user() + if user.is_superuser: return super().get_queryset() - if self.request.user.is_superuser: - return super().get_queryset() - return super().get_queryset().filter(user=self.request.user) + return super().get_queryset().filter(user=user) diff --git a/authentik/stages/authenticator_static/api.py b/authentik/stages/authenticator_static/api.py index 9a27d31e5..a7eeaee88 100644 --- a/authentik/stages/authenticator_static/api.py +++ b/authentik/stages/authenticator_static/api.py @@ -1,5 +1,6 @@ """AuthenticatorStaticStage API Views""" from django_otp.plugins.otp_static.models import StaticDevice +from guardian.utils import get_anonymous_user from rest_framework.permissions import IsAdminUser from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet @@ -44,9 +45,8 @@ class StaticDeviceViewSet(ModelViewSet): ordering = ["name"] def get_queryset(self): - if not self.request: - return super().get_queryset() - return StaticDevice.objects.filter(user=self.request.user) + user = self.request.user if self.request else get_anonymous_user() + return StaticDevice.objects.filter(user=user) class StaticAdminDeviceViewSet(ReadOnlyModelViewSet): diff --git a/authentik/stages/authenticator_totp/api.py b/authentik/stages/authenticator_totp/api.py index 12e748e90..f6aa67e57 100644 --- a/authentik/stages/authenticator_totp/api.py +++ b/authentik/stages/authenticator_totp/api.py @@ -1,5 +1,6 @@ """AuthenticatorTOTPStage API Views""" from django_otp.plugins.otp_totp.models import TOTPDevice +from guardian.utils import get_anonymous_user from rest_framework.permissions import IsAdminUser from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet @@ -47,9 +48,8 @@ class TOTPDeviceViewSet(ModelViewSet): ordering = ["name"] def get_queryset(self): - if not self.request: - return super().get_queryset() - return TOTPDevice.objects.filter(user=self.request.user) + user = self.request.user if self.request else get_anonymous_user() + return TOTPDevice.objects.filter(user=user) class TOTPAdminDeviceViewSet(ReadOnlyModelViewSet): diff --git a/authentik/stages/authenticator_webauthn/api.py b/authentik/stages/authenticator_webauthn/api.py index 3830fed6c..2ea373efe 100644 --- a/authentik/stages/authenticator_webauthn/api.py +++ b/authentik/stages/authenticator_webauthn/api.py @@ -1,4 +1,5 @@ """AuthenticateWebAuthnStage API Views""" +from guardian.utils import get_anonymous_user from rest_framework.permissions import IsAdminUser from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet @@ -46,9 +47,8 @@ class WebAuthnDeviceViewSet(ModelViewSet): ordering = ["name"] def get_queryset(self): - if not self.request: - return super().get_queryset() - return WebAuthnDevice.objects.filter(user=self.request.user) + user = self.request.user if self.request else get_anonymous_user() + return WebAuthnDevice.objects.filter(user=user) class WebAuthnAdminDeviceViewSet(ReadOnlyModelViewSet): diff --git a/authentik/stages/consent/api.py b/authentik/stages/consent/api.py index 7a66efa3e..ffe600f3b 100644 --- a/authentik/stages/consent/api.py +++ b/authentik/stages/consent/api.py @@ -1,4 +1,5 @@ """ConsentStage API Views""" +from guardian.utils import get_anonymous_user from rest_framework import mixins from rest_framework.viewsets import GenericViewSet, ModelViewSet @@ -50,8 +51,7 @@ class UserConsentViewSet( ordering = ["application", "expires"] def get_queryset(self): - if not self.request: + user = self.request.user if self.request else get_anonymous_user() + if user.is_superuser: return super().get_queryset() - if self.request.user.is_superuser: - return super().get_queryset() - return super().get_queryset().filter(user=self.request.user) + return super().get_queryset().filter(user=user)