diff --git a/authentik/core/api/tokens.py b/authentik/core/api/tokens.py index 10d94b509..3a2bb4911 100644 --- a/authentik/core/api/tokens.py +++ b/authentik/core/api/tokens.py @@ -8,6 +8,7 @@ from rest_framework.response import Response from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet +from authentik.api.decorators import permission_required from authentik.core.api.users import UserSerializer from authentik.core.api.utils import PassiveSerializer from authentik.core.models import Token @@ -60,6 +61,7 @@ class TokenViewSet(ModelViewSet): ] ordering = ["expires"] + @permission_required("authentik_core.view_token_key") @swagger_auto_schema(responses={200: TokenViewSerializer(many=False)}) @action(detail=True) # pylint: disable=unused-argument diff --git a/authentik/core/migrations/0018_auto_20210330_1345.py b/authentik/core/migrations/0018_auto_20210330_1345.py new file mode 100644 index 000000000..6d2756f24 --- /dev/null +++ b/authentik/core/migrations/0018_auto_20210330_1345.py @@ -0,0 +1,21 @@ +# Generated by Django 3.1.7 on 2021-03-30 13:45 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0017_managed"), + ] + + operations = [ + migrations.AlterModelOptions( + name="token", + options={ + "permissions": (("view_token_key", "View token's key"),), + "verbose_name": "Token", + "verbose_name_plural": "Tokens", + }, + ), + ] diff --git a/authentik/core/models.py b/authentik/core/models.py index 1393c7bd4..838598898 100644 --- a/authentik/core/models.py +++ b/authentik/core/models.py @@ -369,6 +369,7 @@ class Token(ManagedModel, ExpiringModel): models.Index(fields=["identifier"]), models.Index(fields=["key"]), ] + permissions = (("view_token_key", "View token's key"),) class PropertyMapping(SerializerModel, ManagedModel):