core: add new permissions for tokens to view key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/core/api/tokens.py

@@ -8,6 +8,7 @@ from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer
 from rest_framework.viewsets import ModelViewSet
 
+from authentik.api.decorators import permission_required
 from authentik.core.api.users import UserSerializer
 from authentik.core.api.utils import PassiveSerializer
 from authentik.core.models import Token
@@ -60,6 +61,7 @@ class TokenViewSet(ModelViewSet):
     ]
     ordering = ["expires"]
 
+    @permission_required("authentik_core.view_token_key")
     @swagger_auto_schema(responses={200: TokenViewSerializer(many=False)})
     @action(detail=True)
     # pylint: disable=unused-argument

authentik/core/migrations/0018_auto_20210330_1345.py

@@ -0,0 +1,21 @@
+# Generated by Django 3.1.7 on 2021-03-30 13:45
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_core", "0017_managed"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="token",
+            options={
+                "permissions": (("view_token_key", "View token's key"),),
+                "verbose_name": "Token",
+                "verbose_name_plural": "Tokens",
+            },
+        ),
+    ]

authentik/core/models.py

@@ -369,6 +369,7 @@ class Token(ManagedModel, ExpiringModel):
             models.Index(fields=["identifier"]),
             models.Index(fields=["key"]),
         ]
+        permissions = (("view_token_key", "View token's key"),)
 
 
 class PropertyMapping(SerializerModel, ManagedModel):