stages/invitation: use GroupMemberSerializer serializer to prevent all of the user's groups and their users from being returned

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-14 15:56:13 +01:00
parent c6a3286e4c
commit 8c16dfc478
2 changed files with 3 additions and 3 deletions

View file

@ -5,8 +5,8 @@ from rest_framework.fields import JSONField
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.core.api.groups import GroupMemberSerializer
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.users import UserSerializer
from authentik.core.api.utils import is_dict from authentik.core.api.utils import is_dict
from authentik.flows.api.stages import StageSerializer from authentik.flows.api.stages import StageSerializer
from authentik.stages.invitation.models import Invitation, InvitationStage from authentik.stages.invitation.models import Invitation, InvitationStage
@ -46,7 +46,7 @@ class InvitationStageViewSet(UsedByMixin, ModelViewSet):
class InvitationSerializer(ModelSerializer): class InvitationSerializer(ModelSerializer):
"""Invitation Serializer""" """Invitation Serializer"""
created_by = UserSerializer(read_only=True) created_by = GroupMemberSerializer(read_only=True)
fixed_data = JSONField(validators=[is_dict], required=False) fixed_data = JSONField(validators=[is_dict], required=False)
class Meta: class Meta:

View file

@ -22127,7 +22127,7 @@ components:
additionalProperties: {} additionalProperties: {}
created_by: created_by:
allOf: allOf:
- $ref: '#/components/schemas/User' - $ref: '#/components/schemas/GroupMember'
readOnly: true readOnly: true
single_use: single_use:
type: boolean type: boolean