use permissions for settings api

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Marc 'risson' Schmitt 2023-12-20 11:08:17 +01:00
parent 951f9ce043
commit 9fd8cedbfa
No known key found for this signature in database
GPG Key ID: 9C3FA22FABF1AA8D
3 changed files with 42 additions and 2 deletions

View File

@ -0,0 +1,29 @@
# Generated by Django 4.2.8 on 2023-12-20 10:02
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("authentik_rbac", "0002_systempermission"),
]
operations = [
migrations.AlterModelOptions(
name="systempermission",
options={
"default_permissions": (),
"managed": False,
"permissions": [
("view_system_info", "Can view system info"),
("view_system_tasks", "Can view system tasks"),
("run_system_tasks", "Can run system tasks"),
("access_admin_interface", "Can access admin interface"),
("view_system_settings", "Can view system settings"),
("edit_system_settings", "Can edit system settings"),
],
"verbose_name": "System permission",
"verbose_name_plural": "System permissions",
},
),
]

View File

@ -70,4 +70,6 @@ class SystemPermission(models.Model):
("view_system_tasks", _("Can view system tasks")),
("run_system_tasks", _("Can run system tasks")),
("access_admin_interface", _("Can access admin interface")),
("view_system_settings", _("Can view system settings")),
("edit_system_settings", _("Can edit system settings")),
]

View File

@ -6,7 +6,7 @@ from rest_framework import permissions
from rest_framework.authentication import get_authorization_header
from rest_framework.filters import OrderingFilter, SearchFilter
from rest_framework.generics import RetrieveUpdateAPIView
from rest_framework.permissions import IsAdminUser
from rest_framework.permissions import SAFE_METHODS, IsAdminUser
from rest_framework.request import Request
from rest_framework.serializers import ModelSerializer
from rest_framework.views import View
@ -14,6 +14,7 @@ from rest_framework.viewsets import ModelViewSet
from authentik.api.authentication import validate_auth
from authentik.lib.config import CONFIG
from authentik.rbac.permissions import HasPermission
from authentik.tenants.models import Domain, Tenant
@ -117,9 +118,17 @@ class SettingsView(RetrieveUpdateAPIView):
queryset = Tenant.objects.filter(ready=True)
serializer_class = SettingsSerializer
permission_classes = [IsAdminUser]
filter_backends = []
def get_permissions(self):
return [
HasPermission(
"authentik_rbac.view_system_settings"
if self.request.method in SAFE_METHODS
else "authentik_rbac.edit_system_settings"
)()
]
def get_object(self):
obj = self.request.tenant
self.check_object_permissions(self.request, obj)