core: fix missing permission check for group creating when creating service account
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
3c8bbc2621
commit
c1ea78c422
|
@ -314,7 +314,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
|
|||
name=username,
|
||||
attributes={USER_ATTRIBUTE_SA: True, USER_ATTRIBUTE_TOKEN_EXPIRING: False},
|
||||
)
|
||||
if create_group:
|
||||
if create_group and self.request.user.has_perm("authentik_core.add_group"):
|
||||
group = Group.objects.create(
|
||||
name=username,
|
||||
)
|
||||
|
|
Reference in a new issue