core: fix missing permission check for group creating when creating service account

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-06 12:33:29 +01:00
parent 3c8bbc2621
commit c1ea78c422

View file

@ -314,7 +314,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
name=username,
attributes={USER_ATTRIBUTE_SA: True, USER_ATTRIBUTE_TOKEN_EXPIRING: False},
)
if create_group:
if create_group and self.request.user.has_perm("authentik_core.add_group"):
group = Group.objects.create(
name=username,
)