core: revert check_access API to get to prevent CSRF errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
c9dda17c68
commit
cabbd18880
|
@ -107,15 +107,19 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
|
||||||
return applications
|
return applications
|
||||||
|
|
||||||
@extend_schema(
|
@extend_schema(
|
||||||
request=inline_serializer(
|
parameters=[
|
||||||
"CheckAccessRequest", fields={"for_user": IntegerField(required=False)}
|
OpenApiParameter(
|
||||||
),
|
name="for_user",
|
||||||
|
location=OpenApiParameter.QUERY,
|
||||||
|
type=OpenApiTypes.INT,
|
||||||
|
)
|
||||||
|
],
|
||||||
responses={
|
responses={
|
||||||
200: PolicyTestResultSerializer(),
|
200: PolicyTestResultSerializer(),
|
||||||
404: OpenApiResponse(description="for_user user not found"),
|
404: OpenApiResponse(description="for_user user not found"),
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
@action(detail=True, methods=["POST"])
|
@action(detail=True, methods=["GET"])
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def check_access(self, request: Request, slug: str) -> Response:
|
def check_access(self, request: Request, slug: str) -> Response:
|
||||||
"""Check access to a single application by slug"""
|
"""Check access to a single application by slug"""
|
||||||
|
|
24
schema.yml
24
schema.yml
|
@ -1504,10 +1504,14 @@ paths:
|
||||||
'403':
|
'403':
|
||||||
$ref: '#/components/schemas/GenericError'
|
$ref: '#/components/schemas/GenericError'
|
||||||
/api/v2beta/core/applications/{slug}/check_access/:
|
/api/v2beta/core/applications/{slug}/check_access/:
|
||||||
post:
|
get:
|
||||||
operationId: core_applications_check_access_create
|
operationId: core_applications_check_access_retrieve
|
||||||
description: Check access to a single application by slug
|
description: Check access to a single application by slug
|
||||||
parameters:
|
parameters:
|
||||||
|
- in: query
|
||||||
|
name: for_user
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
- in: path
|
- in: path
|
||||||
name: slug
|
name: slug
|
||||||
schema:
|
schema:
|
||||||
|
@ -1516,17 +1520,6 @@ paths:
|
||||||
required: true
|
required: true
|
||||||
tags:
|
tags:
|
||||||
- core
|
- core
|
||||||
requestBody:
|
|
||||||
content:
|
|
||||||
application/json:
|
|
||||||
schema:
|
|
||||||
$ref: '#/components/schemas/CheckAccessRequestRequest'
|
|
||||||
application/x-www-form-urlencoded:
|
|
||||||
schema:
|
|
||||||
$ref: '#/components/schemas/CheckAccessRequestRequest'
|
|
||||||
multipart/form-data:
|
|
||||||
schema:
|
|
||||||
$ref: '#/components/schemas/CheckAccessRequestRequest'
|
|
||||||
security:
|
security:
|
||||||
- authentik: []
|
- authentik: []
|
||||||
- cookieAuth: []
|
- cookieAuth: []
|
||||||
|
@ -18415,11 +18408,6 @@ components:
|
||||||
- shell
|
- shell
|
||||||
- redirect
|
- redirect
|
||||||
type: string
|
type: string
|
||||||
CheckAccessRequestRequest:
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
for_user:
|
|
||||||
type: integer
|
|
||||||
ClientTypeEnum:
|
ClientTypeEnum:
|
||||||
enum:
|
enum:
|
||||||
- confidential
|
- confidential
|
||||||
|
|
Reference in a new issue