outposts: update outpost permissions on m2m change
closes #1105 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
da8417a141
commit
df92111296
|
@ -1,7 +1,7 @@
|
||||||
"""authentik outpost signals"""
|
"""authentik outpost signals"""
|
||||||
from django.core.cache import cache
|
from django.core.cache import cache
|
||||||
from django.db.models import Model
|
from django.db.models import Model
|
||||||
from django.db.models.signals import post_save, pre_delete, pre_save
|
from django.db.models.signals import m2m_changed, post_save, pre_delete, pre_save
|
||||||
from django.dispatch import receiver
|
from django.dispatch import receiver
|
||||||
from structlog.stdlib import get_logger
|
from structlog.stdlib import get_logger
|
||||||
|
|
||||||
|
@ -46,6 +46,14 @@ def pre_save_outpost(sender, instance: Outpost, **_):
|
||||||
outpost_controller.delay(instance.pk.hex, action="down", from_cache=True)
|
outpost_controller.delay(instance.pk.hex, action="down", from_cache=True)
|
||||||
|
|
||||||
|
|
||||||
|
@receiver(m2m_changed, sender=Outpost.providers.through)
|
||||||
|
# pylint: disable=unused-argument
|
||||||
|
def m2m_changed_update(sender, instance: Model, action: str, **_):
|
||||||
|
"""Update outpost on m2m change, when providers are added or removed"""
|
||||||
|
if action in ["post_add", "post_remove", "post_clear"]:
|
||||||
|
outpost_post_save.delay(class_to_path(instance.__class__), instance.pk)
|
||||||
|
|
||||||
|
|
||||||
@receiver(post_save)
|
@receiver(post_save)
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def post_save_update(sender, instance: Model, **_):
|
def post_save_update(sender, instance: Model, **_):
|
||||||
|
|
|
@ -195,6 +195,8 @@ class TestProviderLDAP(SeleniumTestCase):
|
||||||
"goauthentik.io/ldap/user",
|
"goauthentik.io/ldap/user",
|
||||||
],
|
],
|
||||||
"memberOf": [],
|
"memberOf": [],
|
||||||
|
"accountStatus": ["true"],
|
||||||
|
"superuser": ["false"],
|
||||||
"goauthentik.io/ldap/active": ["true"],
|
"goauthentik.io/ldap/active": ["true"],
|
||||||
"goauthentik.io/ldap/superuser": ["false"],
|
"goauthentik.io/ldap/superuser": ["false"],
|
||||||
"goauthentik.io/user/override-ips": ["true"],
|
"goauthentik.io/user/override-ips": ["true"],
|
||||||
|
@ -218,6 +220,8 @@ class TestProviderLDAP(SeleniumTestCase):
|
||||||
"memberOf": [
|
"memberOf": [
|
||||||
"cn=authentik Admins,ou=groups,dc=ldap,dc=goauthentik,dc=io"
|
"cn=authentik Admins,ou=groups,dc=ldap,dc=goauthentik,dc=io"
|
||||||
],
|
],
|
||||||
|
"accountStatus": ["true"],
|
||||||
|
"superuser": ["true"],
|
||||||
"goauthentik.io/ldap/active": ["true"],
|
"goauthentik.io/ldap/active": ["true"],
|
||||||
"goauthentik.io/ldap/superuser": ["true"],
|
"goauthentik.io/ldap/superuser": ["true"],
|
||||||
"extraAttribute": ["bar"],
|
"extraAttribute": ["bar"],
|
||||||
|
|
|
@ -149,6 +149,7 @@ slug: "2021.6"
|
||||||
- outposts: fix docker controller not checking env correctly
|
- outposts: fix docker controller not checking env correctly
|
||||||
- outposts: fix docker controller not checking ports correctly
|
- outposts: fix docker controller not checking ports correctly
|
||||||
- outposts: fix empty message when docker outpost controller has changed nothing
|
- outposts: fix empty message when docker outpost controller has changed nothing
|
||||||
|
- outposts: fix permissions not being set correctly upon outpost creation
|
||||||
- outposts/ldap: add support for boolean fields in ldap
|
- outposts/ldap: add support for boolean fields in ldap
|
||||||
- outposts/proxy: always redirect to session-end interface on sign_out
|
- outposts/proxy: always redirect to session-end interface on sign_out
|
||||||
- providers/oauth2: add revoked field, create suspicious event when previous token is used
|
- providers/oauth2: add revoked field, create suspicious event when previous token is used
|
||||||
|
|
Reference in a new issue