core: allow changing of groups a user is in from user api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:31:30 +02:00 · 2021-08-10 19:31:30 +02:00 · ec95a2bddc
parent de9d483b9f
commit ec95a2bddc
2 changed files with 24 additions and 2 deletions
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -20,6 +20,7 @@ from rest_framework.serializers import (
    BooleanField,
    ListSerializer,
    ModelSerializer,
+    PrimaryKeyRelatedField,
    Serializer,
    ValidationError,
 )
@ -33,7 +34,7 @@ from authentik.core.api.groups import GroupSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import LinkSerializer, PassiveSerializer, is_dict
 from authentik.core.middleware import SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER
-from authentik.core.models import Token, TokenIntents, User
+from authentik.core.models import Group, Token, TokenIntents, User
 from authentik.events.models import EventAction
 from authentik.stages.email.models import EmailStage
 from authentik.stages.email.tasks import send_mails
@ -49,7 +50,10 @@ class UserSerializer(ModelSerializer):
    is_superuser = BooleanField(read_only=True)
    avatar = CharField(read_only=True)
    attributes = JSONField(validators=[is_dict], required=False)
-    groups = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups")
+    groups = PrimaryKeyRelatedField(
+        allow_empty=False, many=True, source="ak_groups", queryset=Group.objects.all()
+    )
+    groups_obj = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups")
    uid = CharField(read_only=True)

    class Meta:
@ -63,6 +67,7 @@ class UserSerializer(ModelSerializer):
            "last_login",
            "is_superuser",
            "groups",
+            "groups_obj",
            "email",
            "avatar",
            "attributes",
--- a/schema.yml
+++ b/schema.yml
@ -27634,6 +27634,11 @@ components:
          type: string
          format: date-time
          nullable: true
+        groups:
+          type: array
+          items:
+            type: string
+            format: uuid
        email:
          type: string
          format: email
@ -29808,6 +29813,11 @@ components:
          type: boolean
          readOnly: true
        groups:
+          type: array
+          items:
+            type: string
+            format: uuid
+        groups_obj:
          type: array
          items:
            $ref: '#/components/schemas/Group'
@ -29829,6 +29839,7 @@ components:
      required:
      - avatar
      - groups
+      - groups_obj
      - is_superuser
      - name
      - pk
@ -30105,6 +30116,11 @@ components:
          type: string
          format: date-time
          nullable: true
+        groups:
+          type: array
+          items:
+            type: string
+            format: uuid
        email:
          type: string
          format: email
@ -30114,6 +30130,7 @@ components:
          type: object
          additionalProperties: {}
      required:
+      - groups
      - name
      - username
    UserSelf: