From df92111296f8f65d1a7bf40b1cbb436f5d68895d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 4 Jul 2021 19:13:59 +0200 Subject: [PATCH] outposts: update outpost permissions on m2m change closes #1105 Signed-off-by: Jens Langhammer --- authentik/outposts/signals.py | 10 +++++++++- tests/e2e/test_provider_ldap.py | 4 ++++ website/docs/releases/v2021.6.md | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/authentik/outposts/signals.py b/authentik/outposts/signals.py index 85667cf37..9a712613e 100644 --- a/authentik/outposts/signals.py +++ b/authentik/outposts/signals.py @@ -1,7 +1,7 @@ """authentik outpost signals""" from django.core.cache import cache from django.db.models import Model -from django.db.models.signals import post_save, pre_delete, pre_save +from django.db.models.signals import m2m_changed, post_save, pre_delete, pre_save from django.dispatch import receiver from structlog.stdlib import get_logger @@ -46,6 +46,14 @@ def pre_save_outpost(sender, instance: Outpost, **_): outpost_controller.delay(instance.pk.hex, action="down", from_cache=True) +@receiver(m2m_changed, sender=Outpost.providers.through) +# pylint: disable=unused-argument +def m2m_changed_update(sender, instance: Model, action: str, **_): + """Update outpost on m2m change, when providers are added or removed""" + if action in ["post_add", "post_remove", "post_clear"]: + outpost_post_save.delay(class_to_path(instance.__class__), instance.pk) + + @receiver(post_save) # pylint: disable=unused-argument def post_save_update(sender, instance: Model, **_): diff --git a/tests/e2e/test_provider_ldap.py b/tests/e2e/test_provider_ldap.py index 8e95ad13e..fd0b3d056 100644 --- a/tests/e2e/test_provider_ldap.py +++ b/tests/e2e/test_provider_ldap.py @@ -195,6 +195,8 @@ class TestProviderLDAP(SeleniumTestCase): "goauthentik.io/ldap/user", ], "memberOf": [], + "accountStatus": ["true"], + "superuser": ["false"], "goauthentik.io/ldap/active": ["true"], "goauthentik.io/ldap/superuser": ["false"], "goauthentik.io/user/override-ips": ["true"], @@ -218,6 +220,8 @@ class TestProviderLDAP(SeleniumTestCase): "memberOf": [ "cn=authentik Admins,ou=groups,dc=ldap,dc=goauthentik,dc=io" ], + "accountStatus": ["true"], + "superuser": ["true"], "goauthentik.io/ldap/active": ["true"], "goauthentik.io/ldap/superuser": ["true"], "extraAttribute": ["bar"], diff --git a/website/docs/releases/v2021.6.md b/website/docs/releases/v2021.6.md index 2c6e92e36..dab310e0f 100644 --- a/website/docs/releases/v2021.6.md +++ b/website/docs/releases/v2021.6.md @@ -149,6 +149,7 @@ slug: "2021.6" - outposts: fix docker controller not checking env correctly - outposts: fix docker controller not checking ports correctly - outposts: fix empty message when docker outpost controller has changed nothing +- outposts: fix permissions not being set correctly upon outpost creation - outposts/ldap: add support for boolean fields in ldap - outposts/proxy: always redirect to session-end interface on sign_out - providers/oauth2: add revoked field, create suspicious event when previous token is used