authentik.rbac.api.rbac_roles
common RBAC serializers
1"""common RBAC serializers""" 2 3from django.apps import apps 4from django_filters.filters import UUIDFilter 5from django_filters.filterset import FilterSet 6from guardian.models import RoleObjectPermission 7from rest_framework.fields import SerializerMethodField 8from rest_framework.mixins import ListModelMixin 9from rest_framework.viewsets import GenericViewSet 10 11from authentik.api.pagination import SmallerPagination 12from authentik.rbac.api.rbac_assigned_by_roles import RoleObjectPermissionSerializer 13 14 15class ExtraRoleObjectPermissionSerializer(RoleObjectPermissionSerializer): 16 """Role permission with additional object-related data""" 17 18 app_label_verbose = SerializerMethodField() 19 model_verbose = SerializerMethodField() 20 object_description = SerializerMethodField() 21 22 def get_app_label_verbose(self, instance: RoleObjectPermission) -> str: 23 """Get app label from permission's model""" 24 try: 25 return apps.get_app_config(instance.content_type.app_label).verbose_name 26 except LookupError: 27 return instance.content_type.app_label 28 29 def get_model_verbose(self, instance: RoleObjectPermission) -> str: 30 """Get model label from permission's model""" 31 try: 32 return apps.get_model( 33 instance.content_type.app_label, instance.content_type.model 34 )._meta.verbose_name 35 except LookupError: 36 return f"{instance.content_type.app_label}.{instance.content_type.model}" 37 38 def get_object_description(self, instance: RoleObjectPermission) -> str | None: 39 """Get model description from attached model. This operation takes at least 40 one additional query, and the description is only shown if the role has the 41 view_ permission on the object""" 42 try: 43 model_class = instance.content_type.model_class() 44 except LookupError: 45 return None 46 obj = model_class.objects.filter(pk=instance.object_pk).first() 47 if not obj: 48 return None 49 return str(obj) 50 51 class Meta(RoleObjectPermissionSerializer.Meta): 52 fields = RoleObjectPermissionSerializer.Meta.fields + [ 53 "app_label_verbose", 54 "model_verbose", 55 "object_description", 56 ] 57 58 59class RolePermissionFilter(FilterSet): 60 """Role permission filter""" 61 62 uuid = UUIDFilter("role__uuid") 63 64 65class RolePermissionViewSet(ListModelMixin, GenericViewSet): 66 """Get a role's assigned object permissions""" 67 68 serializer_class = ExtraRoleObjectPermissionSerializer 69 ordering = ["role__name"] 70 pagination_class = SmallerPagination 71 queryset = RoleObjectPermission.objects.select_related("content_type", "role").all() 72 filterset_class = RolePermissionFilter
class
ExtraRoleObjectPermissionSerializer(authentik.rbac.api.rbac_assigned_by_roles.RoleObjectPermissionSerializer):
16class ExtraRoleObjectPermissionSerializer(RoleObjectPermissionSerializer): 17 """Role permission with additional object-related data""" 18 19 app_label_verbose = SerializerMethodField() 20 model_verbose = SerializerMethodField() 21 object_description = SerializerMethodField() 22 23 def get_app_label_verbose(self, instance: RoleObjectPermission) -> str: 24 """Get app label from permission's model""" 25 try: 26 return apps.get_app_config(instance.content_type.app_label).verbose_name 27 except LookupError: 28 return instance.content_type.app_label 29 30 def get_model_verbose(self, instance: RoleObjectPermission) -> str: 31 """Get model label from permission's model""" 32 try: 33 return apps.get_model( 34 instance.content_type.app_label, instance.content_type.model 35 )._meta.verbose_name 36 except LookupError: 37 return f"{instance.content_type.app_label}.{instance.content_type.model}" 38 39 def get_object_description(self, instance: RoleObjectPermission) -> str | None: 40 """Get model description from attached model. This operation takes at least 41 one additional query, and the description is only shown if the role has the 42 view_ permission on the object""" 43 try: 44 model_class = instance.content_type.model_class() 45 except LookupError: 46 return None 47 obj = model_class.objects.filter(pk=instance.object_pk).first() 48 if not obj: 49 return None 50 return str(obj) 51 52 class Meta(RoleObjectPermissionSerializer.Meta): 53 fields = RoleObjectPermissionSerializer.Meta.fields + [ 54 "app_label_verbose", 55 "model_verbose", 56 "object_description", 57 ]
Role permission with additional object-related data
def
get_app_label_verbose(self, instance: guardian.models.RoleObjectPermission) -> str:
23 def get_app_label_verbose(self, instance: RoleObjectPermission) -> str: 24 """Get app label from permission's model""" 25 try: 26 return apps.get_app_config(instance.content_type.app_label).verbose_name 27 except LookupError: 28 return instance.content_type.app_label
Get app label from permission's model
def
get_model_verbose(self, instance: guardian.models.RoleObjectPermission) -> str:
30 def get_model_verbose(self, instance: RoleObjectPermission) -> str: 31 """Get model label from permission's model""" 32 try: 33 return apps.get_model( 34 instance.content_type.app_label, instance.content_type.model 35 )._meta.verbose_name 36 except LookupError: 37 return f"{instance.content_type.app_label}.{instance.content_type.model}"
Get model label from permission's model
def
get_object_description(self, instance: guardian.models.RoleObjectPermission) -> str | None:
39 def get_object_description(self, instance: RoleObjectPermission) -> str | None: 40 """Get model description from attached model. This operation takes at least 41 one additional query, and the description is only shown if the role has the 42 view_ permission on the object""" 43 try: 44 model_class = instance.content_type.model_class() 45 except LookupError: 46 return None 47 obj = model_class.objects.filter(pk=instance.object_pk).first() 48 if not obj: 49 return None 50 return str(obj)
Get model description from attached model. This operation takes at least one additional query, and the description is only shown if the role has the view_ permission on the object
class
ExtraRoleObjectPermissionSerializer.Meta(authentik.rbac.api.rbac_assigned_by_roles.RoleObjectPermissionSerializer.Meta):
52 class Meta(RoleObjectPermissionSerializer.Meta): 53 fields = RoleObjectPermissionSerializer.Meta.fields + [ 54 "app_label_verbose", 55 "model_verbose", 56 "object_description", 57 ]
class
RolePermissionFilter(django_filters.filterset.FilterSet):
60class RolePermissionFilter(FilterSet): 61 """Role permission filter""" 62 63 uuid = UUIDFilter("role__uuid")
Role permission filter
class
RolePermissionViewSet(rest_framework.mixins.ListModelMixin, rest_framework.viewsets.GenericViewSet):
66class RolePermissionViewSet(ListModelMixin, GenericViewSet): 67 """Get a role's assigned object permissions""" 68 69 serializer_class = ExtraRoleObjectPermissionSerializer 70 ordering = ["role__name"] 71 pagination_class = SmallerPagination 72 queryset = RoleObjectPermission.objects.select_related("content_type", "role").all() 73 filterset_class = RolePermissionFilter
Get a role's assigned object permissions
serializer_class =
<class 'ExtraRoleObjectPermissionSerializer'>
pagination_class =
<class 'authentik.api.pagination.SmallerPagination'>
filterset_class =
<class 'RolePermissionFilter'>