Problems with groups and group hierarchies. #5338
Description
The hierarchy is called Parent (/Child) but it allows modeling a circular dependency AND even more, modeling the same group as a parent. Is this intentional or a bug?
To me the parent/child dependency is a directed tree dependency which should not allow modeling circles (the nature of parent/child relationship)
The "problems" or maybe misunderstanding or strange behavior i see:
I have a parent group with a child group:
My understanding now would be:
if I include a userChild in the child group, I get the groups child AND parent as group membership.
for group in user.ak_groups.all():
yieldgroup.name
returns only the direct group memberships.
According to the documentation
When you bind a group to an application or flow, any members of any child group of the selected group will have access.
So for applications and flows this is different than with the script.
-
How can i get the "expanded" group membership for a user? As this is for example what I would expect in the "authentik default SAML Mapping: Groups"
-
and the same question comes to me with attributes?
Here the documentation is different
Attributes of groups are recursively merged, for all groups the user is a direct member of.
but my question is the same: how do I get an expanded list of attributes across all direct and indirect group memberships.
Version and Deployment:
- authentik version: 2023.4.1
- Deployment: docker-compose