Skip to content

core: add additional RBAC permission to restrict setting the superuser status on groups#12900

Merged
BeryJu merged 1 commit intomainfrom
core/group-superuser-rbac-perm
Feb 17, 2025
Merged

core: add additional RBAC permission to restrict setting the superuser status on groups#12900
BeryJu merged 1 commit intomainfrom
core/group-superuser-rbac-perm

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Jan 31, 2025

Details

REPLACE ME

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu BeryJu requested a review from a team as a code owner January 31, 2025 00:00
@netlify
Copy link

netlify bot commented Jan 31, 2025
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 74492aa
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/67b352cb6198780008c9e8bb

@netlify
Copy link

netlify bot commented Jan 31, 2025
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 74492aa
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/67b352cb057b42000756262f

@codecov
Copy link

codecov bot commented Jan 31, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.63%. Comparing base (e5f0fc6) to head (74492aa).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #12900      +/-   ##
==========================================
- Coverage   92.78%   92.63%   -0.15%     
==========================================
  Files         792      792              
  Lines       40121    40163      +42     
==========================================
- Hits        37225    37206      -19     
- Misses       2896     2957      +61
Flag Coverage Δ
e2e 47.05% <4.44%> (-1.22%) ⬇️
integration 24.49% <0.00%> (-0.02%) ⬇️
unit 90.50% <100.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 31, 2025

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-59273817519522b483c8304ed758945b91960598
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-59273817519522b483c8304ed758945b91960598

Afterwards, run the upgrade commands from the latest release notes.

rissson
rissson reviewed Jan 31, 2025
View reviewed changes
@BeryJu
Copy link
Member Author

BeryJu commented Jan 31, 2025

needs docs before merging

@BeryJu BeryJu force-pushed the core/group-superuser-rbac-perm branch from 5927381 to b843104 Compare February 13, 2025 13:33
@BeryJu
core: add additional RBAC permission to restrict setting the superuse…
74492aa 
…r status on groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the core/group-superuser-rbac-perm branch from b843104 to 74492aa Compare February 17, 2025 15:16
@BeryJu BeryJu merged commit 74e0902 into main Feb 17, 2025
80 of 84 checks passed
@BeryJu BeryJu deleted the core/group-superuser-rbac-perm branch February 17, 2025 15:57
@notion-workspace
Copy link

notion-workspace bot commented Feb 19, 2025

Limit who can create superuser groups

kensternberg-authentik added a commit that referenced this pull request Feb 20, 2025
@kensternberg-authentik
Merge branch 'main' into dev
ffbe8fb 
* main: (24 commits)
  core: add additional RBAC permission to restrict setting the superuser status on groups (#12900)
  web: bump API Client version (#13089)
  core: bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#13085)
  stages/authenticator_email: Email OTP (#12630)
  website: bump dompurify and mermaid in /website (#13077)
  web: bump dompurify and mermaid in /web (#13078)
  core: bump django-filter from 24.3 to 25.1 (#13086)
  enterprise/audit: fix diff being created when not enabled (#13084)
  core, web: update translations (#13088)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13080)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13081)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#13082)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#13083)
  core: bump django-storages from 1.14.4 to 1.14.5 (#13087)
  web/user: fix redirects back to user settings (#13076)
  ci: parallelize unit tests (#13036)
  core, web: update translations (#13072)
  stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#13073)
  root: Improve debugging experience (#12961)
  core, web: update translations (#13071)
  ...
@BeryJu BeryJu mentioned this pull request Mar 6, 2025
Closed
gergosimonyi added a commit that referenced this pull request May 14, 2025
@gergosimonyi
core: fix group creation for limited permission users
05e5c63 
Broken by #12900
gergosimonyi added a commit that referenced this pull request Sep 3, 2025
@gergosimonyi
core: fix group creation for limited permission users
d9bb1d7 
Broken by #12900
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rissson rissson rissson approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BeryJu @rissson