website/docs: remove commented out config options (cherry-pick #15064)

[gcp-cherry-pick-bot]

Cherry-picked website/docs: remove commented out config options (#15064)

Signed-off-by: Jens Langhammer jens@goauthentik.io

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	8769557
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/68502bbe767b540008d4eb7d
😎 Deploy Preview	https://deploy-preview-15067--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

❌ 7 Tests Failed:

Tests completed	Failed	Passed	Skipped
1821	7	1814	2

View the top 3 failed test(s) by shortest run time

authentik.core.tests.test_source_api.TestSourceAPI::test_builtin_source_used_by

Stack Traces | 0.652s run time

self = <unittest.case._Outcome object at 0x7fac480dfcb0>
test_case = <authentik.core.tests.test_source_api.TestSourceAPI testMethod=test_builtin_source_used_by>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_source_api.TestSourceAPI testMethod=test_builtin_source_used_by>
result = <TestCaseFunction test_builtin_source_used_by>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_source_api.TestSourceAPI testMethod=test_builtin_source_used_by>
method = <bound method TestSourceAPI.test_builtin_source_used_by of <authentik.core.tests.test_source_api.TestSourceAPI testMethod=test_builtin_source_used_by>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_source_api.TestSourceAPI testMethod=test_builtin_source_used_by>

    def test_builtin_source_used_by(self):
        """Test Providers's types endpoint"""
        apps.get_app_config("authentik_core").source_inbuilt()
>       response = self.client.get(
            reverse("authentik_api:source-used-by", kwargs={"slug": "authentik-built-in"}),
        )

.../core/tests/test_source_api.py:16: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>
path = '.../all/authentik-built-in/used_by/', data = None
follow = False, extra = {}

    def get(self, path, data=None, follow=False, **extra):
>       response = super().get(path, data=data, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:292: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>
path = '.../all/authentik-built-in/used_by/', data = None
extra = {}, r = {'QUERY_STRING': ''}

    def get(self, path, data=None, **extra):
        r = {
            'QUERY_STRING': urlencode(data or {}, doseq=True),
        }
        if not data and '?' in path:
            # Fix to support old behavior where you have the arguments in the
            # url. See #1461.
            query_string = force_bytes(path.split('?')[1])
            query_string = query_string.decode('iso-8859-1')
            r['QUERY_STRING'] = query_string
        r.update(extra)
>       return self.generic('GET', path, **r)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:209: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>, method = 'GET'
path = '.../all/authentik-built-in/used_by/', data = ''
content_type = 'application/octet-stream', secure = False
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>, method = 'GET'
path = '.../all/authentik-built-in/used_by/', data = b''
content_type = 'application/octet-stream', secure = False, headers = None
query_params = None
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}
parsed = ParseResult(scheme='', netloc='', path='.../all/authentik-built-in/used_by/', params='', query='', fragment='')
r = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../all/authentik-built-in/used_by/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../all/authentik-built-in/used_by/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../all/authentik-built-in/used_by/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>
request = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../all/authentik-built-in/used_by/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
environ = {'CONTENT_TYPE': 'application/octet-stream', 'HTTP_COOKIE': 'authentik_session=ri0hxob1p2n3row0vksn5wnzadjk38r7', 'PATH_INFO': '.../all/authentik-built-in/used_by/', 'QUERY_STRING': '', ...}
data = {'context': [[{'True': True, 'False': False, 'None': None}, {'csrf_token': <SimpleLazyObject: <function csrf.<locals>....se/ske...">, <Template template_string="{% load static %}{%...">, <Template template_string="{% load i18n %}{% g...">]}
on_template_render = functools.partial(<function store_rendered_templates at 0x7fac52210d60>, {'templates': [<Template template_string="{% ...<IncludeNode: template=<FilterExpression '"base/header_js.html"'>>, <TextNode: '\n'>]>}, {'LANGUAGE_CODE': 'en-us'}]]})
signal_uid = 'template-render-140377905795136'
exception_uid = 'request-exception-140377905795136'
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac46800260>
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../all/authentik-built-in/used_by/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7fac4930ef50>
request = <WSGIRequest: GET '.../all/authentik-built-in/used_by/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../all/authentik-built-in/used_by/'>
args = (), kwargs = {'slug': 'authentik-built-in'}
current_scope = <Scope id=0x7fac579ab220 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7fac579aace0 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../all/authentik-built-in/used_by/'>
args = (), kwargs = {'slug': 'authentik-built-in'}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../all/authentik-built-in/used_by/'>
args = (), kwargs = {'slug': 'authentik-built-in'}
self = <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>
method = 'head', action = 'used_by'
handler = <bound method UsedByMixin.used_by of <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>
request = <rest_framework.request.Request: GET '.../all/authentik-built-in/used_by/'>
args = (), kwargs = {'slug': 'authentik-built-in'}
handler = <bound method UsedByMixin.used_by of <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>
request = <rest_framework.request.Request: GET '.../all/authentik-built-in/used_by/'>
args = (), kwargs = {'slug': 'authentik-built-in'}
handler = <bound method UsedByMixin.used_by of <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.sources.SourceViewSet object at 0x7fac468b57f0>
request = <rest_framework.request.Request: GET '.../all/authentik-built-in/used_by/'>
args = (), kwargs = {'slug': 'authentik-built-in'}
model = <Source: authentik Built-in>, used_by = [], shadows = []
attr_name = 'user_set'
manager = <django.db.models.fields.related_descriptors.create_forward_many_to_many_manager.<locals>.ManyRelatedManager object at 0x7fac467c97f0>
app = 'authentik_core', model_name = 'user', delete_action = 'cascade_many'
first_object = True

    @extend_schema(
        responses={200: UsedBySerializer(many=True)},
    )
    @action(detail=True, pagination_class=None, filter_backends=[ObjectFilter])
    def used_by(self, request: Request, *args, **kwargs) -> Response:
        """Get a list of all objects that use this object"""
        model: Model = self.get_object()
        used_by = []
        shadows = []
        for attr_name, manager in getmembers(model, lambda x: isinstance(x, Manager)):
            if attr_name == "objects":  # pragma: no cover
                continue
            manager: Manager
            if manager.model._meta.abstract:
                continue
            app = manager.model._meta.app_label
            model_name = manager.model._meta.model_name
            delete_action = get_delete_action(manager)
    
            # To make sure we only apply shadows when there are any objects,
            # but so we only apply them once, have a simple flag for the first object
            first_object = True
    
            # TODO: This will only return the used-by references that the user can see
            # Either we have to leak model information here to not make the list
            # useless if the user doesn't have all permissions, or we need to double
            # query and check if there is a difference between modes the user can see
            # and can't see and add a warning
>           for obj in get_objects_for_user(
                request.user, f"{app}.view_{model_name}", manager
            ).all():

.../core/api/used_by.py:82: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <SimpleLazyObject: <User: KruO36UYSVR4Unv9wZTd>>
perms = ['authentik_core.view_user']
klass = <django.db.models.fields.related_descriptors.create_forward_many_to_many_manager.<locals>.ManyRelatedManager object at 0x7fac467c97f0>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = True

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

authentik.core.tests.test_groups_api.TestGroupsAPI::test_parent_self

Stack Traces | 0.836s run time

self = <unittest.case._Outcome object at 0x7fac45eb70e0>
test_case = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_parent_self>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_parent_self>
result = <TestCaseFunction test_parent_self>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_parent_self>
method = <bound method TestGroupsAPI.test_parent_self of <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_parent_self>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_parent_self>

    def test_parent_self(self):
        """Test parent"""
        group = Group.objects.create(name=generate_id())
        assign_perm("view_group", self.login_user, group)
        assign_perm("change_group", self.login_user, group)
        self.client.force_login(self.login_user)
>       res = self.client.patch(
            reverse("authentik_api:group-detail", kwargs={"pk": group.pk}),
            data={
                "parent": group.pk,
            },
        )

.../core/tests/test_groups_api.py:105: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
path = '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'
data = {'parent': UUID('1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52')}, format = None
content_type = None, follow = False, extra = {}

    def patch(self, path, data=None, format=None, content_type=None,
              follow=False, **extra):
>       response = super().patch(
            path, data=data, format=format, content_type=content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:315: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
path = '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'
data = b'{"parent":"1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52"}', format = None
content_type = 'application/json', extra = {}

    def patch(self, path, data=None, format=None, content_type=None, **extra):
        data, content_type = self._encode_data(data, format, content_type)
>       return self.generic('PATCH', path, data, content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:221: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
method = 'PATCH'
path = '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'
data = b'{"parent":"1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52"}'
content_type = 'application/json', secure = False
extra = {'CONTENT_TYPE': 'application/json'}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
method = 'PATCH'
path = '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'
data = b'{"parent":"1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52"}'
content_type = 'application/json', secure = False, headers = None
query_params = None, extra = {'CONTENT_TYPE': 'application/json'}
parsed = ParseResult(scheme='', netloc='', path='.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/', params='', query='', fragment='')
r = {'CONTENT_LENGTH': '49', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/', 'QUERY_STRING': '', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
kwargs = {'CONTENT_LENGTH': '49', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
kwargs = {'CONTENT_LENGTH': '49', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
request = {'CONTENT_LENGTH': '49', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/', 'QUERY_STRING': '', ...}
environ = {'CONTENT_LENGTH': '49', 'CONTENT_TYPE': 'application/json', 'HTTP_COOKIE': 'authentik_session=mo0wk7r0g6kwvvqiq4bldehqfzf6u1fx', 'PATH_INFO': '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/', ...}
data = {}
on_template_render = functools.partial(<function store_rendered_templates at 0x7fac52210d60>, {})
signal_uid = 'template-render-140377732738304'
exception_uid = 'request-exception-140377732738304'
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac461d2af0>
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7fac442f8650>
request = <WSGIRequest: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
args = (), kwargs = {'pk': '1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52'}
current_scope = <Scope id=0x7fac579ab220 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7fac579aace0 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
args = (), kwargs = {'pk': '1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52'}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
args = (), kwargs = {'pk': '1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52'}
self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
method = 'head', action = 'retrieve'
handler = <bound method GroupViewSet.retrieve of <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
request = <rest_framework.request.Request: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
args = (), kwargs = {'pk': '1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52'}
handler = <bound method UpdateModelMixin.partial_update of <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
request = <rest_framework.request.Request: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
args = (), kwargs = {'pk': '1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52'}
handler = <bound method UpdateModelMixin.partial_update of <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
request = <rest_framework.request.Request: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
args = ()
kwargs = {'partial': True, 'pk': '1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52'}

    def partial_update(self, request, *args, **kwargs):
        kwargs['partial'] = True
>       return self.update(request, *args, **kwargs)

.venv/lib/python3.13....../site-packages/rest_framework/mixins.py:82: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
request = <rest_framework.request.Request: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
args = (), kwargs = {'pk': '1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52'}
partial = True

    def update(self, request, *args, **kwargs):
        partial = kwargs.pop('partial', False)
>       instance = self.get_object()

.venv/lib/python3.13....../site-packages/rest_framework/mixins.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>

    def get_object(self):
        """
        Returns the object the view is displaying.
    
        You may want to override this if you need to provide non-standard
        queryset lookups.  Eg if objects are referenced using multiple
        keyword arguments in the url conf.
        """
>       queryset = self.filter_queryset(self.get_queryset())

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:87: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>
queryset = <GroupQuerySet []>

    def filter_queryset(self, queryset):
        """
        Given a queryset, filter it with whichever filter backend is in use.
    
        You are unlikely to want to override this method, although you may need
        to call it either from a list view, or from a custom `get_object`
        method if you want to apply the configured filtering backend to the
        default queryset.
        """
        for backend in list(self.filter_backends):
>           queryset = backend().filter_queryset(self.request, queryset, self)

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:154: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7fac46b8c950>
request = <rest_framework.request.Request: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
queryset = <GroupQuerySet []>
view = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>

    def filter_queryset(self, request: Request, queryset: QuerySet, view: APIView) -> QuerySet:
        permission = self.perm_format % {
            "app_label": queryset.model._meta.app_label,
            "model_name": queryset.model._meta.model_name,
        }
        # having the global permission set on a user has higher priority than
        # per-object permissions
        if request.user.has_perm(permission):
            return queryset
        # User does not have permissions, but we have an owner field defined, so filter by that
        if owner_field := getattr(view, "owner_field", None):
            return queryset.filter(**{owner_field: request.user})
>       queryset = super().filter_queryset(request, queryset, view)

authentik/rbac/filters.py:32: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7fac46b8c950>
request = <rest_framework.request.Request: PATCH '.../core/groups/1e5dbb6a-aeda-40f5-8acb-a0d19aa24b52/'>
queryset = <GroupQuerySet []>
view = <authentik.core.api.groups.GroupViewSet object at 0x7fac46d2a140>

    def filter_queryset(self, request, queryset, view):
        # We want to defer this import until runtime, rather than import-time.
        # See https://github..../django-rest-framework/issues/4608
        # (Also see #1624 for why we need to make this import explicitly)
        from guardian.shortcuts import get_objects_for_user
    
        user = request.user
        permission = self.perm_format % {
            'app_label': queryset.model._meta.app_label,
            'model_name': queryset.model._meta.model_name,
        }
    
>       return get_objects_for_user(
            user, permission, queryset,
            **self.shortcut_kwargs)

.venv/lib/python3.13.../site-packages/rest_framework_guardian/filters.py:28: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <SimpleLazyObject: <User: k10mS8g8ZGqfevw0Dsja>>
perms = ['authentik_core.view_group'], klass = <GroupQuerySet []>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = False

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

authentik.core.tests.test_groups_api.TestGroupsAPI::test_superuser_update_no_perm

Stack Traces | 0.836s run time

self = <unittest.case._Outcome object at 0x7fac49bc0d00>
test_case = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_superuser_update_no_perm>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_superuser_update_no_perm>
result = <TestCaseFunction test_superuser_update_no_perm>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_superuser_update_no_perm>
method = <bound method TestGroupsAPI.test_superuser_update_no_perm of <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_superuser_update_no_perm>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_groups_api.TestGroupsAPI testMethod=test_superuser_update_no_perm>

    def test_superuser_update_no_perm(self):
        """Test updating a superuser group without permission"""
        group = Group.objects.create(name=generate_id(), is_superuser=True)
        assign_perm("view_group", self.login_user, group)
        assign_perm("change_group", self.login_user, group)
        self.client.force_login(self.login_user)
>       res = self.client.patch(
            reverse("authentik_api:group-detail", kwargs={"pk": group.pk}),
            data={"is_superuser": False},
        )

.../core/tests/test_groups_api.py:143: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
path = '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'
data = {'is_superuser': False}, format = None, content_type = None
follow = False, extra = {}

    def patch(self, path, data=None, format=None, content_type=None,
              follow=False, **extra):
>       response = super().patch(
            path, data=data, format=format, content_type=content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:315: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
path = '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'
data = b'{"is_superuser":false}', format = None
content_type = 'application/json', extra = {}

    def patch(self, path, data=None, format=None, content_type=None, **extra):
        data, content_type = self._encode_data(data, format, content_type)
>       return self.generic('PATCH', path, data, content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:221: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
method = 'PATCH'
path = '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'
data = b'{"is_superuser":false}', content_type = 'application/json'
secure = False, extra = {'CONTENT_TYPE': 'application/json'}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
method = 'PATCH'
path = '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'
data = b'{"is_superuser":false}', content_type = 'application/json'
secure = False, headers = None, query_params = None
extra = {'CONTENT_TYPE': 'application/json'}
parsed = ParseResult(scheme='', netloc='', path='.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/', params='', query='', fragment='')
r = {'CONTENT_LENGTH': '22', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/', 'QUERY_STRING': '', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
kwargs = {'CONTENT_LENGTH': '22', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
kwargs = {'CONTENT_LENGTH': '22', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
request = {'CONTENT_LENGTH': '22', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/', 'QUERY_STRING': '', ...}
environ = {'CONTENT_LENGTH': '22', 'CONTENT_TYPE': 'application/json', 'HTTP_COOKIE': 'authentik_session=t55pzo7a1dz7hzs3joqueei6au1oaja0', 'PATH_INFO': '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/', ...}
data = {}
on_template_render = functools.partial(<function store_rendered_templates at 0x7fac52210d60>, {})
signal_uid = 'template-render-140377857525312'
exception_uid = 'request-exception-140377857525312'
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fac4664d4f0>
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7fac463f78d0>
request = <WSGIRequest: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
args = (), kwargs = {'pk': '010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9'}
current_scope = <Scope id=0x7fac579ab220 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7fac579aace0 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
args = (), kwargs = {'pk': '010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9'}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
args = (), kwargs = {'pk': '010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9'}
self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
method = 'head', action = 'retrieve'
handler = <bound method GroupViewSet.retrieve of <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
request = <rest_framework.request.Request: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
args = (), kwargs = {'pk': '010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9'}
handler = <bound method UpdateModelMixin.partial_update of <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
request = <rest_framework.request.Request: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
args = (), kwargs = {'pk': '010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9'}
handler = <bound method UpdateModelMixin.partial_update of <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
request = <rest_framework.request.Request: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
args = ()
kwargs = {'partial': True, 'pk': '010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9'}

    def partial_update(self, request, *args, **kwargs):
        kwargs['partial'] = True
>       return self.update(request, *args, **kwargs)

.venv/lib/python3.13....../site-packages/rest_framework/mixins.py:82: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
request = <rest_framework.request.Request: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
args = (), kwargs = {'pk': '010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9'}
partial = True

    def update(self, request, *args, **kwargs):
        partial = kwargs.pop('partial', False)
>       instance = self.get_object()

.venv/lib/python3.13....../site-packages/rest_framework/mixins.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>

    def get_object(self):
        """
        Returns the object the view is displaying.
    
        You may want to override this if you need to provide non-standard
        queryset lookups.  Eg if objects are referenced using multiple
        keyword arguments in the url conf.
        """
>       queryset = self.filter_queryset(self.get_queryset())

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:87: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>
queryset = <GroupQuerySet []>

    def filter_queryset(self, queryset):
        """
        Given a queryset, filter it with whichever filter backend is in use.
    
        You are unlikely to want to override this method, although you may need
        to call it either from a list view, or from a custom `get_object`
        method if you want to apply the configured filtering backend to the
        default queryset.
        """
        for backend in list(self.filter_backends):
>           queryset = backend().filter_queryset(self.request, queryset, self)

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:154: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7fac45ecd090>
request = <rest_framework.request.Request: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
queryset = <GroupQuerySet []>
view = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>

    def filter_queryset(self, request: Request, queryset: QuerySet, view: APIView) -> QuerySet:
        permission = self.perm_format % {
            "app_label": queryset.model._meta.app_label,
            "model_name": queryset.model._meta.model_name,
        }
        # having the global permission set on a user has higher priority than
        # per-object permissions
        if request.user.has_perm(permission):
            return queryset
        # User does not have permissions, but we have an owner field defined, so filter by that
        if owner_field := getattr(view, "owner_field", None):
            return queryset.filter(**{owner_field: request.user})
>       queryset = super().filter_queryset(request, queryset, view)

authentik/rbac/filters.py:32: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7fac45ecd090>
request = <rest_framework.request.Request: PATCH '.../core/groups/010a4f5f-1bd0-4a60-8d52-e4b37dc83ef9/'>
queryset = <GroupQuerySet []>
view = <authentik.core.api.groups.GroupViewSet object at 0x7fac48b931d0>

    def filter_queryset(self, request, queryset, view):
        # We want to defer this import until runtime, rather than import-time.
        # See https://github..../django-rest-framework/issues/4608
        # (Also see #1624 for why we need to make this import explicitly)
        from guardian.shortcuts import get_objects_for_user
    
        user = request.user
        permission = self.perm_format % {
            'app_label': queryset.model._meta.app_label,
            'model_name': queryset.model._meta.model_name,
        }
    
>       return get_objects_for_user(
            user, permission, queryset,
            **self.shortcut_kwargs)

.venv/lib/python3.13.../site-packages/rest_framework_guardian/filters.py:28: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <SimpleLazyObject: <User: PBCo3POonn2iJ4tCO63o>>
perms = ['authentik_core.view_group'], klass = <GroupQuerySet []>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = False

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}