core: add digraph group hierarchy#17050
Conversation
✅ Deploy Preview for authentik-docs canceled.
|
✅ Deploy Preview for authentik-integrations canceled.
|
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #17050 +/- ##
==========================================
- Coverage 93.21% 93.19% -0.02%
==========================================
Files 933 929 -4
Lines 51255 51175 -80
==========================================
- Hits 47775 47695 -80
Misses 3480 3480
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
This raises the question: What is an indirect group? So far it includes all groups with an parent. |
286060d to
3721a97
Compare
|
The definition for "indirect groups of a user" doesn't change in this PR. That definition is: "any ancestor of the user's direct groups" (and by "direct groups" here, I mean This PR only changes the group hierarchy in one way: groups can now have multiple parents. Notably, your example of |
3721a97 to
14ded8a
Compare
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
I think the way you intuitively think about nested groups is that a parent can do everything the child can do, similar to #16282. However, I can also see how you can think of it as inheritance and then inheriting everything the parent can do makes perfect sense. When you can add multiple parents the outcome is the same and in this version the master admin group would simply get every app specific admin group as a parent. |
authentik/core/migrations/0052_groupancestor_groupparentagenode_group_parents.py
Outdated
Show resolved
Hide resolved
authentik/core/migrations/0052_groupancestor_groupparentagenode_group_parents.py
Outdated
Show resolved
Hide resolved
website/docs/users-sources/access-control/initial_permissions.mdx
Outdated
Show resolved
Hide resolved
tanberry
left a comment
There was a problem hiding this comment.
Thank you @gergosimonyi for making our RBAC truly RBAC-y and role-based, and updating the docs!
|
oh yeah before we merge is it possible to merge at least some of the migrations in authentik_core? @gergosimonyi |
|
@BeryJu (I don't like it styled this way but) I merged the last 3. |
* main: (23 commits) *: Auto compress images (#18673) website/integrations: update kimai doc (#18629) root: skip current tab when refreshing others (#18674) core: add digraph group hierarchy (#17050) core: bump astral-sh/uv from 0.9.15 to 0.9.16 (#18668) core: bump goauthentik.io/api/v3 from 3.2025120.16 to 3.2025120.18 (#18661) web: bump type-fest from 5.3.0 to 5.3.1 in /web (#18663) ci: bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (#18666) web: bump vite from 7.2.6 to 7.2.7 in /web (#18662) core: bump goauthentik/fips-debian from `a80dbbd` to `10c8086` (#18665) ci: bump actions/create-github-app-token from 2.2.0 to 2.2.1 (#18664) ci: bump astral-sh/setup-uv from 7.1.4 to 7.1.5 in /.github/actions/setup (#18667) website/docs: background tasks: add more detail about "next run" (#18660) website/docs: install-config: fix dump_config command (#18659) website/integrations: wordpress: fix redirect uri (#18658) stages/mtls: always include cert in flow plan (#18657) endpoints: fix UI bugs, add user binding, etc (#18609) sources/ldap: make server info optional (#18648) web/admin: fix event volume chart not updating with query (#18649) web: Bump types, fix ESLint errors (#17546) ...
No description provided.