core: add digraph group hierarchy (#17050)

* move imports * core: add digraph group hierarchy * move to permissions from Group or User to Role * set group parents on frontend * do not serialize `GroupParentageNode` directly * core: enforce unique group name on database level Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use group parents in LDAP provider * add user-role relationship control to frontend * move materialized view to be more discoverable * add guardian to mypy exceptions * make `Role` a `ManagedModel` * fixup! make `Role` a `ManagedModel` * simplify `get_objects_for_user` * fix flaky unit test * rename `django-guardian` fork to `ak-guardian` * add tests around users/groups/roles * remove unused guardian config variable * simplify guardian file structure * clean up frontend * initial docs * remove `mode` from `InitialPermissions` This is no longer needed, since users no longer directly have permissions. * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * clean up docs for managing permissions * addendums from docs review * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * tweaks * dewi and tana edits to docs * tweak * truly final tweaks, for now * relabel Role Permissions table * clarify button label * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * merge migrations * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tana@goauthentik.io>
2026-04-27 09:57:31 +02:00 · 2025-12-08 12:04:04 +01:00
parent d54409c5dd
commit f7e23295ed
159 changed files with 4511 additions and 2849 deletions
--- a/website/docs/users-sources/user/user_basic_operations.md
+++ b/website/docs/users-sources/user/user_basic_operations.md
@@ -89,7 +89,13 @@ For more information, review ["Permissions"](../access-control/permissions.md).

 1. To add a user to a group, navigate to **Directory** > **Users** to display all users.
 2. Click the name of the user to display the full user details page.
-3. Click the **Groups** tab, and then click either **Add to existing group** or **Add to new group**.
+3. Click the **Groups** tab, and then click either **Add to existing group** (or **Add new group** first).
+
+## Add a user to a role
+
+1. To add a user to a role, navigate to **Directory > Users** to display all users.
+2. Click the name of the user to display the full user details page.
+3. Click the **Roles** tab, and then click either **Add to existing role** (or **Add new role** first).

 ## User credentials recovery