* move imports
* core: add digraph group hierarchy
* move to permissions from Group or User to Role
* set group parents on frontend
* do not serialize `GroupParentageNode` directly
* core: enforce unique group name on database level
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use group parents in LDAP provider
* add user-role relationship control to frontend
* move materialized view to be more discoverable
* add guardian to mypy exceptions
* make `Role` a `ManagedModel`
* fixup! make `Role` a `ManagedModel`
* simplify `get_objects_for_user`
* fix flaky unit test
* rename `django-guardian` fork to `ak-guardian`
* add tests around users/groups/roles
* remove unused guardian config variable
* simplify guardian file structure
* clean up frontend
* initial docs
* remove `mode` from `InitialPermissions`
This is no longer needed, since users no longer directly have permissions.
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* clean up docs for managing permissions
* addendums from docs review
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* tweaks
* dewi and tana edits to docs
* tweak
* truly final tweaks, for now
* relabel Role Permissions table
* clarify button label
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* merge migrations
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
* basic procedural steps
* more questions, more typos
* more typos
* tweaks
* more content, new links
* fixed link
* tweak
* fix things
* more fixes
* yet more fixes
* Apply suggestions from code review
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/users-sources/access-control/initial_permissions.mdx
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* dewi's edits
* dominic's edits
* gergo edits and more dominic edits
* one more
* yet one more fix
* final gergo observation
* tweak
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
* Added example of how to get user objects fro a group object
* Updated wording
* Updated wording, added titles to examples, capitalised group, added explanation of examples
* Update website/docs/users-sources/groups/group_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/groups/group_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/groups/group_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/groups/group_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/groups/group_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/groups/group_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/groups/group_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Changes based on Tana's feedback
* Word
* Capitalization
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
* first pass at removing wizard
* missed one
* Replaced the word modal wth the word box or simply rewrote to avoid saying modal.
* typo
---------
Co-authored-by: Tana M Berry <tana@goauthentik.com>
While for role memberships, it is true that they are only applied for _direct_ memberships, this does not appear to be the case for attributes (which is good as this also follows the "Hierarchy" system documented in the same file).
In terms of the implementation, this is the case due to the call to `all_groups()` in 3d5a189fa7/authentik/core/models.py (L312-L313), introduced in https://github.com/goauthentik/authentik/pull/6017. Looking through the files in there, it is clear that this line in the documentation is from before that point: 95e60a035d/website/docs/user-group/group.md (L15).
tl;dr: the documentation was correct before #6017, but is now out of date. This change fixes that.
Signed-off-by: Zuri Klaschka <pklaschka@users.noreply.github.com>
