translate: Updates for file web/xliff/en.xlf in zh_CN by transifex-integration[bot] · Pull Request #15018 · goauthentik/authentik

transifex-integration · 2025-06-12T08:30:56Z

The following localization files have been updated:

Parameter	Value
Source File	web/xliff/en.xlf
Translation File	web/xliff/zh_CN.xlf
Language Code	zh_CN
Transifex Project	authentik
Transifex Resource	web/xliff/en.xlf (main)
Transifex Event	translated
Mode	default

100% translated source file: 'web/xliff/en.xlf' on 'zh_CN'.

netlify · 2025-06-12T08:31:01Z

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	`0ea5050`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/684a9043570188000801591a

netlify · 2025-06-12T08:31:01Z

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	`0ea5050`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/684a9043f398030008dc6c79
😎 Deploy Preview	https://deploy-preview-15018--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

github-actions · 2025-06-12T08:31:08Z

authentik translations instructions

Thanks for your pull request!

authentik translations are handled using Transifex. Please edit translations over there and they'll be included automatically.

codecov · 2025-06-12T08:35:58Z

❌ 4 Tests Failed:

Tests completed	Failed	Passed	Skipped
1822	4	1818	2

View the top 2 failed test(s) by shortest run time

authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers::test_list_role

Stack Traces | 0.916s run time

self = <unittest.case._Outcome object at 0x7fe60b82f1c0>
test_case = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list_role>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list_role>
result = <TestCaseFunction test_list_role>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list_role>
method = <bound method TestRBACPermissionUsers.test_list_role of <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list_role>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list_role>

    def test_list_role(self):
        """Test list of all permissions"""
        self.client.force_login(self.superuser)
        inv = Invitation.objects.create(
            name=generate_id(),
            created_by=self.superuser,
        )
        assign_perm("authentik_stages_invitation.view_invitation", self.user, inv)
>       res = self.client.get(
            reverse("authentik_api:permissions-users-list") + f"?user_id={self.user.pk}"
        )

.../rbac/tests/test_api_permissions_users.py:46: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>
path = '.../rbac/permissions/users/?user_id=268', data = None
follow = False, extra = {}

    def get(self, path, data=None, follow=False, **extra):
>       response = super().get(path, data=data, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:292: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>
path = '.../rbac/permissions/users/?user_id=268', data = None, extra = {}
r = {'QUERY_STRING': 'user_id=268'}, query_string = 'user_id=268'

    def get(self, path, data=None, **extra):
        r = {
            'QUERY_STRING': urlencode(data or {}, doseq=True),
        }
        if not data and '?' in path:
            # Fix to support old behavior where you have the arguments in the
            # url. See #1461.
            query_string = force_bytes(path.split('?')[1])
            query_string = query_string.decode('iso-8859-1')
            r['QUERY_STRING'] = query_string
        r.update(extra)
>       return self.generic('GET', path, **r)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:209: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>, method = 'GET'
path = '.../rbac/permissions/users/?user_id=268', data = ''
content_type = 'application/octet-stream', secure = False
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': 'user_id=268'}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>, method = 'GET'
path = '.../rbac/permissions/users/?user_id=268', data = b''
content_type = 'application/octet-stream', secure = False, headers = None
query_params = None
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': 'user_id=268'}
parsed = ParseResult(scheme='', netloc='', path='.../rbac/permissions/users/', params='', query='user_id=268', fragment='')
r = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': 'user_id=268', 'REQUEST_METHOD': 'GET', ...}

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': 'user_id=268', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': 'user_id=268', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>
request = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': 'user_id=268', 'REQUEST_METHOD': 'GET', ...}
environ = {'CONTENT_TYPE': 'application/octet-stream', 'HTTP_COOKIE': 'authentik_session=w29woxx50340ls2t524qdw3wr1dxpya1', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': 'user_id=268', ...}
data = {'context': [[{'True': True, 'False': False, 'None': None}, {'csrf_token': <SimpleLazyObject: <function csrf.<locals>....se/ske...">, <Template template_string="{% load static %}{%...">, <Template template_string="{% load i18n %}{% g...">]}
on_template_render = functools.partial(<function store_rendered_templates at 0x7fe6332d1120>, {'templates': [<Template template_string="{% ...<IncludeNode: template=<FilterExpression '"base/header_js.html"'>>, <TextNode: '\n'>]>}, {'LANGUAGE_CODE': 'en-us'}]]})
signal_uid = 'template-render-140626351485376'
exception_uid = 'request-exception-140626351485376'
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe60b67f800>
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/?user_id=268'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7fe6275e40d0>
request = <WSGIRequest: GET '.../rbac/permissions/users/?user_id=268'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/?user_id=268'>
args = (), kwargs = {}
current_scope = <Scope id=0x7fe6389d9ee0 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7fe6389dace0 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/?user_id=268'>
args = (), kwargs = {}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/?user_id=268'>
args = (), kwargs = {}
self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>
method = 'head', action = 'list'
handler = <bound method ListModelMixin.list of <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>
request = <rest_framework.request.Request: GET '.../rbac/permissions/users/?user_id=268'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>
request = <rest_framework.request.Request: GET '.../rbac/permissions/users/?user_id=268'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe61c12c9e0>
request = <rest_framework.request.Request: GET '.../rbac/permissions/users/?user_id=268'>
args = (), kwargs = {}, queryset = <QuerySet []>
page = [<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by 267 | eF1xsAOUDBNvxo9iSfoX | view_invitation>]
serializer = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()

    def list(self, request, *args, **kwargs):
        queryset = self.filter_queryset(self.get_queryset())
    
        page = self.paginate_queryset(queryset)
        if page is not None:
            serializer = self.get_serializer(page, many=True)
>           return self.get_paginated_response(serializer.data)

.venv/lib/python3.13.../site-packages/rest_framework/mixins.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()

    @property
    def data(self):
>       ret = super().data

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:797: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()

    @property
    def data(self):
        if hasattr(self, 'initial_data') and not hasattr(self, '_validated_data'):
            msg = (
                'When a serializer is passed a `data` keyword argument you '
                'must call `.is_valid()` before attempting to access the '
                'serialized `.data` representation.\n'
                'You should either call `.is_valid()` first, '
                'or access `.initial_data` instead.'
            )
            raise AssertionError(msg)
    
        if not hasattr(self, '_data'):
            if self.instance is not None and not getattr(self, '_errors', None):
>               self._data = self.to_representation(self.instance)

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:251: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()
data = [<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by 267 | eF1xsAOUDBNvxo9iSfoX | view_invitation>]

    def to_representation(self, data):
        """
        List of object instances -> List of dicts of primitive datatypes.
        """
        # Dealing with nested relationships, data can be a Manager,
        # so, first get a queryset from the Manager if needed
        iterable = data.all() if isinstance(data, models.manager.BaseManager) else data
    
        return [
>           self.child.to_representation(item) for item in iterable
        ]

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:716: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()
instance = <UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by 267 | eF1xsAOUDBNvxo9iSfoX | view_invitation>

    def to_representation(self, instance):
        """
        Object instance -> Dict of primitive datatypes.
        """
        ret = {}
        fields = self._readable_fields
    
        for field in fields:
            try:
                attribute = field.get_attribute(instance)
            except SkipField:
                continue
    
            # We skip `to_representation` for `None` values so that fields do
            # not have to explicitly deal with that case.
            #
            # For related fields with `use_pk_only_optimization` we need to
            # resolve the pk value.
            check_for_none = attribute.pk if isinstance(attribute, PKOnlyObject) else attribute
            if check_for_none is None:
                ret[field.field_name] = None
            else:
>               ret[field.field_name] = field.to_representation(attribute)

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:540: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = SerializerMethodField()
value = <UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by 267 | eF1xsAOUDBNvxo9iSfoX | view_invitation>

    def to_representation(self, value):
        method = getattr(self.parent, self.method_name)
>       return method(value)

.venv/lib/python3.13.../site-packages/rest_framework/fields.py:1870: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()
instance = <UserObjectPermission: Invitation 3d85ffb5-f76f-4399-b133-8cad039aab24 created by 267 | eF1xsAOUDBNvxo9iSfoX | view_invitation>

    def get_object_description(self, instance: UserObjectPermission) -> str | None:
        """Get model description from attached model. This operation takes at least
        one additional query, and the description is only shown if the user/role has the
        view_ permission on the object"""
        app_label = instance.content_type.app_label
        model = instance.content_type.model
        try:
            model_class = apps.get_model(app_label, model)
        except LookupError:
            return None
>       objects = get_objects_for_user(instance.user, f"{app_label}.view_{model}", model_class)

.../rbac/api/rbac_users.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <User: eF1xsAOUDBNvxo9iSfoX>
perms = ['authentik_stages_invitation.view_invitation']
klass = <class 'authentik.stages.invitation.models.Invitation'>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = True

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers::test_list

Stack Traces | 0.982s run time

self = <unittest.case._Outcome object at 0x7fe628dc3700>
test_case = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list>
result = <TestCaseFunction test_list>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list>
method = <bound method TestRBACPermissionUsers.test_list of <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_permissions_users.TestRBACPermissionUsers testMethod=test_list>

    def test_list(self):
        """Test list of all permissions"""
        self.client.force_login(self.superuser)
        inv = Invitation.objects.create(
            name=generate_id(),
            created_by=self.superuser,
        )
        assign_perm("authentik_stages_invitation.view_invitation", self.user, inv)
>       res = self.client.get(reverse("authentik_api:permissions-users-list"))

.../rbac/tests/test_api_permissions_users.py:35: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>
path = '.../rbac/permissions/users/', data = None, follow = False
extra = {}

    def get(self, path, data=None, follow=False, **extra):
>       response = super().get(path, data=data, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:292: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>
path = '.../rbac/permissions/users/', data = None, extra = {}
r = {'QUERY_STRING': ''}

    def get(self, path, data=None, **extra):
        r = {
            'QUERY_STRING': urlencode(data or {}, doseq=True),
        }
        if not data and '?' in path:
            # Fix to support old behavior where you have the arguments in the
            # url. See #1461.
            query_string = force_bytes(path.split('?')[1])
            query_string = query_string.decode('iso-8859-1')
            r['QUERY_STRING'] = query_string
        r.update(extra)
>       return self.generic('GET', path, **r)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:209: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>, method = 'GET'
path = '.../rbac/permissions/users/', data = ''
content_type = 'application/octet-stream', secure = False
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>, method = 'GET'
path = '.../rbac/permissions/users/', data = b''
content_type = 'application/octet-stream', secure = False, headers = None
query_params = None
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}
parsed = ParseResult(scheme='', netloc='', path='.../rbac/permissions/users/', params='', query='', fragment='')
r = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>
request = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
environ = {'CONTENT_TYPE': 'application/octet-stream', 'HTTP_COOKIE': 'authentik_session=q46y5lsv7b8979upbz327w3irf0hsjzv', 'PATH_INFO': '.../rbac/permissions/users/', 'QUERY_STRING': '', ...}
data = {'context': [[{'True': True, 'False': False, 'None': None}, {'csrf_token': <SimpleLazyObject: <function csrf.<locals>....se/ske...">, <Template template_string="{% load static %}{%...">, <Template template_string="{% load i18n %}{% g...">]}
on_template_render = functools.partial(<function store_rendered_templates at 0x7fe6332d1120>, {'templates': [<Template template_string="{% ...<IncludeNode: template=<FilterExpression '"base/header_js.html"'>>, <TextNode: '\n'>]>}, {'LANGUAGE_CODE': 'en-us'}]]})
signal_uid = 'template-render-140626335845952'
exception_uid = 'request-exception-140626335845952'
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7fe61c2403c0>
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7fe6255cee50>
request = <WSGIRequest: GET '.../rbac/permissions/users/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/'>, args = ()
kwargs = {}
current_scope = <Scope id=0x7fe6389d9ee0 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7fe6389dace0 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/'>, args = ()
kwargs = {}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../rbac/permissions/users/'>, args = ()
kwargs = {}
self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>
method = 'head', action = 'list'
handler = <bound method ListModelMixin.list of <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>
request = <rest_framework.request.Request: GET '.../rbac/permissions/users/'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>
request = <rest_framework.request.Request: GET '.../rbac/permissions/users/'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.api.rbac_users.UserPermissionViewSet object at 0x7fe62a168830>
request = <rest_framework.request.Request: GET '.../rbac/permissions/users/'>
args = (), kwargs = {}, queryset = <QuerySet []>
page = [<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by 265 | NzgAUz2c1cJMM05UGt1p | view_invitation>]
serializer = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()

    def list(self, request, *args, **kwargs):
        queryset = self.filter_queryset(self.get_queryset())
    
        page = self.paginate_queryset(queryset)
        if page is not None:
            serializer = self.get_serializer(page, many=True)
>           return self.get_paginated_response(serializer.data)

.venv/lib/python3.13.../site-packages/rest_framework/mixins.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()

    @property
    def data(self):
>       ret = super().data

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:797: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()

    @property
    def data(self):
        if hasattr(self, 'initial_data') and not hasattr(self, '_validated_data'):
            msg = (
                'When a serializer is passed a `data` keyword argument you '
                'must call `.is_valid()` before attempting to access the '
                'serialized `.data` representation.\n'
                'You should either call `.is_valid()` first, '
                'or access `.initial_data` instead.'
            )
            raise AssertionError(msg)
    
        if not hasattr(self, '_data'):
            if self.instance is not None and not getattr(self, '_errors', None):
>               self._data = self.to_representation(self.instance)

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:251: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()
data = [<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by 265 | NzgAUz2c1cJMM05UGt1p | view_invitation>]

    def to_representation(self, data):
        """
        List of object instances -> List of dicts of primitive datatypes.
        """
        # Dealing with nested relationships, data can be a Manager,
        # so, first get a queryset from the Manager if needed
        iterable = data.all() if isinstance(data, models.manager.BaseManager) else data
    
        return [
>           self.child.to_representation(item) for item in iterable
        ]

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:716: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()
instance = <UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by 265 | NzgAUz2c1cJMM05UGt1p | view_invitation>

    def to_representation(self, instance):
        """
        Object instance -> Dict of primitive datatypes.
        """
        ret = {}
        fields = self._readable_fields
    
        for field in fields:
            try:
                attribute = field.get_attribute(instance)
            except SkipField:
                continue
    
            # We skip `to_representation` for `None` values so that fields do
            # not have to explicitly deal with that case.
            #
            # For related fields with `use_pk_only_optimization` we need to
            # resolve the pk value.
            check_for_none = attribute.pk if isinstance(attribute, PKOnlyObject) else attribute
            if check_for_none is None:
                ret[field.field_name] = None
            else:
>               ret[field.field_name] = field.to_representation(attribute)

.venv/lib/python3.13............/site-packages/rest_framework/serializers.py:540: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = SerializerMethodField()
value = <UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by 265 | NzgAUz2c1cJMM05UGt1p | view_invitation>

    def to_representation(self, value):
        method = getattr(self.parent, self.method_name)
>       return method(value)

.venv/lib/python3.13.../site-packages/rest_framework/fields.py:1870: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = ExtraUserObjectPermissionSerializer([<UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by... = SerializerMethodField()
    model_verbose = SerializerMethodField()
    object_description = SerializerMethodField()
instance = <UserObjectPermission: Invitation e8ce827d-4a85-4230-a8d4-8555ea295545 created by 265 | NzgAUz2c1cJMM05UGt1p | view_invitation>

    def get_object_description(self, instance: UserObjectPermission) -> str | None:
        """Get model description from attached model. This operation takes at least
        one additional query, and the description is only shown if the user/role has the
        view_ permission on the object"""
        app_label = instance.content_type.app_label
        model = instance.content_type.model
        try:
            model_class = apps.get_model(app_label, model)
        except LookupError:
            return None
>       objects = get_objects_for_user(instance.user, f"{app_label}.view_{model}", model_class)

.../rbac/api/rbac_users.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <User: NzgAUz2c1cJMM05UGt1p>
perms = ['authentik_stages_invitation.view_invitation']
klass = <class 'authentik.stages.invitation.models.Invitation'>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = True

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

View the full list of 1 ❄️ flaky tests

authentik.core.tests.test_impersonation.TestImpersonation::test_impersonate_denied

Flake rate in main: 24.00% (Passed 19 times, Failed 6 times)

Stack Traces | 0.816s run time

self = <unittest.case._Outcome object at 0x7f6db8d1fee0>
test_case = <authentik.core.tests.test_impersonation.TestImpersonation testMethod=test_impersonate_denied>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_impersonation.TestImpersonation testMethod=test_impersonate_denied>
result = <TestCaseFunction test_impersonate_denied>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_impersonation.TestImpersonation testMethod=test_impersonate_denied>
method = <bound method TestImpersonation.test_impersonate_denied of <authentik.core.tests.test_impersonation.TestImpersonation testMethod=test_impersonate_denied>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.tests.test_impersonation.TestImpersonation testMethod=test_impersonate_denied>

    def test_impersonate_denied(self):
        """test impersonation without permissions"""
        self.client.force_login(self.other_user)
    
>       response = self.client.post(
            reverse("authentik_api:user-impersonate", kwargs={"pk": self.user.pk}),
            data={"reason": "some reason"},
        )

.../core/tests/test_impersonation.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>
path = '.../users/210/impersonate/', data = {'reason': 'some reason'}
format = None, content_type = None, follow = False, extra = {}

    def post(self, path, data=None, format=None, content_type=None,
             follow=False, **extra):
>       response = super().post(
            path, data=data, format=format, content_type=content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:299: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>
path = '.../users/210/impersonate/', data = b'{"reason":"some reason"}'
format = None, content_type = 'application/json', extra = {}

    def post(self, path, data=None, format=None, content_type=None, **extra):
        data, content_type = self._encode_data(data, format, content_type)
>       return self.generic('POST', path, data, content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:213: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>, method = 'POST'
path = '.../users/210/impersonate/', data = b'{"reason":"some reason"}'
content_type = 'application/json', secure = False
extra = {'CONTENT_TYPE': 'application/json'}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>, method = 'POST'
path = '.../users/210/impersonate/', data = b'{"reason":"some reason"}'
content_type = 'application/json', secure = False, headers = None
query_params = None, extra = {'CONTENT_TYPE': 'application/json'}
parsed = ParseResult(scheme='', netloc='', path='.../users/210/impersonate/', params='', query='', fragment='')
r = {'CONTENT_LENGTH': '24', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../users/210/impersonate/', 'QUERY_STRING': '', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>
kwargs = {'CONTENT_LENGTH': '24', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../users/210/impersonate/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>
kwargs = {'CONTENT_LENGTH': '24', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../users/210/impersonate/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>
request = {'CONTENT_LENGTH': '24', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../users/210/impersonate/', 'QUERY_STRING': '', ...}
environ = {'CONTENT_LENGTH': '24', 'CONTENT_TYPE': 'application/json', 'HTTP_COOKIE': 'authentik_session=w78e6b76si52146oklv52vvmxn0f88v1', 'PATH_INFO': '.../users/210/impersonate/', ...}
data = {}
on_template_render = functools.partial(<function store_rendered_templates at 0x7f6dc4891120>, {})
signal_uid = 'template-render-140109227648448'
exception_uid = 'request-exception-140109227648448'
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7f6db90dafc0>
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: POST '.../users/210/impersonate/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7f6dbb37d3d0>
request = <WSGIRequest: POST '.../users/210/impersonate/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: POST '.../users/210/impersonate/'>, args = ()
kwargs = {'pk': '210'}
current_scope = <Scope id=0x7f6dca04dee0 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7f6dca04ece0 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: POST '.../users/210/impersonate/'>, args = ()
kwargs = {'pk': '210'}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: POST '.../users/210/impersonate/'>, args = ()
kwargs = {'pk': '210'}
self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
method = 'post', action = 'impersonate'
handler = <bound method UserViewSet.impersonate of <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
request = <rest_framework.request.Request: POST '.../users/210/impersonate/'>
args = (), kwargs = {'pk': '210'}
handler = <bound method UserViewSet.impersonate of <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
request = <rest_framework.request.Request: POST '.../users/210/impersonate/'>
args = (), kwargs = {'pk': '210'}
handler = <bound method UserViewSet.impersonate of <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
request = <rest_framework.request.Request: POST '.../users/210/impersonate/'>
args = (), kwargs = {'pk': '210'}

    @wraps(func)
    def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response:
        if obj_perm:
>           _check_obj_perm(self, request)

authentik/rbac/decorators.py:33: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
request = <rest_framework.request.Request: POST '.../users/210/impersonate/'>

    def _check_obj_perm(self: ModelViewSet, request: Request):
        # Check obj_perm both globally and on the specific object
        # Having the global permission has higher priority
        if request.user.has_perm(obj_perm):
            return
>       obj = self.get_object()

authentik/rbac/decorators.py:22: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>

    def get_object(self):
        """
        Returns the object the view is displaying.
    
        You may want to override this if you need to provide non-standard
        queryset lookups.  Eg if objects are referenced using multiple
        keyword arguments in the url conf.
        """
>       queryset = self.filter_queryset(self.get_queryset())

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:87: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>
queryset = <UserQuerySet []>

    def filter_queryset(self, queryset):
        """
        Given a queryset, filter it with whichever filter backend is in use.
    
        You are unlikely to want to override this method, although you may need
        to call it either from a list view, or from a custom `get_object`
        method if you want to apply the configured filtering backend to the
        default queryset.
        """
        for backend in list(self.filter_backends):
>           queryset = backend().filter_queryset(self.request, queryset, self)

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:154: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7f6db582f550>
request = <rest_framework.request.Request: POST '.../users/210/impersonate/'>
queryset = <UserQuerySet []>
view = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>

    def filter_queryset(self, request: Request, queryset: QuerySet, view: APIView) -> QuerySet:
        permission = self.perm_format % {
            "app_label": queryset.model._meta.app_label,
            "model_name": queryset.model._meta.model_name,
        }
        # having the global permission set on a user has higher priority than
        # per-object permissions
        if request.user.has_perm(permission):
            return queryset
        # User does not have permissions, but we have an owner field defined, so filter by that
        if owner_field := getattr(view, "owner_field", None):
            return queryset.filter(**{owner_field: request.user})
>       queryset = super().filter_queryset(request, queryset, view)

authentik/rbac/filters.py:32: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7f6db582f550>
request = <rest_framework.request.Request: POST '.../users/210/impersonate/'>
queryset = <UserQuerySet []>
view = <authentik.core.api.users.UserViewSet object at 0x7f6db8c60140>

    def filter_queryset(self, request, queryset, view):
        # We want to defer this import until runtime, rather than import-time.
        # See https://github..../django-rest-framework/issues/4608
        # (Also see #1624 for why we need to make this import explicitly)
        from guardian.shortcuts import get_objects_for_user
    
        user = request.user
        permission = self.perm_format % {
            'app_label': queryset.model._meta.app_label,
            'model_name': queryset.model._meta.model_name,
        }
    
>       return get_objects_for_user(
            user, permission, queryset,
            **self.shortcut_kwargs)

.venv/lib/python3.13.../site-packages/rest_framework_guardian/filters.py:28: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <SimpleLazyObject: <User: DExgBmoLceY6OIzGie3o>>
perms = ['authentik_core.view_user'], klass = <UserQuerySet []>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = False

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

* main: website/docs: also hide the postgres pool_options setting (#15023) blueprints: sort schema items (#15022) website: bump the build group in /website with 6 updates (#15027) core: bump astral-sh/uv from 0.7.12 to 0.7.13 (#15028) core: bump twilio from 9.6.2 to 9.6.3 (#15029) core: bump sentry-sdk from 2.29.1 to 2.30.0 (#15030) core: bump kubernetes from 32.0.1 to 33.1.0 (#15031) core, web: update translations (#15026) web: bump the sentry group across 1 directory with 2 updates (#15025) translate: Updates for file web/xliff/en.xlf in zh_CN (#15018) lifecycle/aws: bump aws-cdk from 2.1018.0 to 2.1018.1 in /lifecycle/aws (#15016) website: bump postcss from 8.5.4 to 8.5.5 in /website (#15013) website: bump @types/node from 24.0.0 to 24.0.1 in /website (#15014) core: fix transaction test case (#15021) translate: Updates for file web/xliff/en.xlf in zh-Hans (#15019) website/docs: correct minor version in release notes (#15012) root: test label handling and error reporting in PytestTestRunner (#14000) outposts/ldap: Handle comma-separated attributes in LDAP search requests (#15000) website/integrations: standardize application slug placeholder in docs (#15007) core: bump django from 5.1.10 to 5.1.11 (#14997)

) Translate web/xliff/en.xlf in zh_CN 100% translated source file: 'web/xliff/en.xlf' on 'zh_CN'. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

Translate web/xliff/en.xlf in zh_CN

0ea5050

100% translated source file: 'web/xliff/en.xlf' on 'zh_CN'.

transifex-integration Bot requested review from a team as code owners June 12, 2025 08:30

authentik-automation Bot added the dependencies Pull requests that update a dependency file label Jun 12, 2025

authentik-automation Bot changed the title ~~Updates for file web/xliff/en.xlf in zh_CN~~ translate: Updates for file web/xliff/en.xlf in zh_CN Jun 12, 2025

authentik-automation Bot enabled auto-merge (squash) June 12, 2025 08:31

BeryJu approved these changes Jun 12, 2025

View reviewed changes

BeryJu disabled auto-merge June 13, 2025 00:08

BeryJu merged commit a74674c into main Jun 13, 2025
87 of 101 checks passed

BeryJu deleted the translations_c2121861c815af81d0bc88d61b4a85fe_zh_CN branch June 13, 2025 00:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

translate: Updates for file web/xliff/en.xlf in zh_CN#15018

translate: Updates for file web/xliff/en.xlf in zh_CN#15018
BeryJu merged 1 commit into
mainfrom
translations_c2121861c815af81d0bc88d61b4a85fe_zh_CN

transifex-integration Bot commented Jun 12, 2025

Uh oh!

netlify Bot commented Jun 12, 2025 •

edited

Loading

Uh oh!

netlify Bot commented Jun 12, 2025 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 12, 2025

Uh oh!

codecov Bot commented Jun 12, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

transifex-integration Bot commented Jun 12, 2025

Uh oh!

netlify Bot commented Jun 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for authentik-docs canceled.

Uh oh!

netlify Bot commented Jun 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for authentik-storybook ready!

Uh oh!

github-actions Bot commented Jun 12, 2025

authentik translations instructions

Uh oh!

codecov Bot commented Jun 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ 4 Tests Failed:

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

netlify Bot commented Jun 12, 2025 •

edited

Loading

netlify Bot commented Jun 12, 2025 •

edited

Loading

codecov Bot commented Jun 12, 2025 •

edited

Loading