Merge pull request #2 from OpenRailAssociation/api-permissions

OpenRailAssociation · Feb 28, 2025 · bb982bb · bb982bb
2 parents 7eb8596 + 23c3707
commit bb982bb
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -88,6 +88,19 @@ auth-user-mgr sync --help
 
 The application's configuration and the list of managed users are stored in YAML files. You can find sample configuration files in the [`config/`](./config/) directory.
 
+#### API permissions
+
+Especially for automated syncs, it is recommended to set up a system user in Authentik and create an API token for them. The following permissions are required:
+
+- User: Can view User
+- Group: Can view Group
+- Group: Add user to group
+- Group: Remove user from group
+- Flow: Can view Flow
+- Invitation: Can view Invitation
+- Invitation: Can add Invitation
+- Invitation: Can delete Invitation
+
 
 ## Development and Contribution
 

diff --git a/auth_user_mgr/_api.py b/auth_user_mgr/_api.py
@@ -86,6 +86,16 @@ def api_call(  # pylint: disable=too-many-positional-arguments, too-many-argumen
             else:
                 raise ValueError(f"Invalid method: {method}")
 
+        if response.status_code not in range(200, 300):
+            logging.error(
+                "API call '%s %s' with data '%s' exited with a non 2xx status code (%s): %s",
+                method,
+                url,
+                data,
+                response.status_code,
+                response.text,
+            )
+
         # Convert response JSON to dict
         try:
             result: dict = json.loads(response.text)