rbac: filters: fix missing attribute for unauthenticated requests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
goauthentik · Jun 10, 2024 · 0e70f3c · 0e70f3c
1 parent adc0ec8
commit 0e70f3c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/authentik/rbac/filters.py b/authentik/rbac/filters.py
@@ -25,7 +25,7 @@ def filter_queryset(self, request: Request, queryset: QuerySet, view) -> QuerySe
         # Outposts (which are the only objects using internal service accounts)
         # except requests to return an empty list when they have no objects
         # assigned
-        if request.user.type == UserTypes.INTERNAL_SERVICE_ACCOUNT:
+        if getattr(request.user, "type", None) == UserTypes.INTERNAL_SERVICE_ACCOUNT:
             return queryset
         if not queryset.exists():
             # User doesn't have direct permission to all objects