73116b9d1a
* policies/expression: migrate to raw python instead of jinja2 * lib/expression: create base evaluator, custom subclass for policies * core: rewrite propertymappings to use python * providers/saml: update to new PropertyMappings * sources/ldap: update to new PropertyMappings * docs: update docs for new propertymappings * root: remove jinja2 * root: re-add jinja to lock file as its implicitly required
1.2 KiB
1.2 KiB
Expression Policies
The passing of the policy is determined by the return value of the code. Use return True
to pass a policy and return False
to fail it.
Available Functions
pb_message(message: str)
Add a message, visible by the end user. This can be used to show the reason why they were denied.
Example:
pb_message("Access denied")
return False
Context variables
request
: A PolicyRequest object, which has the following properties:request.user
: The current User, which the Policy is applied against. (ref)request.http_request
: The Django HTTP Request. (ref)request.obj
: A Django Model instance. This is only set if the Policy is ran against an object.request.context
: A dictionary with dynamic data. This depends on the origin of the execution.
pb_is_sso_flow
: Boolean which is true if request was initiated by authenticating through an external Provider.pb_client_ip
: Client's IP Address or '255.255.255.255' if no IP Address could be extracted.pb_flow_plan
: Current Plan if Policy is called from the Flow Planner.