2020-06-05 10:00:27 +00:00
|
|
|
# Expression Policies
|
|
|
|
|
|
|
|
The passing of the policy is determined by the return value of the code. Use `return True` to pass a policy and `return False` to fail it.
|
|
|
|
|
|
|
|
### Available Functions
|
|
|
|
|
|
|
|
#### `pb_message(message: str)`
|
|
|
|
|
|
|
|
Add a message, visible by the end user. This can be used to show the reason why they were denied.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```python
|
|
|
|
pb_message("Access denied")
|
|
|
|
return False
|
|
|
|
```
|
|
|
|
|
|
|
|
### Context variables
|
|
|
|
|
|
|
|
- `request`: A PolicyRequest object, which has the following properties:
|
2020-06-18 18:34:26 +00:00
|
|
|
- `request.user`: The current user, against which the policy is applied. ([ref](../expressions/reference/user-object.md))
|
2020-06-05 10:00:27 +00:00
|
|
|
- `request.http_request`: The Django HTTP Request. ([ref](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects))
|
2020-06-18 18:34:26 +00:00
|
|
|
- `request.obj`: A Django Model instance. This is only set if the policy is ran against an object.
|
2020-06-05 10:00:27 +00:00
|
|
|
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
|
2020-06-18 18:34:26 +00:00
|
|
|
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
|
2020-06-05 10:00:27 +00:00
|
|
|
- `pb_client_ip`: Client's IP Address or '255.255.255.255' if no IP Address could be extracted.
|
|
|
|
- `pb_flow_plan`: Current Plan if Policy is called from the Flow Planner.
|