policies: fix display of policy result source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-04 14:04:41 +02:00
parent 5b5d7e4997
commit 37a14858ad
6 changed files with 61 additions and 50 deletions

View File

@ -39,8 +39,11 @@ class PolicySerializer(ModelSerializer, MetaNameSerializer):
super().__init__(*args, **kwargs)
self._resolve_inheritance = resolve_inheritance
def get_component(self, obj: Policy) -> str:
def get_component(self, obj: Policy) -> str: # pragma: no cover
"""Get object component so that we know how to edit the object"""
# pyright: reportGeneralTypeIssues=false
if obj.__class__ == Policy:
return ""
return obj.component
def get_bound_to(self, obj: Policy) -> int:

View File

@ -149,6 +149,7 @@ class PolicyEngine:
if self.mode == PolicyEngineMode.MODE_ANY:
passing = any(x.passing for x in all_results)
result = PolicyResult(passing)
result.source_results = all_results
result.messages = tuple(y for x in all_results for y in x.messages)
return result

View File

@ -112,10 +112,17 @@ class PolicyBinding(SerializerModel):
return PolicyBindingSerializer
def __str__(self) -> str:
suffix = ""
if self.policy:
suffix = f"Policy {self.policy.name}"
if self.group:
suffix = f"Group {self.group.name}"
if self.user:
suffix = f"User {self.user.name}"
try:
return f"Policy Binding {self.target} #{self.order} {self.policy}"
return f"Binding from {self.target} #{self.order} to {suffix}"
except PolicyBinding.target.RelatedObjectDoesNotExist: # pylint: disable=no-member
return f"Policy Binding - #{self.order} {self.policy}"
return f"Binding - #{self.order} to {suffix}"
class Meta:

View File

@ -100,7 +100,7 @@ class PolicyProcess(PROCESS_CLASS):
self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
LOGGER.debug("P_ENG(proc): error", exc=src_exc)
policy_result = PolicyResult(False, str(src_exc))
policy_result.source_policy = self.binding.policy
policy_result.source_binding = self.binding
# Invert result if policy.negate is set
if self.binding.negate:
policy_result.passing = not policy_result.passing

View File

@ -3,11 +3,11 @@
{% load static %}
{% load i18n %}
{% block card_title %}
{% trans 'Permission denied' %}
{% block title %}
{% trans 'Permission denied - authentik' %}
{% endblock %}
{% block title %}
{% block card_title %}
{% trans 'Permission denied' %}
{% endblock %}
@ -40,8 +40,8 @@
<ul class="pf-c-list">
{% for source_result in policy_result.source_results %}
<li>
{% blocktrans with name=source_result.source_policy.name result=source_result.passing %}
Policy '{{ name }}' returned result '{{ result }}'
{% blocktrans with name=source_result.source_binding result=source_result.passing %}
Policy binding '{{ name }}' returned result '{{ result }}'
{% endblocktrans %}
{% if source_result.messages %}
<ul class="pf-c-list">

View File

@ -14,7 +14,7 @@ from authentik.lib.utils.http import get_client_ip
if TYPE_CHECKING:
from authentik.core.models import User
from authentik.policies.models import Policy
from authentik.policies.models import PolicyBinding
LOGGER = get_logger()
@ -61,14 +61,14 @@ class PolicyResult:
passing: bool
messages: tuple[str, ...]
source_policy: Optional[Policy]
source_binding: Optional["PolicyBinding"]
source_results: Optional[list["PolicyResult"]]
def __init__(self, passing: bool, *messages: str):
super().__init__()
self.passing = passing
self.messages = messages
self.source_policy = None
self.source_binding = None
self.source_results = []
def __repr__(self):