diff --git a/docs/policies/expression/index.md b/docs/policies/expression/index.md index fea268056..418c4b9eb 100644 --- a/docs/policies/expression/index.md +++ b/docs/policies/expression/index.md @@ -12,6 +12,8 @@ The following objects are passed into the variable: - `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object. - `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider. - `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`. +- `pb_logger`: Standard Python Logger Object, which can be used to debug expressions. +- `pb_client_ip`: Client's IP Address. There are also the following custom filters available: diff --git a/passbook/policies/expression/evaluator.py b/passbook/policies/expression/evaluator.py index baa22e278..39943202d 100644 --- a/passbook/policies/expression/evaluator.py +++ b/passbook/policies/expression/evaluator.py @@ -9,6 +9,7 @@ from jinja2.nativetypes import NativeEnvironment from structlog import get_logger from passbook.factors.view import AuthenticationView +from passbook.lib.utils.http import get_client_ip from passbook.policies.types import PolicyRequest, PolicyResult if TYPE_CHECKING: @@ -55,6 +56,9 @@ class Evaluator: ) kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member kwargs["pb_logger"] = get_logger() + kwargs["pb_client_ip"] = ( + get_client_ip(request.http_request) or "255.255.255.255" + ) return kwargs def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult: diff --git a/passbook/policies/expression/templates/policy/expression/form.html b/passbook/policies/expression/templates/policy/expression/form.html index 65274b195..58cf832b0 100644 --- a/passbook/policies/expression/templates/policy/expression/form.html +++ b/passbook/policies/expression/templates/policy/expression/form.html @@ -15,6 +15,8 @@
request.obj
: Model the Policy is run against. pb_is_sso_flow
: Boolean which is true if request was initiated by authenticating through an external Provider.pb_is_group_member(user, group_name)
: Function which checks if user
is member of a Group with Name group_name
.pb_logger
: Standard Python Logger Object, which can be used to debug expressions.pb_client_ip
: Client's IP Address.Custom Filters: