policies/expression: add pb_client_ip field
This commit is contained in:
parent
995c87938f
commit
83da175749
|
@ -12,6 +12,8 @@ The following objects are passed into the variable:
|
||||||
- `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object.
|
- `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object.
|
||||||
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider.
|
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider.
|
||||||
- `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`.
|
- `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`.
|
||||||
|
- `pb_logger`: Standard Python Logger Object, which can be used to debug expressions.
|
||||||
|
- `pb_client_ip`: Client's IP Address.
|
||||||
|
|
||||||
There are also the following custom filters available:
|
There are also the following custom filters available:
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ from jinja2.nativetypes import NativeEnvironment
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
|
||||||
from passbook.factors.view import AuthenticationView
|
from passbook.factors.view import AuthenticationView
|
||||||
|
from passbook.lib.utils.http import get_client_ip
|
||||||
from passbook.policies.types import PolicyRequest, PolicyResult
|
from passbook.policies.types import PolicyRequest, PolicyResult
|
||||||
|
|
||||||
if TYPE_CHECKING:
|
if TYPE_CHECKING:
|
||||||
|
@ -55,6 +56,9 @@ class Evaluator:
|
||||||
)
|
)
|
||||||
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
|
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
|
||||||
kwargs["pb_logger"] = get_logger()
|
kwargs["pb_logger"] = get_logger()
|
||||||
|
kwargs["pb_client_ip"] = (
|
||||||
|
get_client_ip(request.http_request) or "255.255.255.255"
|
||||||
|
)
|
||||||
return kwargs
|
return kwargs
|
||||||
|
|
||||||
def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult:
|
def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult:
|
||||||
|
|
|
@ -15,6 +15,8 @@
|
||||||
<li><code>request.obj</code>: Model the Policy is run against. </li>
|
<li><code>request.obj</code>: Model the Policy is run against. </li>
|
||||||
<li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li>
|
<li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li>
|
||||||
<li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li>
|
<li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li>
|
||||||
|
<li><code>pb_logger</code>: Standard Python Logger Object, which can be used to debug expressions.</li>
|
||||||
|
<li><code>pb_client_ip</code>: Client's IP Address.</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>Custom Filters:</p>
|
<p>Custom Filters:</p>
|
||||||
<ul>
|
<ul>
|
||||||
|
|
Reference in a new issue