policies/expression: add pb_client_ip field

This commit is contained in:
Jens Langhammer 2020-02-22 19:26:16 +01:00
parent 995c87938f
commit 83da175749
3 changed files with 8 additions and 0 deletions

View file

@ -12,6 +12,8 @@ The following objects are passed into the variable:
- `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object. - `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object.
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider. - `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider.
- `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`. - `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`.
- `pb_logger`: Standard Python Logger Object, which can be used to debug expressions.
- `pb_client_ip`: Client's IP Address.
There are also the following custom filters available: There are also the following custom filters available:

View file

@ -9,6 +9,7 @@ from jinja2.nativetypes import NativeEnvironment
from structlog import get_logger from structlog import get_logger
from passbook.factors.view import AuthenticationView from passbook.factors.view import AuthenticationView
from passbook.lib.utils.http import get_client_ip
from passbook.policies.types import PolicyRequest, PolicyResult from passbook.policies.types import PolicyRequest, PolicyResult
if TYPE_CHECKING: if TYPE_CHECKING:
@ -55,6 +56,9 @@ class Evaluator:
) )
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
kwargs["pb_logger"] = get_logger() kwargs["pb_logger"] = get_logger()
kwargs["pb_client_ip"] = (
get_client_ip(request.http_request) or "255.255.255.255"
)
return kwargs return kwargs
def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult: def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult:

View file

@ -15,6 +15,8 @@
<li><code>request.obj</code>: Model the Policy is run against. </li> <li><code>request.obj</code>: Model the Policy is run against. </li>
<li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li> <li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li>
<li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li> <li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li>
<li><code>pb_logger</code>: Standard Python Logger Object, which can be used to debug expressions.</li>
<li><code>pb_client_ip</code>: Client's IP Address.</li>
</ul> </ul>
<p>Custom Filters:</p> <p>Custom Filters:</p>
<ul> <ul>