policies: fix missing negate flag of policy bindings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-31 11:50:29 +02:00
parent 264a170a7e
commit e24a9e3119
6 changed files with 90 additions and 3 deletions

View file

@ -75,6 +75,7 @@ class PolicyBindingSerializer(ModelSerializer):
"group_obj",
"user_obj",
"target",
"negate",
"enabled",
"order",
"timeout",

View file

@ -93,6 +93,9 @@ class PolicyProcess(PROCESS_CLASS):
)
try:
policy_result = self.binding.passes(self.request)
# Invert result if policy.negate is set
if self.binding.negate:
policy_result.passing = not policy_result.passing
if self.binding.policy and not self.request.debug:
if self.binding.policy.execution_logging:
self.create_event(
@ -114,9 +117,6 @@ class PolicyProcess(PROCESS_CLASS):
LOGGER.debug("P_ENG(proc): error", exc=src_exc)
policy_result = PolicyResult(False, str(src_exc))
policy_result.source_binding = self.binding
# Invert result if policy.negate is set
if self.binding.negate:
policy_result.passing = not policy_result.passing
if not self.request.debug:
key = cache_key(self.binding, self.request)
cache.set(key, policy_result)

View file

@ -22802,6 +22802,9 @@ components:
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
@ -23524,6 +23527,9 @@ components:
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
@ -23560,6 +23566,9 @@ components:
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:

View file

@ -431,6 +431,10 @@ msgstr "Branding settings"
msgid "Branding shown in page title and several other places."
msgstr "Branding shown in page title and several other places."
#: src/elements/user/SessionList.ts
msgid "Browser"
msgstr "Browser"
#: src/pages/admin-overview/cards/VersionStatusCard.ts
msgid "Build hash: {0}"
msgstr "Build hash: {0}"
@ -1018,6 +1022,10 @@ msgstr "Delete Consent"
msgid "Delete Refresh Code"
msgstr "Delete Refresh Code"
#: src/elements/user/SessionList.ts
msgid "Delete Session"
msgstr "Delete Session"
#: src/pages/user-settings/UserDetailsPage.ts
msgid "Delete account"
msgstr "Delete account"
@ -1070,6 +1078,10 @@ msgstr "Determines how authentik sends the response back to the Service Provider
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
msgstr "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
#: src/elements/user/SessionList.ts
msgid "Device"
msgstr "Device"
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
msgid "Device classes"
msgstr "Device classes"
@ -1369,6 +1381,7 @@ msgstr "Execution logging"
#: src/elements/oauth/UserCodeList.ts
#: src/elements/oauth/UserRefreshList.ts
#: src/elements/user/SessionList.ts
#: src/elements/user/UserConsentList.ts
#: src/pages/stages/invitation/InvitationForm.ts
msgid "Expires"
@ -1872,6 +1885,10 @@ msgstr "Label"
msgid "Label shown next to/above the prompt."
msgstr "Label shown next to/above the prompt."
#: src/elements/user/SessionList.ts
msgid "Last IP"
msgstr "Last IP"
#: src/pages/groups/MemberSelectModal.ts
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
@ -2223,6 +2240,14 @@ msgstr "NameID Property Mapping"
msgid "Need an account?"
msgstr "Need an account?"
#: src/pages/policies/PolicyBindingForm.ts
msgid "Negate result"
msgstr "Negate result"
#: src/pages/policies/PolicyBindingForm.ts
msgid "Negates the outcome of the binding. Messages are unaffected."
msgstr "Negates the outcome of the binding. Messages are unaffected."
#: src/pages/events/EventInfo.ts
msgid "New version available!"
msgstr "New version available!"
@ -3085,6 +3110,10 @@ msgstr "Service Provider Binding"
msgid "Service connection"
msgstr "Service connection"
#: src/elements/user/SessionList.ts
msgid "Session"
msgstr "Session"
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Session duration"
msgstr "Session duration"
@ -3097,6 +3126,10 @@ msgstr "Session not valid on or after current time + this value (Format: hours=1
msgid "Session valid not on or after"
msgstr "Session valid not on or after"
#: src/pages/users/UserViewPage.ts
msgid "Sessions"
msgstr "Sessions"
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "Set HTTP-Basic Authentication"

View file

@ -427,6 +427,10 @@ msgstr ""
msgid "Branding shown in page title and several other places."
msgstr ""
#:
msgid "Browser"
msgstr ""
#:
msgid "Build hash: {0}"
msgstr ""
@ -1012,6 +1016,10 @@ msgstr ""
msgid "Delete Refresh Code"
msgstr ""
#:
msgid "Delete Session"
msgstr ""
#:
msgid "Delete account"
msgstr ""
@ -1062,6 +1070,10 @@ msgstr ""
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
msgstr ""
#:
msgid "Device"
msgstr ""
#:
msgid "Device classes"
msgstr ""
@ -1363,6 +1375,7 @@ msgstr ""
#:
#:
#:
#:
msgid "Expires"
msgstr ""
@ -1864,6 +1877,10 @@ msgstr ""
msgid "Label shown next to/above the prompt."
msgstr ""
#:
msgid "Last IP"
msgstr ""
#:
#:
#:
@ -2215,6 +2232,14 @@ msgstr ""
msgid "Need an account?"
msgstr ""
#:
msgid "Negate result"
msgstr ""
#:
msgid "Negates the outcome of the binding. Messages are unaffected."
msgstr ""
#:
msgid "New version available!"
msgstr ""
@ -3077,6 +3102,10 @@ msgstr ""
msgid "Service connection"
msgstr ""
#:
msgid "Session"
msgstr ""
#:
msgid "Session duration"
msgstr ""
@ -3089,6 +3118,10 @@ msgstr ""
msgid "Session valid not on or after"
msgstr ""
#:
msgid "Sessions"
msgstr ""
#:
msgid "Set HTTP-Basic Authentication"
msgstr ""

View file

@ -200,6 +200,17 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
</label>
</div>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="negate">
<div class="pf-c-check">
<input type="checkbox" class="pf-c-check__input" ?checked=${first(this.instance?.negate, true)}>
<label class="pf-c-check__label">
${t`Negate result`}
</label>
</div>
<p class="pf-c-form__helper-text">
${t`Negates the outcome of the binding. Messages are unaffected.`}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${t`Order`}
?required=${true}