policies: fix missing negate flag of policy bindings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
264a170a7e
commit
e24a9e3119
|
@ -75,6 +75,7 @@ class PolicyBindingSerializer(ModelSerializer):
|
|||
"group_obj",
|
||||
"user_obj",
|
||||
"target",
|
||||
"negate",
|
||||
"enabled",
|
||||
"order",
|
||||
"timeout",
|
||||
|
|
|
@ -93,6 +93,9 @@ class PolicyProcess(PROCESS_CLASS):
|
|||
)
|
||||
try:
|
||||
policy_result = self.binding.passes(self.request)
|
||||
# Invert result if policy.negate is set
|
||||
if self.binding.negate:
|
||||
policy_result.passing = not policy_result.passing
|
||||
if self.binding.policy and not self.request.debug:
|
||||
if self.binding.policy.execution_logging:
|
||||
self.create_event(
|
||||
|
@ -114,9 +117,6 @@ class PolicyProcess(PROCESS_CLASS):
|
|||
LOGGER.debug("P_ENG(proc): error", exc=src_exc)
|
||||
policy_result = PolicyResult(False, str(src_exc))
|
||||
policy_result.source_binding = self.binding
|
||||
# Invert result if policy.negate is set
|
||||
if self.binding.negate:
|
||||
policy_result.passing = not policy_result.passing
|
||||
if not self.request.debug:
|
||||
key = cache_key(self.binding, self.request)
|
||||
cache.set(key, policy_result)
|
||||
|
|
|
@ -22802,6 +22802,9 @@ components:
|
|||
target:
|
||||
type: string
|
||||
format: uuid
|
||||
negate:
|
||||
type: boolean
|
||||
description: Negates the outcome of the policy. Messages are unaffected.
|
||||
enabled:
|
||||
type: boolean
|
||||
order:
|
||||
|
@ -23524,6 +23527,9 @@ components:
|
|||
target:
|
||||
type: string
|
||||
format: uuid
|
||||
negate:
|
||||
type: boolean
|
||||
description: Negates the outcome of the policy. Messages are unaffected.
|
||||
enabled:
|
||||
type: boolean
|
||||
order:
|
||||
|
@ -23560,6 +23566,9 @@ components:
|
|||
target:
|
||||
type: string
|
||||
format: uuid
|
||||
negate:
|
||||
type: boolean
|
||||
description: Negates the outcome of the policy. Messages are unaffected.
|
||||
enabled:
|
||||
type: boolean
|
||||
order:
|
||||
|
|
|
@ -431,6 +431,10 @@ msgstr "Branding settings"
|
|||
msgid "Branding shown in page title and several other places."
|
||||
msgstr "Branding shown in page title and several other places."
|
||||
|
||||
#: src/elements/user/SessionList.ts
|
||||
msgid "Browser"
|
||||
msgstr "Browser"
|
||||
|
||||
#: src/pages/admin-overview/cards/VersionStatusCard.ts
|
||||
msgid "Build hash: {0}"
|
||||
msgstr "Build hash: {0}"
|
||||
|
@ -1018,6 +1022,10 @@ msgstr "Delete Consent"
|
|||
msgid "Delete Refresh Code"
|
||||
msgstr "Delete Refresh Code"
|
||||
|
||||
#: src/elements/user/SessionList.ts
|
||||
msgid "Delete Session"
|
||||
msgstr "Delete Session"
|
||||
|
||||
#: src/pages/user-settings/UserDetailsPage.ts
|
||||
msgid "Delete account"
|
||||
msgstr "Delete account"
|
||||
|
@ -1070,6 +1078,10 @@ msgstr "Determines how authentik sends the response back to the Service Provider
|
|||
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
|
||||
msgstr "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
|
||||
|
||||
#: src/elements/user/SessionList.ts
|
||||
msgid "Device"
|
||||
msgstr "Device"
|
||||
|
||||
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
|
||||
msgid "Device classes"
|
||||
msgstr "Device classes"
|
||||
|
@ -1369,6 +1381,7 @@ msgstr "Execution logging"
|
|||
|
||||
#: src/elements/oauth/UserCodeList.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
#: src/elements/user/SessionList.ts
|
||||
#: src/elements/user/UserConsentList.ts
|
||||
#: src/pages/stages/invitation/InvitationForm.ts
|
||||
msgid "Expires"
|
||||
|
@ -1872,6 +1885,10 @@ msgstr "Label"
|
|||
msgid "Label shown next to/above the prompt."
|
||||
msgstr "Label shown next to/above the prompt."
|
||||
|
||||
#: src/elements/user/SessionList.ts
|
||||
msgid "Last IP"
|
||||
msgstr "Last IP"
|
||||
|
||||
#: src/pages/groups/MemberSelectModal.ts
|
||||
#: src/pages/users/UserListPage.ts
|
||||
#: src/pages/users/UserViewPage.ts
|
||||
|
@ -2223,6 +2240,14 @@ msgstr "NameID Property Mapping"
|
|||
msgid "Need an account?"
|
||||
msgstr "Need an account?"
|
||||
|
||||
#: src/pages/policies/PolicyBindingForm.ts
|
||||
msgid "Negate result"
|
||||
msgstr "Negate result"
|
||||
|
||||
#: src/pages/policies/PolicyBindingForm.ts
|
||||
msgid "Negates the outcome of the binding. Messages are unaffected."
|
||||
msgstr "Negates the outcome of the binding. Messages are unaffected."
|
||||
|
||||
#: src/pages/events/EventInfo.ts
|
||||
msgid "New version available!"
|
||||
msgstr "New version available!"
|
||||
|
@ -3085,6 +3110,10 @@ msgstr "Service Provider Binding"
|
|||
msgid "Service connection"
|
||||
msgstr "Service connection"
|
||||
|
||||
#: src/elements/user/SessionList.ts
|
||||
msgid "Session"
|
||||
msgstr "Session"
|
||||
|
||||
#: src/pages/stages/user_login/UserLoginStageForm.ts
|
||||
msgid "Session duration"
|
||||
msgstr "Session duration"
|
||||
|
@ -3097,6 +3126,10 @@ msgstr "Session not valid on or after current time + this value (Format: hours=1
|
|||
msgid "Session valid not on or after"
|
||||
msgstr "Session valid not on or after"
|
||||
|
||||
#: src/pages/users/UserViewPage.ts
|
||||
msgid "Sessions"
|
||||
msgstr "Sessions"
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "Set HTTP-Basic Authentication"
|
||||
|
|
|
@ -427,6 +427,10 @@ msgstr ""
|
|||
msgid "Branding shown in page title and several other places."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Browser"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Build hash: {0}"
|
||||
msgstr ""
|
||||
|
@ -1012,6 +1016,10 @@ msgstr ""
|
|||
msgid "Delete Refresh Code"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Delete Session"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Delete account"
|
||||
msgstr ""
|
||||
|
@ -1062,6 +1070,10 @@ msgstr ""
|
|||
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Device"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Device classes"
|
||||
msgstr ""
|
||||
|
@ -1363,6 +1375,7 @@ msgstr ""
|
|||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
msgid "Expires"
|
||||
msgstr ""
|
||||
|
||||
|
@ -1864,6 +1877,10 @@ msgstr ""
|
|||
msgid "Label shown next to/above the prompt."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Last IP"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
|
@ -2215,6 +2232,14 @@ msgstr ""
|
|||
msgid "Need an account?"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Negate result"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Negates the outcome of the binding. Messages are unaffected."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "New version available!"
|
||||
msgstr ""
|
||||
|
@ -3077,6 +3102,10 @@ msgstr ""
|
|||
msgid "Service connection"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Session"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Session duration"
|
||||
msgstr ""
|
||||
|
@ -3089,6 +3118,10 @@ msgstr ""
|
|||
msgid "Session valid not on or after"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Sessions"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
|
|
@ -200,6 +200,17 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
|
|||
</label>
|
||||
</div>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal name="negate">
|
||||
<div class="pf-c-check">
|
||||
<input type="checkbox" class="pf-c-check__input" ?checked=${first(this.instance?.negate, true)}>
|
||||
<label class="pf-c-check__label">
|
||||
${t`Negate result`}
|
||||
</label>
|
||||
</div>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Negates the outcome of the binding. Messages are unaffected.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${t`Order`}
|
||||
?required=${true}
|
||||
|
|
Reference in a new issue