policies/expression: fix ip_network not being imported by default

This commit is contained in:
Jens Langhammer 2020-10-20 12:05:56 +02:00
parent a4cc653757
commit 395ef43eae
2 changed files with 8 additions and 2 deletions

View file

@ -26,7 +26,11 @@ return False
- `request.obj`: A Django Model instance. This is only set if the policy is ran against an object. - `request.obj`: A Django Model instance. This is only set if the policy is ran against an object.
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution. - `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider. - `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
- `pb_client_ip`: Client's IP Address or '255.255.255.255' if no IP Address could be extracted. Can be [compared](../expressions/index.md#comparing-ip-addresses) - `pb_client_ip`: Client's IP Address or 255.255.255.255 if no IP Address could be extracted. Can be [compared](../expressions/index.md#comparing-ip-addresses), for example
```python
return pb_client_ip in ip_network('10.0.0.0/24')
```
Additionally, when the policy is executed from a flow, every variable from the flow's current context is accessible under the `context` object. Additionally, when the policy is executed from a flow, every variable from the flow's current context is accessible under the `context` object.

View file

@ -1,5 +1,5 @@
"""passbook expression policy evaluator""" """passbook expression policy evaluator"""
from ipaddress import ip_address from ipaddress import ip_address, ip_network
from typing import List from typing import List
from django.http import HttpRequest from django.http import HttpRequest
@ -22,6 +22,8 @@ class PolicyEvaluator(BaseEvaluator):
super().__init__() super().__init__()
self._messages = [] self._messages = []
self._context["pb_message"] = self.expr_func_message self._context["pb_message"] = self.expr_func_message
self._context["ip_address"] = ip_address
self._context["ip_network"] = ip_network
self._filename = policy_name or "PolicyEvaluator" self._filename = policy_name or "PolicyEvaluator"
def expr_func_message(self, message: str): def expr_func_message(self, message: str):