website: add note for using request.user in policies when bound to flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-09-10 14:08:37 +02:00
parent 4c4d87d3bd
commit 7a50d5a4f8
1 changed files with 9 additions and 0 deletions

View File

@ -74,10 +74,19 @@ import Objects from "../expressions/_objects.md";
<Objects /> <Objects />
- `request`: A PolicyRequest object, which has the following properties: - `request`: A PolicyRequest object, which has the following properties:
- `request.user`: The current user, against which the policy is applied. See [User](../user-group/user.md#object-attributes) - `request.user`: The current user, against which the policy is applied. See [User](../user-group/user.md#object-attributes)
:::warning
When a policy is executed in the context of a flow, this will be set to the previously authenticated user, i.e. when used with an authentication flow this will be set to _AnonymousUser_.
In flows, `context['pending_user']` should be used instead.
:::
- `request.http_request`: The Django HTTP Request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects)) - `request.http_request`: The Django HTTP Request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects))
- `request.obj`: A Django Model instance. This is only set if the policy is ran against an object. - `request.obj`: A Django Model instance. This is only set if the policy is ran against an object.
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution. - `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
- `geoip`: GeoIP object, which is added when GeoIP is enabled. See [GeoIP](https://geoip2.readthedocs.io/en/latest/#geoip2.models.City) - `geoip`: GeoIP object, which is added when GeoIP is enabled. See [GeoIP](https://geoip2.readthedocs.io/en/latest/#geoip2.models.City)
- `ak_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider. - `ak_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
- `ak_client_ip`: Client's IP Address or 255.255.255.255 if no IP Address could be extracted. Can be [compared](#comparing-ip-addresses), for example - `ak_client_ip`: Client's IP Address or 255.255.255.255 if no IP Address could be extracted. Can be [compared](#comparing-ip-addresses), for example