Better handle Policy.action and Policy.negate

This commit is contained in:
Jens Langhammer 2019-03-03 17:12:53 +01:00
parent 722e2e4050
commit 7bd3c4bccf
1 changed files with 14 additions and 5 deletions

View File

@ -17,7 +17,15 @@ def _policy_engine_task(user_pk, policy_pk, **kwargs):
setattr(user_obj, key, value) setattr(user_obj, key, value)
LOGGER.debug("Running policy `%s`#%s for user %s...", policy_obj.name, LOGGER.debug("Running policy `%s`#%s for user %s...", policy_obj.name,
policy_obj.pk.hex, user_obj) policy_obj.pk.hex, user_obj)
return policy_obj.passes(user_obj) policy_result = policy_obj.passes(user_obj)
# Handle policy result correctly if result, message or just result
message = None
if isinstance(policy_result, (tuple, list)):
policy_result, message = policy_result
# Invert result if policy.negate is set
if policy_obj.negate:
policy_result = not policy_result
return policy_obj.action, policy_result, message
class PolicyEngine: class PolicyEngine:
"""Orchestrate policy checking, launch tasks and return result""" """Orchestrate policy checking, launch tasks and return result"""
@ -43,10 +51,11 @@ class PolicyEngine:
def result(self): def result(self):
"""Get policy-checking result""" """Get policy-checking result"""
messages = [] messages = []
for policy_result in self._group.get(): for policy_action, policy_result, policy_message in self._group.get():
if isinstance(policy_result, (tuple, list)): passing = (policy_action == Policy.ACTION_ALLOW and policy_result) or \
policy_result, policy_message = policy_result (policy_action == Policy.ACTION_DENY and not policy_result)
if policy_message:
messages.append(policy_message) messages.append(policy_message)
if policy_result is False: if not passing:
return False, messages return False, messages
return True, messages return True, messages