policies/expression: add pb_flow_plan variable

2020-05-13 18:44:36 +02:00
parent 461fed5567
commit 80c3246333
6 changed files with 6 additions and 3 deletions
--- a/passbook/policies/expression/evaluator.py
+++ b/passbook/policies/expression/evaluator.py
@ -9,6 +9,7 @@ from jinja2.nativetypes import NativeEnvironment
 from structlog import get_logger

 from passbook.flows.planner import PLAN_CONTEXT_SSO
+from passbook.flows.views import SESSION_KEY_PLAN
 from passbook.lib.utils.http import get_client_ip
 from passbook.policies.types import PolicyRequest, PolicyResult

@ -54,13 +55,14 @@ class Evaluator:
        kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
        kwargs["pb_logger"] = get_logger()
        if request.http_request:
-            # TODO: Get access to current plan
            kwargs["pb_is_sso_flow"] = request.http_request.session.get(
                PLAN_CONTEXT_SSO, False
            )
            kwargs["pb_client_ip"] = (
                get_client_ip(request.http_request) or "255.255.255.255"
            )
+            if SESSION_KEY_PLAN in request.http_request.session:
+                kwargs["pb_flow_plan"] = request.http_request.session[SESSION_KEY_PLAN]
        return kwargs

    def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult:
--- a/passbook/policies/expression/templates/policy/expression/form.html
+++ b/passbook/policies/expression/templates/policy/expression/form.html
@ -13,6 +13,7 @@
            <li><code>request.user</code>: Passbook User Object (<a href="https://beryju.github.io/passbook/property-mappings/reference/user-object/">Reference</a>)</li>
            <li><code>request.http_request</code>: Django HTTP Request Object (<a href="https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects">Reference</a>) </li>
            <li><code>request.obj</code>: Model the Policy is run against. </li>
+            <li><code>pb_flow_plan</code>: Current Plan if Policy is called while a flow is active.</li>
            <li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li>
            <li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li>
            <li><code>pb_logger</code>: Standard Python Logger Object, which can be used to debug expressions.</li>