habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

policies: provider raw result for better policy reusability (#5189)

Browse Source 
* policies: include raw_result in PolicyResult

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move ak_call_policy to base evaluator

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2023-04-06 09:42:29 +02:00
committed by GitHub
parent c117d98e27
commit 977757f561
6 changed files with 81 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
website/docs/expressions/_functions.md
View File

@ -29,6 +29,29 @@ user = list_flatten(["foo"])
# user = "foo"
```
### `ak_call_policy(name: str, **kwargs) -> PolicyResult`
:::info
Requires authentik 2021.12
:::
Call another policy with the name _name_. Current request is passed to policy. Key-word arguments
can be used to modify the request's context.
Example:
```python
result = ak_call_policy("test-policy")
# result is a PolicyResult object, so you can access `.passing` and `.messages`.
# Starting with authentik 2023.4 you can also access `.raw_result`, which is the raw value returned from the called policy
# `result.passing` will always be a boolean if the policy is passing or not.
return result.passing
result = ak_call_policy("test-policy-2", foo="bar")
# Inside the `test-policy-2` you can then use `request.context["foo"]`
return result.passing
```
### `ak_is_group_member(user: User, **group_filters) -> bool`
Check if `user` is member of a group matching `**group_filters`.

21
website/docs/policies/expression.mdx
View File

@ -29,27 +29,6 @@ ak_message("Access denied")
return False
```
### `ak_call_policy(name: str, **kwargs) -> PolicyResult`
:::info
Requires authentik 2021.12
:::
Call another policy with the name _name_. Current request is passed to policy. Key-word arguments
can be used to modify the request's context.
Example:
```python
result = ak_call_policy("test-policy")
# result is a PolicyResult object, so you can access `.passing` and `.messages`.
return result.passing
result = ak_call_policy("test-policy-2", foo="bar")
# Inside the `test-policy-2` you can then use `request.context["foo"]`
return result.passing
```
import Functions from "../expressions/_functions.md";
<Functions />