authentik.policies.expression.models

authentik expression Policy Models

View Source

 1"""authentik expression Policy Models"""
 2
 3from django.db import models
 4from django.utils.translation import gettext as _
 5from rest_framework.serializers import BaseSerializer
 6
 7from authentik.policies.expression.evaluator import PolicyEvaluator
 8from authentik.policies.models import Policy
 9from authentik.policies.types import PolicyRequest, PolicyResult
10
11
12class ExpressionPolicy(Policy):
13    """Execute arbitrary Python code to implement custom checks and validation."""
14
15    expression = models.TextField()
16
17    @property
18    def serializer(self) -> type[BaseSerializer]:
19        from authentik.policies.expression.api import ExpressionPolicySerializer
20
21        return ExpressionPolicySerializer
22
23    @property
24    def component(self) -> str:
25        return "ak-policy-expression-form"
26
27    def passes(self, request: PolicyRequest) -> PolicyResult:
28        """Evaluate and render expression. Returns PolicyResult(false) on error."""
29        evaluator = PolicyEvaluator(self.name)
30        evaluator.policy = self
31        evaluator.set_policy_request(request)
32        return evaluator.evaluate(self.expression)
33
34    def save(self, *args, **kwargs):
35        evaluator = PolicyEvaluator(self.name)
36        evaluator.policy = self
37        evaluator.validate(self.expression)
38        return super().save(*args, **kwargs)
39
40    class Meta(Policy.PolicyMeta):
41        verbose_name = _("Expression Policy")
42        verbose_name_plural = _("Expression Policies")

class ExpressionPolicy(authentik.policies.models.Policy): View Source

13class ExpressionPolicy(Policy):
14    """Execute arbitrary Python code to implement custom checks and validation."""
15
16    expression = models.TextField()
17
18    @property
19    def serializer(self) -> type[BaseSerializer]:
20        from authentik.policies.expression.api import ExpressionPolicySerializer
21
22        return ExpressionPolicySerializer
23
24    @property
25    def component(self) -> str:
26        return "ak-policy-expression-form"
27
28    def passes(self, request: PolicyRequest) -> PolicyResult:
29        """Evaluate and render expression. Returns PolicyResult(false) on error."""
30        evaluator = PolicyEvaluator(self.name)
31        evaluator.policy = self
32        evaluator.set_policy_request(request)
33        return evaluator.evaluate(self.expression)
34
35    def save(self, *args, **kwargs):
36        evaluator = PolicyEvaluator(self.name)
37        evaluator.policy = self
38        evaluator.validate(self.expression)
39        return super().save(*args, **kwargs)
40
41    class Meta(Policy.PolicyMeta):
42        verbose_name = _("Expression Policy")
43        verbose_name_plural = _("Expression Policies")

Execute arbitrary Python code to implement custom checks and validation.

def expression(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

serializer: type[rest_framework.serializers.BaseSerializer] View Source

18    @property
19    def serializer(self) -> type[BaseSerializer]:
20        from authentik.policies.expression.api import ExpressionPolicySerializer
21
22        return ExpressionPolicySerializer

Get serializer for this model

component: str View Source

24    @property
25    def component(self) -> str:
26        return "ak-policy-expression-form"

Return component used to edit this object

def passes( self, request: authentik.policies.types.PolicyRequest) -> authentik.policies.types.PolicyResult: View Source

28    def passes(self, request: PolicyRequest) -> PolicyResult:
29        """Evaluate and render expression. Returns PolicyResult(false) on error."""
30        evaluator = PolicyEvaluator(self.name)
31        evaluator.policy = self
32        evaluator.set_policy_request(request)
33        return evaluator.evaluate(self.expression)

Evaluate and render expression. Returns PolicyResult(false) on error.

def save(self, *args, **kwargs): View Source

35    def save(self, *args, **kwargs):
36        evaluator = PolicyEvaluator(self.name)
37        evaluator.policy = self
38        evaluator.validate(self.expression)
39        return super().save(*args, **kwargs)

Save the current instance. Override this in a subclass if you want to control the saving process.

The 'force_insert' and 'force_update' parameters can be used to insist that the "save" must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.

policy_ptr_id

policy_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

Inherited Members

authentik.lib.models.SerializerModel: Meta
authentik.policies.models.Policy: policy_uuid; name; execution_logging; objects; PolicyMeta; created; last_updated; get_next_by_created; get_previous_by_created; get_next_by_last_updated; get_previous_by_last_updated; bindings; dummypolicy; eventmatcherpolicy; passwordexpirypolicy; reputationpolicy; expressionpolicy; geoippolicy; promptstage_set; passwordpolicy; uniquepasswordpolicy

class ExpressionPolicy.DoesNotExist(authentik.policies.models.Policy.DoesNotExist):

The requested object does not exist

class ExpressionPolicy.MultipleObjectsReturned(authentik.policies.models.Policy.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.