authentik/docs/policies/expression/index.md

1.1 KiB

Expression Policy

Expression Policies allows you to write custom Policy Logic using Jinja2 Templating language.

For a language reference, see here.

The following objects are passed into the variable:

  • request: A PolicyRequest object, which has the following properties:
    • request.user: The current User, which the Policy is applied against. (ref)
    • request.http_request: The Django HTTP Request, as documented here.
    • request.obj: A Django Model instance. This is only set if the Policy is ran against an object.
  • pb_is_sso_flow: Boolean which is true if request was initiated by authenticating through an external Provider.
  • pb_is_group_member(user, group_name): Function which checks if user is member of a Group with Name gorup_name.

There are also the following custom filters available:

  • regex_match(regex): Return True if value matches regex
  • regex_replace(regex, repl): Replace string matched by regex with repl