From 80b3d86d6eeed6119e7716099b2f19d18054d346 Mon Sep 17 00:00:00 2001
From: Robert Manner <robert.manner@balabit.com>
Date: Tue, 11 Feb 2020 10:28:05 +0100
Subject: [PATCH] plugins/python: add python approval plugin example

---
 MANIFEST                                  |  1 +
 plugins/python/Makefile.in                |  2 +-
 plugins/python/example_approval_plugin.py | 19 +++++++++++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 plugins/python/example_approval_plugin.py

diff --git a/MANIFEST b/MANIFEST
index 137d9cf35..2d5109246 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -305,6 +305,7 @@ plugins/group_file/group_file.exp
 plugins/group_file/plugin_test.c
 plugins/python
 plugins/python/Makefile.in
+plugins/python/example_approval_plugin.py
 plugins/python/example_audit_plugin.py
 plugins/python/example_conversation.py
 plugins/python/example_debugging.py
diff --git a/plugins/python/Makefile.in b/plugins/python/Makefile.in
index 79ae707a6..3a6257bb8 100644
--- a/plugins/python/Makefile.in
+++ b/plugins/python/Makefile.in
@@ -115,7 +115,7 @@ install_gid = 0
 SHELL = @SHELL@
 
 EXAMPLES = example_conversation.py  example_debugging.py  example_group_plugin.py  example_io_plugin.py  example_policy_plugin.py \
-           example_audit_plugin.py
+           example_audit_plugin.py example_approval_plugin.py
 
 OBJS =	python_plugin_common.lo python_plugin_policy.lo python_plugin_io.lo python_plugin_group.lo pyhelpers.lo \
 	python_importblocker.lo python_convmessage.lo sudo_python_module.lo sudo_python_debug.lo \
diff --git a/plugins/python/example_approval_plugin.py b/plugins/python/example_approval_plugin.py
new file mode 100644
index 000000000..bc7deb04a
--- /dev/null
+++ b/plugins/python/example_approval_plugin.py
@@ -0,0 +1,19 @@
+import sudo
+
+from datetime import datetime
+from typing import Tuple
+
+
+class BusinessHoursApprovalPlugin(sudo.Plugin):
+    def check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...],
+              run_env: Tuple[str, ...]) -> int:
+        error_msg = ""
+        now = datetime.now()
+        if now.weekday() >= 5:
+            error_msg = "That is not allowed on the weekend!"
+        if now.hour < 8 or now.hour > 17:
+            error_msg = "That is not allowed outside the business hours!"
+
+        if error_msg:
+            sudo.log_info(error_msg)
+            raise sudo.PluginReject(error_msg)