-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate_user.py
More file actions
366 lines (318 loc) · 10.9 KB
/
Copy pathupdate_user.py
File metadata and controls
366 lines (318 loc) · 10.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
import json
import logging
import uuid
import stackref.settings as settings
from stackref.settings import return_error
from stackref.grant_functions import *
from stackref.cache_functions import incr_key_prefix
logging.basicConfig(level=logging.ERROR)
log = logging.getLogger(__name__)
settings.logging_config()
log.setLevel(settings.log_level)
'''
update_user
Update User
'''
def update_user(event, payload_json):
log.info(":: update_user")
action = payload_json['action']
user = payload_json['user']
grants = get_user_grants(get_user_uuid(event),get_organization_uuid(event)) + get_be_auth0_scope(event)
if action == 'update':
authorization = (
'user_write' in grants,
get_user_uuid(event) == user['user_uuid']
)
if any(authorization):
return process_update_user(user)
else:
return return_error(401, 'Not authorized')
elif action == 'update_roles':
if 'user_write' in grants:
return update_user_roles(user)
else:
return return_error(401, 'Not authorized')
elif action == 'remove_from_org':
# TODO: Check that User is not the only Organization owner first
if 'user_write' in grants:
try:
remove_user_from_org(user)
remove_user_from_org_roles(user)
#remove_user_from_participants(user)
except BaseException as error:
return return_error(500, error)
else:
return return_error(401, 'Not authorized')
try:
incr_key_prefix('user')
incr_key_prefix('user_role_member')
incr_key_prefix('participant')
incr_key_prefix('team_member')
except:
log.error('>> incr_key_prefix')
response_payload = {
"status_code": 200,
"user_uuid": str(user['user_uuid']),
"organization_uuid": str(user['organization_uuid'])
}
response_body = json.dumps(response_payload)
return {
'statusCode': 200,
'body': response_body
}
'''
process_update_user
Update User-configurable details and settings
'''
def process_update_user(user):
log.info(':: process_update_user')
user_uuid = user['user_uuid']
sql_parameters = {'user_uuid': user_uuid}
row_updates = []
if 'first_name' in user:
first_name = user['first_name']
sql_parameters['first_name'] = first_name
row_updates.append('first_name = %(first_name)s')
if 'last_name' in user:
last_name = user['last_name']
sql_parameters['last_name'] = last_name
row_updates.append('last_name = %(last_name)s')
if 'email_address' in user:
email_address = user['email_address']
sql_parameters['email_address'] = email_address
row_updates.append('email_address = %(email_address)s')
if 'phone' in user:
phone = user['phone']
sql_parameters['phone'] = phone
row_updates.append('phone = %(phone)s')
if 'job_title' in user:
job_title = user['job_title']
sql_parameters['job_title'] = job_title
row_updates.append('job_title = %(job_title)s')
if 'settings' in user:
user_settings = json.dumps(user['settings'])
sql_parameters['user_settings'] = user_settings
row_updates.append('settings = %(user_settings)s::JSONB')
if 'tags' in user:
tags = json.dumps(user['tags'])
sql_parameters['tags'] = tags
row_updates.append('tags = %(tags)s::JSONB')
sql_statement = (f"""
-- Update User settings object
UPDATE
sr.user
SET
{', '.join(row_updates)}
WHERE
user_uuid = %(user_uuid)s::UUID
""")
log.debug(str(sql_statement))
log.debug(str(sql_parameters))
try:
with settings.db_conn() as db_conn:
with db_conn.cursor() as cur:
cur.execute(sql_statement, sql_parameters)
except Exception as error:
log.error(f">> process_update_user: {error}")
return False
try:
incr_key_prefix('user')
incr_key_prefix('participant')
incr_key_prefix('team_member')
except:
log.error('>> incr_key_prefix')
response_payload = {
"status_code": 200,
"user_uuid": str(user['user_uuid'])
}
if 'settings' in user:
response_payload['settings'] = json.dumps(user['settings'])
response_body = json.dumps(response_payload)
return {
'statusCode': 200,
'body': response_body
}
'''
update_user_roles
Update a user's roles
'''
def update_user_roles(user):
log.info(':: update_user_roles')
user_uuid = user['user_uuid']
organization_uuid = user['organization_uuid']
user_roles = None
# If the user has no roles set, remove them from everything
where_clause = ""
if user['user_roles'] and len(user['user_roles']) > 0:
user_roles = list(map(int, user['user_roles']))
where_clause = f"AND user_role_id NOT IN ({str(user_roles)[1:-1]});"
sql_statement = (f"""
-- Remove user from any roles not in list
DELETE
FROM
sr.user_role_member
WHERE
user_uuid = %(user_uuid)s::UUID
{where_clause};
""")
sql_parameters = {'user_uuid': user_uuid}
log.info(str(sql_statement))
try:
with settings.db_conn() as db_conn:
with db_conn.cursor() as cur:
cur.execute(sql_statement, sql_parameters)
except Exception as error:
log.error(f">> update_user_roles: {error}")
return return_error(503, error)
if user_roles:
for role_id in user_roles:
user_role_member_uuid = uuid.uuid4()
sql_statement = ("""
-- Add user to role if not already present
INSERT
INTO
sr.user_role_member (
user_role_member_uuid,
user_uuid,
organization_uuid,
user_role_id,
ts_modified
)
SELECT
%(user_role_member_uuid)s::UUID,
%(user_uuid)s::UUID,
%(organization_uuid)s::UUID,
%(role_id)s,
NOW()
WHERE
NOT EXISTS (
SELECT
user_role_member_uuid
FROM
sr.user_role_member
WHERE
user_uuid = %(user_uuid)s::UUID
AND user_role_id = %(role_id)s
);
""")
log.info(str(sql_statement))
sql_parameters = {
'user_role_member_uuid': user_role_member_uuid,
'user_uuid': user_uuid,
'organization_uuid': organization_uuid,
'role_id': int(role_id)
}
try:
with settings.db_conn() as db_conn:
with db_conn.cursor() as cur:
cur.execute(sql_statement, sql_parameters)
except Exception as error:
log.error(f">> update_user_roles: {error}")
return return_error(503, error)
log.info(f":: update_user_roles user_uuid: {user_uuid}")
response_payload = {
"status_code": 200,
"user_uuid": str(user_uuid)
}
try:
incr_key_prefix('user_role_member')
incr_key_prefix('user')
except:
log.error('>> incr_key_prefix')
response_body = json.dumps(response_payload)
return {
'statusCode': 200,
'body': response_body
}
'''
remove_user_from_org
Remove User from attachment to Organization
'''
def remove_user_from_org(user):
log.info(':: remove_user_from_org')
user_uuid = user['user_uuid']
organization_uuid = user['organization_uuid']
sql_statement = ("""
-- Remove User from Organization
UPDATE
sr.user
SET
organization_uuid = NULL
WHERE
user_uuid = %(user_uuid)s::UUID
AND organization_uuid = %(organization_uuid)s::UUID;
""")
sql_parameters = {
'user_uuid': user_uuid,
'organization_uuid': organization_uuid
}
log.info(str(sql_statement))
try:
with settings.db_conn() as db_conn:
with db_conn.cursor() as cur:
cur.execute(sql_statement, sql_parameters)
except Exception as error:
log.error(f">> remove_user_from_org: {error}")
raise error
log.info(f":: remove_user_from_org user_uuid: {user_uuid}")
'''
remove_user_from_org_roles
Remove User from Organization roles
'''
def remove_user_from_org_roles(user):
log.info(':: remove_user_from_org_roles')
user_uuid = user['user_uuid']
organization_uuid = user['organization_uuid']
sql_statement = ("""
-- Remove User's Organization role membership
DELETE
FROM
sr.user_role_member
WHERE
user_uuid = %(user_uuid)s::UUID
AND organization_uuid = %(organization_uuid)s::UUID;
""")
sql_parameters = {
'user_uuid': user_uuid,
'organization_uuid': organization_uuid
}
log.info(str(sql_statement))
try:
with settings.db_conn() as db_conn:
with db_conn.cursor() as cur:
cur.execute(sql_statement, sql_parameters)
except Exception as error:
log.error(f">> remove_user_from_org_roles: {error}")
raise error
log.info(f":: remove_user_from_org_roles user_uuid: {user_uuid}")
'''
remove_user_from_participants
Remove User from Organization roles
TODO: Need to find all events the User was part of to find this
'''
def remove_user_from_participants(user):
log.info(':: remove_user_from_participants')
user_uuid = user['user_uuid']
organization_uuid = user['organization_uuid']
sql_statement = ("""
-- Remove User's Organization Participant membership
DELETE
FROM
sr.participant
WHERE
user_uuid = %(user_uuid)s::UUID
AND organization_uuid = %(organization_uuid)s::UUID;
""")
sql_parameters = {
'user_uuid': user_uuid,
'organization_uuid': organization_uuid
}
log.info(str(sql_statement))
try:
with settings.db_conn() as db_conn:
with db_conn.cursor() as cur:
cur.execute(sql_statement, sql_parameters)
except Exception as error:
log.error(f">> remove_user_from_participants: {error}")
return return_error(503, error)
log.info(f":: remove_user_from_participants user_uuid: {user_uuid}")