def find_users(emails): """Find or generate user. If Integration Server is specified not found in DB user is generated with Creator role. """ if not settings.INTEGRATION_SERVICE_URL: return Person.query.filter(Person.email.in_(emails)).options( orm.undefer_group('Person_complete')).all() # Verify emails usernames = [ email.split('@')[0] for email in emails if is_authorized_domain(email) and not is_external_app_user_email(email) ] service = client.PersonClient() ldaps = service.search_persons(usernames) authorized_domain = getattr(settings, "AUTHORIZED_DOMAIN", "") verified_emails = { '%s@%s' % (ldap['username'], authorized_domain) for ldap in ldaps } # Find users in db users = Person.query.filter(Person.email.in_(emails)).all() found_emails = {user.email for user in users} # Create new users new_emails = verified_emails - found_emails new_usernames = [email.split('@')[0] for email in new_emails] new_users = [('%s@%s' % (ldap['username'], authorized_domain), '%s %s' % (ldap['firstName'], ldap['lastName'])) for ldap in ldaps if ldap['username'] in new_usernames] for email, name in new_users: user = create_user(email, name=name, modified_by_id=get_current_user_id()) users.append(user) # bulk create people if new_users: log_event(db.session) db.session.commit() creator_role_granted = False # Grant Creator role to all users for user in users: if user.system_wide_role == SystemWideRoles.NO_ACCESS: add_creator_role(user) creator_role_granted = True # bulk create people roles if creator_role_granted: log_event(db.session) db.session.commit() return users
def suggest(): """Suggest persons by prefix""" if not settings.INTEGRATION_SERVICE_URL: return make_suggest_result([]) tokens = request.args.get("prefix", "").split() if tokens: person_client = client.PersonClient() entries = person_client.suggest_persons(tokens) return make_suggest_result(entries) return make_suggest_result([])
def search_user(email): """Search user by Integration Service Returns: string: user name for success, None otherwise """ service = client.PersonClient() if is_authorized_domain(email): username = email.split("@")[0] ldaps = service.search_persons([username]) if ldaps and ldaps[0]["username"] == username: return "%s %s" % (ldaps[0]["firstName"], ldaps[0]["lastName"]) return None