def delete_tenant(self, request_user: UserModel, tenant: TenantModel): self.logger.info("START: delete_tenant") if not request_user.can_control_tenant(): raise InvalidRoleException( "request user can't create tenant. id:{}".format( request_user.id)) tenant.delete() self.logger.info("END: delete_tenant")
def fetch_tenants(self, request_user: UserModel): self.logger.info("START: fetch_tenants") if not request_user.can_control_tenant(): raise InvalidRoleException( "request user can't create tenant. id:{}".format( request_user.id)) response = [tenant_model for tenant_model in TenantModel.objects.all()] self.logger.info("END: fetch_tenants") return response
def update_user(self, post_user_data: dict, request_user: UserModel, target_user: UserModel): self.logger.info("START: update user") if not request_user.is_belong_to_tenant(target_user.tenant): raise PermissionDenied( "request user can't fetch users. user_id:{} tenant_id: {}". format(request_user.id, target_user.tenant.id)) # 更新しようとしているユーザーを更新できるロールを持つか if not request_user.can_save_user(target_user): raise PermissionDenied( "request user can't update role. id:{}".format( request_user.id)) role = RoleModel.objects.get(id=post_user_data["role"]) # 指定されたロールに変更可能か if not target_user.can_changed_role(role): raise InvalidRoleException("can't change role user: {}".format( target_user.id)) target_user.email = post_user_data["email"] target_user.name = post_user_data["name"] target_user.role = role # 更新後のロールに更新できるロールを持つか if not request_user.can_save_user(target_user): raise PermissionDenied # 変更があればパスワードを暗号化して登録 if post_user_data["password"] and not target_user.set_password( post_user_data["password"]): raise InvalidPasswordException("password is invalid.") # AWS環境の洗い替え aws_environments = AwsEnvironmentModel.objects.filter( id__in=post_user_data["aws_environments"]).all() if not request_user.realignment_aws_environments( target_user, aws_environments): raise PermissionDenied # 更新 target_user.save() self.logger.info("END: update user") return target_user
def create_tenant(self, request_user: UserModel, tenant: TenantModel, user: UserModel): self.logger.info("START: create_tenant") # 作成できるロールを持つか if not request_user.can_control_tenant(): raise InvalidRoleException( "request user can't create tenant. id:{}".format( request_user.id)) # テナント追加 tenant.save() # スケジューラーを登録する scheduler = UserModel( email=tenant.email, name="SCHEDULER", tenant=tenant, role=RoleModel.objects.get(id=RoleModel.SCHEDULER_ID), ) scheduler.reset_password() scheduler.save() # ユーザー追加 user.tenant = tenant # ランダムパスワード設定 password = user.reset_password() user.save() # 新規登録メール送信 self.logger.info("sending sign up email...") self.logger.debug( "user_email: {}, user_name: {}, tenant_name: {}".format( user.email, user.name, tenant.tenant_name)) ses = Ses(settings.SES_ADDRESS, settings.SES_ADDRESS) ses.send_signup_user(user.email, user.name, tenant.tenant_name, password) self.logger.info("sending sign up email... : DONE") self.logger.info("END: create_tenant") return tenant, user