def find_users(emails):
"""Find or generate user.
If Integration Server is specified not found in DB user is generated
with Creator role.
"""
if not settings.INTEGRATION_SERVICE_URL:
return Person.query.filter(Person.email.in_(emails)).options(
orm.undefer_group('Person_complete')).all()
# Verify emails
usernames = [
email.split('@')[0] for email in emails if is_authorized_domain(email)
and not is_external_app_user_email(email)
]
service = client.PersonClient()
ldaps = service.search_persons(usernames)
authorized_domain = getattr(settings, "AUTHORIZED_DOMAIN", "")
verified_emails = {
'%s@%s' % (ldap['username'], authorized_domain)
for ldap in ldaps
}
# Find users in db
users = Person.query.filter(Person.email.in_(emails)).all()
found_emails = {user.email for user in users}
# Create new users
new_emails = verified_emails - found_emails
new_usernames = [email.split('@')[0] for email in new_emails]
new_users = [('%s@%s' % (ldap['username'], authorized_domain),
'%s %s' % (ldap['firstName'], ldap['lastName']))
for ldap in ldaps if ldap['username'] in new_usernames]
for email, name in new_users:
user = create_user(email,
name=name,
modified_by_id=get_current_user_id())
users.append(user)
# bulk create people
if new_users:
log_event(db.session)
db.session.commit()
creator_role_granted = False
# Grant Creator role to all users
for user in users:
if user.system_wide_role == SystemWideRoles.NO_ACCESS:
add_creator_role(user)
creator_role_granted = True
# bulk create people roles
if creator_role_granted:
log_event(db.session)
db.session.commit()
return users
def suggest():
"""Suggest persons by prefix"""
if not settings.INTEGRATION_SERVICE_URL:
return make_suggest_result([])
tokens = request.args.get("prefix", "").split()
if tokens:
person_client = client.PersonClient()
entries = person_client.suggest_persons(tokens)
return make_suggest_result(entries)
return make_suggest_result([])
def search_user(email):
"""Search user by Integration Service
Returns:
string: user name for success, None otherwise
"""
service = client.PersonClient()
if is_authorized_domain(email):
username = email.split("@")[0]
ldaps = service.search_persons([username])
if ldaps and ldaps[0]["username"] == username:
return "%s %s" % (ldaps[0]["firstName"], ldaps[0]["lastName"])
return None
