def assert_user_in_subtenant(self, scoping_tenant_uuid, user_uuid):
tenant_uuids = self._tenant_tree.list_visible_tenants(
scoping_tenant_uuid)
user_exists = self._dao.user.exists(user_uuid,
tenant_uuids=tenant_uuids)
if not user_exists:
raise exceptions.UnknownUserException(user_uuid)
def get_user(self, user_uuid, scoping_tenant_uuid=None):
if scoping_tenant_uuid:
self.assert_user_in_subtenant(scoping_tenant_uuid, user_uuid)
users = self._dao.user.list_(uuid=user_uuid)
for user in users:
return user
raise exceptions.UnknownUserException(user_uuid)
def remove_user(self, group_uuid, user_uuid):
nb_deleted = self._dao.group.remove_user(group_uuid, user_uuid)
if nb_deleted:
return
if not self._dao.group.exists(group_uuid):
raise exceptions.UnknownGroupException(group_uuid)
if not self._dao.user.exists(user_uuid):
raise exceptions.UnknownUserException(user_uuid)
def remove_policy(self, user_uuid, policy_uuid):
nb_deleted = self._dao.user.remove_policy(user_uuid, policy_uuid)
if nb_deleted:
return
if not self._dao.user.exists(user_uuid):
raise exceptions.UnknownUserException(user_uuid)
if not self._dao.policy.exists(policy_uuid):
raise exceptions.UnknownPolicyException(policy_uuid)
def test_unknown_user(self):
self.user_service.get_user.side_effect = exceptions.UnknownUserException(UNKNOWN_UUID)
url = self.url.format(UNKNOWN_UUID, EMAIL_UUID)
result = self.app.get(url)
assert_that(result.status_code, equal_to(404))
assert_that(result.json, has_entries(
resource='users',
details=has_entries(uuid=str(UNKNOWN_UUID))))
def delete_password(self, **kwargs):
search_params = {k: v for k, v in kwargs.items() if v}
identifier = list(search_params.values())[0]
logger.debug('removing password for user %s', identifier)
users = self._dao.user.list_(limit=1, **search_params)
if not users:
raise exceptions.UnknownUserException(identifier, details=kwargs)
for user in users:
self._dao.user.change_password(user['uuid'], salt=None, hash_=None)
return user
def remove_user(self, group_uuid, user_uuid):
if self._dao.group.is_system_managed(group_uuid):
raise exceptions.SystemGroupForbidden(group_uuid)
nb_deleted = self._dao.group.remove_user(group_uuid, user_uuid)
if nb_deleted:
return
if not self._dao.group.exists(group_uuid):
raise exceptions.UnknownGroupException(group_uuid)
if not self._dao.user.exists(user_uuid):
raise exceptions.UnknownUserException(user_uuid)