Esempio n. 1
0
def modify_user_information(context: Dict[str, Any],
                            modified_user_data: Dict[str,
                                                     Any], project_name: str):
    role = modified_user_data['role']
    email = modified_user_data['email']
    responsibility = modified_user_data['responsibility']
    phone = modified_user_data['phone_number']
    organization = modified_user_data['organization']
    user_domain.update(email, organization.lower(), 'company')
    if responsibility and len(responsibility) <= 50:
        project_domain.add_access(email, project_name, 'responsibility',
                                  responsibility)
    else:
        util.cloudwatch_log(
            context,
            'Security: {email} Attempted to add responsibility to project \
                {project} bypassing validation'.format(email=email,
                                                       project=project_name))
    if phone and phone[1:].isdigit():
        user_domain.add_phone_to_user(email, phone)
    else:
        util.cloudwatch_log(
            context,
            'Security: {email} Attempted to edit user phone bypassing \
                validation'.format(email=email))

    if role == 'customeradmin':
        project_domain.add_user(project_name.lower(), email.lower(), role)
    elif is_customeradmin(project_name, email):
        project_domain.remove_user_access(project_name, email, 'customeradmin')
Esempio n. 2
0
    def mutate(self, info, project_name: str, user_email: str) -> object:
        success = False

        project_domain.remove_user_access(project_name, user_email,
                                          'customeradmin')
        success = project_domain.remove_access(user_email, project_name)
        removed_email = user_email if success else None
        if success:
            util.invalidate_cache(project_name)
            util.invalidate_cache(user_email)
            util.cloudwatch_log(
                info.context, 'Security: Removed user: {user} from {project} \
                project succesfully'.format(user=user_email,
                                            project=project_name))
        else:
            util.cloudwatch_log(
                info.context, 'Security: Attempted to remove user: {user}\
                from {project} project'.format(user=user_email,
                                               project=project_name))
        ret = RemoveUserAccess(success=success, removed_email=removed_email)
        return ret
Esempio n. 3
0
def remove_all_users_access(project):
    """Remove user access to project."""
    user_active = project_domain.get_users(project)
    user_suspended = project_domain.get_users(project, active=False)
    all_users = user_active + user_suspended
    are_users_removed = True
    for user in all_users:
        is_user_removed = project_domain.remove_user_access(project, user, 'customeradmin')
        if is_user_removed:
            are_users_removed = True
        else:
            are_users_removed = False
            break
    return are_users_removed
Esempio n. 4
0
def resolve_remove_user_access(
    _, info, project_name: str, user_email: str
) -> object:
    """Resolve remove_user_access mutation."""
    success = False

    project_domain.remove_user_access(
        project_name, user_email, 'customeradmin'
    )
    success = project_domain.remove_access(user_email, project_name)
    removed_email = user_email if success else None
    if success:
        util.invalidate_cache(project_name)
        util.invalidate_cache(user_email)
        util.cloudwatch_log(
            info.context,
            f'Security: Removed user: {user_email} from {project_name} \
            project succesfully')
    else:
        util.cloudwatch_log(
            info.context, f'Security: Attempted to remove user: {user_email}\
            from {project_name} project')
    return dict(success=success, removed_email=removed_email)