def delete_tenant(self, request_user: UserModel, tenant: TenantModel):
self.logger.info("START: delete_tenant")
if not request_user.can_control_tenant():
raise InvalidRoleException(
"request user can't create tenant. id:{}".format(
request_user.id))
tenant.delete()
self.logger.info("END: delete_tenant")
def fetch_tenants(self, request_user: UserModel):
self.logger.info("START: fetch_tenants")
if not request_user.can_control_tenant():
raise InvalidRoleException(
"request user can't create tenant. id:{}".format(
request_user.id))
response = [tenant_model for tenant_model in TenantModel.objects.all()]
self.logger.info("END: fetch_tenants")
return response
def update_user(self, post_user_data: dict, request_user: UserModel,
target_user: UserModel):
self.logger.info("START: update user")
if not request_user.is_belong_to_tenant(target_user.tenant):
raise PermissionDenied(
"request user can't fetch users. user_id:{} tenant_id: {}".
format(request_user.id, target_user.tenant.id))
# 更新しようとしているユーザーを更新できるロールを持つか
if not request_user.can_save_user(target_user):
raise PermissionDenied(
"request user can't update role. id:{}".format(
request_user.id))
role = RoleModel.objects.get(id=post_user_data["role"])
# 指定されたロールに変更可能か
if not target_user.can_changed_role(role):
raise InvalidRoleException("can't change role user: {}".format(
target_user.id))
target_user.email = post_user_data["email"]
target_user.name = post_user_data["name"]
target_user.role = role
# 更新後のロールに更新できるロールを持つか
if not request_user.can_save_user(target_user):
raise PermissionDenied
# 変更があればパスワードを暗号化して登録
if post_user_data["password"] and not target_user.set_password(
post_user_data["password"]):
raise InvalidPasswordException("password is invalid.")
# AWS環境の洗い替え
aws_environments = AwsEnvironmentModel.objects.filter(
id__in=post_user_data["aws_environments"]).all()
if not request_user.realignment_aws_environments(
target_user, aws_environments):
raise PermissionDenied
# 更新
target_user.save()
self.logger.info("END: update user")
return target_user
def create_tenant(self, request_user: UserModel, tenant: TenantModel,
user: UserModel):
self.logger.info("START: create_tenant")
# 作成できるロールを持つか
if not request_user.can_control_tenant():
raise InvalidRoleException(
"request user can't create tenant. id:{}".format(
request_user.id))
# テナント追加
tenant.save()
# スケジューラーを登録する
scheduler = UserModel(
email=tenant.email,
name="SCHEDULER",
tenant=tenant,
role=RoleModel.objects.get(id=RoleModel.SCHEDULER_ID),
)
scheduler.reset_password()
scheduler.save()
# ユーザー追加
user.tenant = tenant
# ランダムパスワード設定
password = user.reset_password()
user.save()
# 新規登録メール送信
self.logger.info("sending sign up email...")
self.logger.debug(
"user_email: {}, user_name: {}, tenant_name: {}".format(
user.email, user.name, tenant.tenant_name))
ses = Ses(settings.SES_ADDRESS, settings.SES_ADDRESS)
ses.send_signup_user(user.email, user.name, tenant.tenant_name,
password)
self.logger.info("sending sign up email... : DONE")
self.logger.info("END: create_tenant")
return tenant, user