def _list_org_user_scopes(self, organization_id: str, role: str) -> dict:
"""
Helper function that lists the org_user_scopes for a given organization related to given role
:param organization_id : The salesforce id that is queried for user scopes
:type organization_id: string
:param role: role to filter the user org scopes
:type role: string
:param cla_group_id: cla_group_id thats mapped to salesforce projects
:type cla_group_id: string
:return: json dict representing org user role scopes
:rtype: dict
"""
function = '_list_org_user_scopes'
headers = {
'Authorization': f'bearer {self.get_access_token()}',
'accept': 'application/json'
}
try:
url = f'{self.platform_gateway_url}/organization-service/v1/orgs/{organization_id}/servicescopes'
log.debug('%s - Sending GET url to %s ...', function, url)
params = {'rolename': role}
r = requests.get(url, headers=headers, params=params)
return r.json()
except requests.exceptions.HTTPError as err:
log.warning(
'%s - Could not get user org scopes for organization: %s with role: %s , error: %s ',
function, organization_id, role, err)
return None
def _has_project_org_scope(self, project_sfid: str, organization_id: str,
username: str, scopes: dict) -> bool:
"""
Helper function that checks whether there exists project_org_scope for given role
:param project_sfid: salesforce project sfid
:type project_sfid: string
:param organization_id: organization ID
:type organization_id: string
:param username: lf username
:type username: string
:param scopes: service scopes for organization
:type scopes: dict
:rtype: bool
"""
function = '_has_project_org_scope_role'
try:
user_roles = scopes['userroles']
log.info(f'{function} - User roles: {user_roles}')
except KeyError as err:
log.warning(f'{function} - error: {err} ')
return False
for user_role in user_roles:
if user_role['Contact']['Username'] == username:
#Since already filtered by role ...get first item
for scope in user_role['RoleScopes'][0]['Scopes']:
log.info(
f'{function}- Checking objectID for scope: {project_sfid}|{organization_id}'
)
if scope[
'ObjectID'] == f'{project_sfid}|{organization_id}':
return True
return False
def get_access_token(self):
fn = 'user_service.get_access_token'
# Use previously cached value, if not expired
if self.access_token and datetime.datetime.now(
) < self.access_token_expires:
cla.log.debug(
f'{fn} - using cached access token: {self.access_token[0:10]}...'
)
return self.access_token
auth0_url = cla.config.AUTH0_PLATFORM_URL
platform_client_id = cla.config.AUTH0_PLATFORM_CLIENT_ID
platform_client_secret = cla.config.AUTH0_PLATFORM_CLIENT_SECRET
platform_audience = cla.config.AUTH0_PLATFORM_AUDIENCE
auth0_payload = {
'grant_type': 'client_credentials',
'client_id': platform_client_id,
'client_secret': platform_client_secret,
'audience': platform_audience
}
headers = {
'content-type': 'application/x-www-form-urlencoded',
'accept': 'application/json'
}
try:
# logger.debug(f'Sending POST to {auth0_url} with payload: {auth0_payload}')
log.debug(f'{fn} - sending POST to {auth0_url}')
r = requests.post(auth0_url, data=auth0_payload, headers=headers)
r.raise_for_status()
json_data = json.loads(r.text)
self.access_token = json_data["access_token"]
self.access_token_expires = datetime.datetime.now(
) + datetime.timedelta(minutes=30)
log.debug(
f'{fn} - successfully obtained access_token: {self.access_token[0:10]}...'
)
return self.access_token
except requests.exceptions.HTTPError as err:
log.warning(f'{fn} - could not get auth token, error: {err}')
return None
def _get_users_by_key_value(self, key: str, value: str):
"""
Queries the platform user service for the specified criteria.
The result will return summary information for the users as a
dictionary.
"""
fn = 'user_service._get_users_by_key_value'
headers = {
'Authorization': f'bearer {self.get_access_token()}',
'accept': 'application/json'
}
users = []
offset = 0
pagesize = 1000
while True:
try:
log.info(
f'{fn} - Search User using key: {key} with value: {value}')
url = f'{self.platform_gateway_url}/user-service/v1/users/search?' \
f'{key}={quote(value)}&pageSize={pagesize}&offset={offset}'
log.debug(f'{fn} - sending GET request to {url}')
r = requests.get(url, headers=headers)
r.raise_for_status()
response_model = json.loads(r.text)
total = response_model['Metadata']['TotalSize']
if response_model['Data']:
users = users + response_model['Data']
if total < (pagesize + offset):
break
offset = offset + pagesize
except requests.exceptions.HTTPError as err:
log.warning(f'{fn} - Could not get projects, error: {err}')
return None
log.debug(f'{fn} - total users : {len(users)}')
return users
def get_user_by_sf_id(self, sf_user_id: str):
"""
Queries the platform user service for the specified user id. The
result will return all the details for the user as a dictionary.
"""
fn = 'user_service.get_user_by_sf_id'
headers = {
'Authorization': f'bearer {self.get_access_token()}',
'accept': 'application/json'
}
try:
url = f'{self.platform_gateway_url}/user-service/v1/users/{sf_user_id}'
log.debug(f'{fn} - sending GET request to {url}')
r = requests.get(url, headers=headers)
r.raise_for_status()
response_model = json.loads(r.text)
return response_model
except requests.exceptions.HTTPError as err:
msg = f'{fn} - Could not get user: {sf_user_id}, error: {err}'
log.warning(msg)
return None