def _list_org_user_scopes(self, organization_id: str, role: str) -> dict: """ Helper function that lists the org_user_scopes for a given organization related to given role :param organization_id : The salesforce id that is queried for user scopes :type organization_id: string :param role: role to filter the user org scopes :type role: string :param cla_group_id: cla_group_id thats mapped to salesforce projects :type cla_group_id: string :return: json dict representing org user role scopes :rtype: dict """ function = '_list_org_user_scopes' headers = { 'Authorization': f'bearer {self.get_access_token()}', 'accept': 'application/json' } try: url = f'{self.platform_gateway_url}/organization-service/v1/orgs/{organization_id}/servicescopes' log.debug('%s - Sending GET url to %s ...', function, url) params = {'rolename': role} r = requests.get(url, headers=headers, params=params) return r.json() except requests.exceptions.HTTPError as err: log.warning( '%s - Could not get user org scopes for organization: %s with role: %s , error: %s ', function, organization_id, role, err) return None
def _has_project_org_scope(self, project_sfid: str, organization_id: str, username: str, scopes: dict) -> bool: """ Helper function that checks whether there exists project_org_scope for given role :param project_sfid: salesforce project sfid :type project_sfid: string :param organization_id: organization ID :type organization_id: string :param username: lf username :type username: string :param scopes: service scopes for organization :type scopes: dict :rtype: bool """ function = '_has_project_org_scope_role' try: user_roles = scopes['userroles'] log.info(f'{function} - User roles: {user_roles}') except KeyError as err: log.warning(f'{function} - error: {err} ') return False for user_role in user_roles: if user_role['Contact']['Username'] == username: #Since already filtered by role ...get first item for scope in user_role['RoleScopes'][0]['Scopes']: log.info( f'{function}- Checking objectID for scope: {project_sfid}|{organization_id}' ) if scope[ 'ObjectID'] == f'{project_sfid}|{organization_id}': return True return False
def get_access_token(self): fn = 'user_service.get_access_token' # Use previously cached value, if not expired if self.access_token and datetime.datetime.now( ) < self.access_token_expires: cla.log.debug( f'{fn} - using cached access token: {self.access_token[0:10]}...' ) return self.access_token auth0_url = cla.config.AUTH0_PLATFORM_URL platform_client_id = cla.config.AUTH0_PLATFORM_CLIENT_ID platform_client_secret = cla.config.AUTH0_PLATFORM_CLIENT_SECRET platform_audience = cla.config.AUTH0_PLATFORM_AUDIENCE auth0_payload = { 'grant_type': 'client_credentials', 'client_id': platform_client_id, 'client_secret': platform_client_secret, 'audience': platform_audience } headers = { 'content-type': 'application/x-www-form-urlencoded', 'accept': 'application/json' } try: # logger.debug(f'Sending POST to {auth0_url} with payload: {auth0_payload}') log.debug(f'{fn} - sending POST to {auth0_url}') r = requests.post(auth0_url, data=auth0_payload, headers=headers) r.raise_for_status() json_data = json.loads(r.text) self.access_token = json_data["access_token"] self.access_token_expires = datetime.datetime.now( ) + datetime.timedelta(minutes=30) log.debug( f'{fn} - successfully obtained access_token: {self.access_token[0:10]}...' ) return self.access_token except requests.exceptions.HTTPError as err: log.warning(f'{fn} - could not get auth token, error: {err}') return None
def _get_users_by_key_value(self, key: str, value: str): """ Queries the platform user service for the specified criteria. The result will return summary information for the users as a dictionary. """ fn = 'user_service._get_users_by_key_value' headers = { 'Authorization': f'bearer {self.get_access_token()}', 'accept': 'application/json' } users = [] offset = 0 pagesize = 1000 while True: try: log.info( f'{fn} - Search User using key: {key} with value: {value}') url = f'{self.platform_gateway_url}/user-service/v1/users/search?' \ f'{key}={quote(value)}&pageSize={pagesize}&offset={offset}' log.debug(f'{fn} - sending GET request to {url}') r = requests.get(url, headers=headers) r.raise_for_status() response_model = json.loads(r.text) total = response_model['Metadata']['TotalSize'] if response_model['Data']: users = users + response_model['Data'] if total < (pagesize + offset): break offset = offset + pagesize except requests.exceptions.HTTPError as err: log.warning(f'{fn} - Could not get projects, error: {err}') return None log.debug(f'{fn} - total users : {len(users)}') return users
def get_user_by_sf_id(self, sf_user_id: str): """ Queries the platform user service for the specified user id. The result will return all the details for the user as a dictionary. """ fn = 'user_service.get_user_by_sf_id' headers = { 'Authorization': f'bearer {self.get_access_token()}', 'accept': 'application/json' } try: url = f'{self.platform_gateway_url}/user-service/v1/users/{sf_user_id}' log.debug(f'{fn} - sending GET request to {url}') r = requests.get(url, headers=headers) r.raise_for_status() response_model = json.loads(r.text) return response_model except requests.exceptions.HTTPError as err: msg = f'{fn} - Could not get user: {sf_user_id}, error: {err}' log.warning(msg) return None