def process_group_related_activities(datasource_id, actor_email, event): event_name = event['name'] if event_name == 'ADD_GROUP_MEMBER': activity_events_parameters = event['parameters'] group_email = None user_email = None for param in activity_events_parameters: name = param['name'] if name == 'GROUP_EMAIL': group_email = param['value'] elif name == 'USER_EMAIL': user_email = param['value'] user_directory_struct = DirectoryStructure() user_directory_struct.datasource_id = datasource_id user_directory_struct.member_email = user_email user_directory_struct.parent_email = group_email user_directory_struct.member_role = 'MEMBER' user_directory_struct.member_type = 'USER' # TODO : check whether type is group or user db_session = db_connection().get_session() db_session.execute(DirectoryStructure.__table__.insert().prefix_with("IGNORE"). values(db_utils.get_model_values(DirectoryStructure, user_directory_struct))) if user_email: datasource_obj = get_datasource(datasource_id) domain_id = datasource_obj.domain_id exposure_type = utils.check_if_external_user(db_session, domain_id, user_email) if exposure_type == constants.EntityExposureType.EXTERNAL.value: # check if external user present in domain user table existing_user = db_session.query(DomainUser).filter(and_(DomainUser.datasource_id == datasource_id, DomainUser.email == user_email)).first() external_user = None if not existing_user: external_user = DomainUser() external_user.datasource_id = datasource_id external_user.email = user_email external_user.member_type = constants.EntityExposureType.EXTERNAL.value external_user.type = 'USER' # TODO: find the first name and last name of external user external_user.first_name = "" external_user.last_name = "" db_session.add(external_user) user_obj = existing_user if existing_user else external_user payload = {} payload["user"] = json.dumps(user_obj, cls=alchemy_encoder()) policy_params = {'dataSourceId': datasource_id, 'policy_trigger': constants.PolicyTriggerType.NEW_USER.value} Logger().info("new_user : payload : {}".format(payload)) messaging.trigger_post_event(urls.GSUITE_POLICIES_VALIDATE_PATH, constants.INTERNAL_SECRET, policy_params, payload, "gsuite") datasource_obj = get_datasource(datasource_id) tags = {"group_email": group_email, "user_email":user_email} activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.GSUITE.value, event_type='ADD_GROUP_MEMBER', actor=actor_email, tags=tags) db_connection().commit()
def create_report(auth_token, payload): db_session = db_connection().get_session() if "is_default" in payload: result = [] db_session = db_connection().get_session() datasource_id = payload["datasource_id"] login_user = db_utils.get_user_session(auth_token).email domain_id = db_session.query(DataSource).filter( DataSource.datasource_id == datasource_id).first().domain_id reports = default_reports.default_reports datasource_type = db_utils.get_datasource( datasource_id).datasource_type default_datasource_reports = datasource_to_default_report_map[ datasource_type] if default_datasource_reports: reports.extend(default_datasource_reports) for report in reports: existing_report = db_session.query(Report).filter( Report.domain_id == domain_id, Report.name == report["name"]).first() if not existing_report: report["receivers"] = login_user report["datasource_id"] = datasource_id result.append( insert_entry_into_report_table(db_session, auth_token, report)) return result else: return [ insert_entry_into_report_table(db_session, auth_token, payload) ]
def delegate_admin_settings(datasource_id, actor_email, event): db_session = db_connection().get_session() event_name = event['name'] activity_events_parameters = event['parameters'] user_email = None for param in activity_events_parameters: name = param['name'] if name == 'USER_EMAIL': user_email = param['value'] if event_name == 'ASSIGN_ROLE': user_obj = db_session.query(DomainUser).filter(and_(DomainUser.datasource_id == datasource_id, DomainUser.email == user_email)).first() if user_obj: user_obj.is_admin = True call_validate_policies_for_admin_user(user_obj, datasource_id) datasource_obj = get_datasource(datasource_id) tags = {"user_email": user_email, "is_admin": user_obj.is_admin} activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.GSUITE.value, event_type=event_name, actor=actor_email, tags=tags) elif event_name == 'UNASSIGN_ROLE': db_session.query(DomainUser).filter(and_(DomainUser.datasource_id == datasource_id, DomainUser.email == user_email, DomainUser.is_admin == True)).update({DomainUser.is_admin: False}) db_connection().commit()
def modify_group_membership(auth_token, datasource_id, action_name, action_parameters, log_entry): user_email = action_parameters["user_email"] group_email = action_parameters["group_email"] db_session = db_connection().get_session() status_message = "Action completed successfully" datasource_obj = get_datasource(datasource_id) datasource_type = datasource_obj.datasource_type payload = { "log_id": str(log_entry.log_id), "action_type": action_name, "user_email": user_email, "group_email": group_email, 'datasource_id': datasource_id, "domain_id": datasource_obj.domain_id } response = messaging.trigger_post_event( datasource_execute_action_map[datasource_type], auth_token, None, payload, connector_servicename_map[datasource_type], constants.TriggerType.SYNC.value) if response and action_name == action_constants.ActionNames.REMOVE_USER_FROM_GROUP.value: if response.response_code != constants.SUCCESS_STATUS_CODE: log_entry.status = action_constants.ActionStatus.FAILED.value status_message = 'Action failed with error - ' + \ response.response_body['error']['message'] log_entry.message = status_message return response_messages.ResponseMessage(response.response_code, status_message) db_session.query(DirectoryStructure).filter( and_(DirectoryStructure.datasource_id == datasource_id, DirectoryStructure.parent_email == group_email, DirectoryStructure.member_email == user_email)).delete() elif response and action_name == action_constants.ActionNames.ADD_USER_TO_GROUP.value: if response.response_code != constants.SUCCESS_STATUS_CODE: log_entry.status = action_constants.ActionStatus.FAILED.value message = response.response_body['error']['message'] if 'message' in \ response.response_body['error'] else response.response_body['error'] status_message = 'Action failed with error - ' + message log_entry.message = status_message return response_messages.ResponseMessage(response.response_code, status_message) response_body = response.response_body dirstructure = DirectoryStructure() dirstructure.datasource_id = datasource_id dirstructure.member_email = user_email dirstructure.parent_email = group_email dirstructure.member_type = response_body['type'] dirstructure.member_role = response_body['role'] dirstructure.member_id = response_body['id'] db_session.add(dirstructure) log_entry.status = action_constants.ActionStatus.SUCCESS.value log_entry.message = status_message db_connection().commit() return response_messages.ResponseMessage(200, status_message)
def process_channel_unarchive(db_session, datasource_id, payload): channel_id = payload['channel'] db_session.query(DomainUser).filter(and_(DomainUser.datasource_id == datasource_id, DomainUser.user_id == channel_id)).update({DomainUser.is_suspended: False}) datasource_obj = get_datasource(datasource_id) if datasource_obj: tags = {"channel_id": channel_id} activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.SLACK.value, event_type='CHANNEL_UNARCHIVE', actor=None, tags=tags)
def process_user_related_activities(datasource_id, actor_email, event): event_name = event['name'] activity_events_parameters = event['parameters'] user_email = None user_obj = None db_session = db_connection().get_session() for param in activity_events_parameters: name = param['name'] if name == 'USER_EMAIL': user_email = param['value'] datasource_obj = get_datasource(datasource_id) tags = {"user_email": user_email} if event_name == 'CREATE_USER': if user_email: directory_service = gutils.get_directory_service(None, actor_email) results = None try: results = directory_service.users().get(userKey=user_email).execute() except RefreshError as ex: Logger().info("User query : Not able to refresh credentials") except HttpError as ex: Logger().info("User query : Domain not found error") if results: gsuite_user = user.GsuiteUser(datasource_id, results) user_obj = gsuite_user.get_model() db_session.execute(DomainUser.__table__.insert().prefix_with("IGNORE"). values(db_utils.get_model_values(DomainUser, user_obj))) call_validate_policies_for_admin_user(user_obj, datasource_id) additional_payload = {"user_email": user_email, "is_admin": user_obj.is_admin} tags["is_admin"] = user_obj.is_admin elif event_name == 'GRANT_ADMIN_PRIVILEGE': user_obj = db_session.query(DomainUser).filter(and_(DomainUser.datasource_id == datasource_id, DomainUser.email == user_email)).first() if user_obj: user_obj.is_admin = True call_validate_policies_for_admin_user(user_obj, datasource_id) tags["is_admin"] = user_obj.is_admin elif event_name == "SUSPEND_USER": db_session.query(DomainUser).filter(and_(DomainUser.datasource_id == datasource_id, DomainUser.email == user_email)).update({DomainUser.is_suspended: True}) elif event_name == "DELETE_USER": delete_user_info(db_session, user_email, datasource_id) activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.GSUITE.value, event_type=event_name, actor=actor_email, tags=tags) db_connection().commit()
def validate_permission_change(auth_token, datasource_id, payload): old_permissions = json.loads(payload["old_permissions"]) new_permissions = json.loads(payload["new_permissions"]) old_permissions_map = {} for permission in old_permissions: old_permissions_map[permission["email"]] = permission resource = json.loads(payload["resource"]) has_permission_changed = False for new_permission in new_permissions: new_permission_email = new_permission["email"] Logger().info( "Checking new permission - {}".format(new_permission_email)) if (not new_permission_email in old_permissions_map): Logger().info( "New permission does not exist in old permissions - {}".format( new_permission_email)) has_permission_changed = True else: if (not old_permissions_map[new_permission_email] ["permission_type"] == new_permission["permission_type"]): Logger().info( "New permission is not same as old permission - {}".format( new_permission_email)) has_permission_changed = True del old_permissions_map[new_permission_email] if not has_permission_changed and old_permissions_map: Logger().info("Old permissions were more than new permissions") has_permission_changed = True if has_permission_changed: Logger().info( "Permissions changed for this document, validate policy conditions now..." ) db_session = db_connection().get_session() policies = db_session.query(Policy).filter( and_( Policy.datasource_id == datasource_id, Policy.trigger_type == constants.PolicyTriggerType.PERMISSION_CHANGE.value, Policy.is_active == True)).all() if not policies or len(policies) < 1: Logger().info( "No policies found for permission change trigger, ignoring...") return datasource_obj = get_datasource(datasource_id) for policy in policies: validate_permission_change_policy(db_session, auth_token, datasource_obj, policy, resource, new_permissions) return return
def new_channel_created(db_session, datasource_id, payload): channel_info = payload['channel'] channel_info['channel_type'] = slack_constants.ChannelTypes.PUBLIC.value channel_obj = entities.SlackChannel(datasource_id, channel_info) channel_obj_model = channel_obj.get_model() db_session.add(channel_obj_model) datasource_obj = get_datasource(datasource_id) if datasource_obj: tags = {"channel_email": channel_obj_model.email} activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.SLACK.value, event_type='CHANNEL_CREATED', actor=None, tags={})
def process_drive_activity(datasource_id, incoming_activity): actor = incoming_activity['actor'] # Sometimes email does not come, when the event is triggered by a service (Ex- Google Support for DLP) actor_email = actor['email'] if 'email' in actor else "" resource = {} resource_permission = {} last_modifying_user_email = actor_email last_modified_time = incoming_activity['id']['time'][:-1] for event in incoming_activity['events']: event_name = event['name'] event_type = event['type'] activity_events_parameters = event['parameters'] primary_name = activity_events_parameters[0]['name'] if event_type == 'acl_change': pass # if primary_name == 'primary_event': # boolValue = activity_events_parameters[0]['boolValue'] # if boolValue: # max_perm_string = None # for parameter in activity_events_parameters: # if parameter['name'] == 'doc_id': # resource["resource_id"] = parameter['value'] # resource_permission["resource_id"] =parameter['value'] # elif parameter['name'] == 'owner': # resource['resource_owner_id'] = parameter['value'] # # permission change activity # elif parameter['name'] == 'target_user': # resource_permission['email'] = parameter['value'] # elif parameter['name'] == 'new_value': # perm_values = parameter['multiValue'] # ['can_edit','can_view'] # for perm in perm_values: # curr_perm_value = constants.permission_priority[perm] if perm in constants.permission_priority else 0 # max_perm_Value = constants.permission_priority[max_perm_string] if max_perm_string in constants.permission_priority else 0 # max_perm_string = perm if curr_perm_value > max_perm_Value else max_perm_string # # resource_permission['permission_type'] = constants.Permission_Role_mapping[max_perm_string] # elif parameter['name'] == 'visibility': # resource_permission['exposure_type'] = parameter['value'] elif event_type == 'download': resource_id = None if primary_name == 'primary_event': boolValue = activity_events_parameters[0]['boolValue'] if boolValue: for parameter in activity_events_parameters: if parameter['name'] == 'doc_id': resource_id = parameter['value'] datasource_obj = get_datasource(datasource_id) activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.GSUITE.value, event_type="DOWNLOAD", actor=actor_email, tags={'resource_id': resource_id})
def process_member_left_channel(db_session, datasource_id, payload): left_user_id = payload['user'] channel_id = payload['channel'] user_channel_info = get_user_and_channel_info_based_on_ids(db_session, datasource_id, left_user_id, channel_id) user_info = user_channel_info['user'] channel_info = user_channel_info['channel'] db_session.query(DirectoryStructure).filter(and_(DirectoryStructure.datasource_id == datasource_id, DirectoryStructure.parent_email == channel_info.email, DirectoryStructure.member_email == user_info.email)).delete() datasource_obj = get_datasource(datasource_id) if datasource_obj: activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.SLACK.value, event_type='MEMBER_LEFT_CHANNEL', actor=None, tags={"channel_id": channel_id, "user_email": user_info.email, "channel_email": channel_info.email})
def delete_repository(auth_token, datasource_id, action_key, action_parameters, log_entry): datasource_obj = get_datasource(datasource_id) datasource_type = datasource_obj.datasource_type status_message = "Action submitted successfully" payload = { "resource_name": action_parameters["resource_name"], "action_type": action_key, "datasource_id": datasource_id } messaging.trigger_post_event( datasource_execute_action_map[datasource_type], auth_token, None, payload, connector_servicename_map[datasource_type]) log_entry.status = action_constants.ActionStatus.SUCCESS.value log_entry.message = status_message db_connection().commit() return response_messages.ResponseMessage(200, status_message)
def process_member_joined_channel(db_session, datasource_id, payload): joined_user_id = payload['user'] if 'user' in payload else None channel_id = payload['channel'] if joined_user_id: user_channel_info = get_user_and_channel_info_based_on_ids(db_session, datasource_id, joined_user_id, channel_id) user_info = user_channel_info['user'] channel_info = user_channel_info['channel'] payload['name'] = channel_info.email directory_member_obj = entities.SlackDirectoryMember(db_session, datasource_id, user_info, joined_user_id, None, payload) db_session.execute(DirectoryStructure.__table__.insert().prefix_with("IGNORE"). values(db_utils.get_model_values(DirectoryStructure, directory_member_obj.get_model()))) datasource_obj = get_datasource(datasource_id) if datasource_obj: activity_db().add_event(domain_id=datasource_obj.domain_id, connector_type=constants.ConnectorTypes.SLACK.value, event_type='MEMBER_JOINED_CHANNEL', actor=None, tags={"channel_id": channel_id, "channel_email": channel_info.email, "user_email": user_info.email})
def transfer_ownership(auth_token, datasource_id, action_name, action_parameters, log_entry): status_message = "Action submitted successfully" datasource_obj = get_datasource(datasource_id) datasource_type = datasource_obj.datasource_type payload = { "log_id": str(log_entry.log_id), "action_type": action_name, "user_email": action_parameters["old_owner_email"], "new_owner_email": action_parameters["new_owner_email"], 'datasource_id': datasource_id, "domain_id": datasource_obj.domain_id } messaging.trigger_post_event( datasource_execute_action_map[datasource_type], auth_token, None, payload, connector_servicename_map[datasource_type]) log_entry.status = action_constants.ActionStatus.SUCCESS.value log_entry.message = status_message db_connection().commit() return response_messages.ResponseMessage(200, status_message)
def create_policy(auth_token, payload): db_session = db_connection().get_session() datasource_id = payload["datasource_id"] if "is_default" in payload: login_user = db_utils.get_user_session(auth_token).email datasource_obj = get_datasource(datasource_id) datasource_type = datasource_obj.datasource_type db_session = db_connection().get_session() default_policies = datasource_to_default_policy_map[datasource_type] for policy in default_policies: existing_policy = db_session.query(Policy).filter( and_(Policy.datasource_id == datasource_id, Policy.name == policy["name"])).first() if not existing_policy: policy['datasource_id'] = datasource_id if len(policy["actions"]) > 0: policy["actions"][0]["config"]["to"] = login_user policy["created_by"] = login_user insert_entry_into_policy_table(db_session, policy) return else: return insert_entry_into_policy_table(db_session, payload)
def execute_batch_delete(auth_token, datasource_id, user_email, initiated_by, permissions_to_update, log_entry, action_type, more_to_execute=False): sync_response = None datasource_obj = get_datasource(datasource_id) datasource_type = datasource_obj.datasource_type body = json.dumps(permissions_to_update, cls=alchemy_encoder()) payload = { "permissions": body, "datasource_id": datasource_id, "domain_id": datasource_obj.domain_id, "more_to_execute": 1 if more_to_execute else 0, "initiated_by_email": initiated_by, "log_id": str(log_entry.log_id), "user_email": user_email, "action_type": action_type } sync_response = messaging.trigger_post_event( datasource_execute_action_map[datasource_type], auth_token, None, payload, connector_servicename_map[datasource_type], constants.TriggerType.SYNC.value) if sync_response.response_code != constants.SUCCESS_STATUS_CODE: return sync_response elif more_to_execute: return response_messages.ResponseMessage( constants.ACCEPTED_STATUS_CODE, 'Action submitted successfully') else: return response_messages.ResponseMessage( 200, 'Action completed successfully')
def add_resource_permission(auth_token, datasource_id, action_payload, log_entry): action_parameters = action_payload['parameters'] new_permission_role = action_parameters['new_permission_role'] resource_id = action_parameters['resource_id'] resource_owner = action_parameters['resource_owner_id'] permission = ResourcePermission() permission.datasource_id = datasource_id permission.resource_id = resource_id permission.email = action_parameters['user_email'] permission.permission_type = new_permission_role datasource_obj = get_datasource(datasource_id) datasource_type = datasource_obj.datasource_type body = json.dumps([permission], cls=alchemy_encoder()) payload = { "permissions": body, "datasource_id": datasource_id, "domain_id": datasource_obj.domain_id, "initiated_by_email": action_payload['initiated_by'], "log_id": str(log_entry.log_id), "user_email": resource_owner, "action_type": action_payload['key'] } response = messaging.trigger_post_event( datasource_execute_action_map[datasource_type], auth_token, None, payload, connector_servicename_map[datasource_type], constants.TriggerType.SYNC.value) if response and response.response_code == constants.SUCCESS_STATUS_CODE: return response_messages.ResponseMessage( constants.SUCCESS_STATUS_CODE, 'Action completed successfully') else: return response_messages.ResponseMessage( response.response_code, response.response_body['message'])
def oauth_callback(oauth_code, scopes, state, error): redirect_url = "" if error or not oauth_code: redirect_url = urls.OAUTH_STATUS_URL + "/error?error={}".format(error) return redirect_url # in state we are passing the login scope name scope_name = state scope = LOGIN_SCOPE if scope_name in SCOPE_DICT: scope = SCOPE_DICT[scope_name] flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( gutils.CLIENT_SECRETS_FILE, scopes=scope) flow.redirect_uri = urls.GOOGLE_OAUTH_CALLBACK_URL # Use the authorization server's response to fetch the OAuth 2.0 tokens. flow.fetch_token(code=oauth_code) credentials = flow.credentials if not credentials: redirect_url = urls.OAUTH_STATUS_URL + "/error?error={}".format( "Credentials not found.") return redirect_url refresh_token = credentials.refresh_token token = credentials.token service = gutils.get_oauth_service(credentials) profile_info = service.userinfo().get().execute() login_email = profile_info['email'].lower() Logger().info( "Credentials received for {} are token: {}, refresh_token: {}, scopes: {}" .format(login_email, credentials.token, credentials.refresh_token, credentials.scopes)) domain_id = login_email db_session = db_connection().get_session() login_user = db_utils.get_login_user_from_email(login_email, db_session) is_serviceaccount_enabled = gutils.check_if_serviceaccount_enabled( login_email) if is_serviceaccount_enabled: domain_id = login_email.split('@')[1] if login_user: if not login_user.is_serviceaccount_enabled == is_serviceaccount_enabled: db_utils.create_domain(db_session, domain_id, domain_id) db_session.delete(login_user) db_connection().commit() login_user = db_utils.create_user(login_email, profile_info['given_name'], profile_info['family_name'], domain_id, refresh_token, is_serviceaccount_enabled, scope_name, token, db_session=db_session) if login_user: adya_emails.send_welcome_email(login_user) elif refresh_token: login_user.refresh_token = refresh_token login_user.authorize_scope_name = scope_name login_user.token = token login_user.last_login_time = datetime.datetime.utcnow() db_connection().commit() else: existing_domain_user = db_session.query(DomainUser).filter( and_( DomainUser.email == login_email, DomainUser.member_type == constants.EntityExposureType.INTERNAL.value)).first() if existing_domain_user and is_serviceaccount_enabled: data_source = db_utils.get_datasource( existing_domain_user.datasource_id, db_session) login_user = db_utils.create_user( login_email, existing_domain_user.first_name, existing_domain_user.last_name, domain_id, refresh_token, data_source.is_serviceaccount_enabled, scope_name, token, db_session) else: domain = db_utils.create_domain(db_session, domain_id, domain_id) login_user = db_utils.create_user(login_email, profile_info['given_name'], profile_info['family_name'], domain_id, refresh_token, is_serviceaccount_enabled, scope_name, token, db_session) if login_user: adya_emails.send_welcome_email(login_user) redirect_url = urls.OAUTH_STATUS_URL + "/success?email={}&authtoken={}".format( login_email, login_user.auth_token) return redirect_url
def process_application(db_session, datasource_id, payload): slack_client = slack_utils.get_slack_client(datasource_id) app_id = payload['profile']['api_app_id'] apps = slack_client.api_call( "team.integrationLogs", limit=150, change_type=slack_constants.AppChangedTypes.ADDED.value, app_id=app_id) apps_list = apps["logs"] if apps_list: user_id = '' display_text = '' max_score = 0 for app in apps_list: query_params = {"dataSourceId": datasource_id} scanner_data = {"entities": [app]} # add in application and userappassociation table apps_scanner.process(db_session, None, query_params, scanner_data) user_id = app['user_id'] display_text = app["app_type"] if "app_type" in app else app[ "service_type"] if 'scope' in app: scopes = app["scope"] max_score = slack_utils.get_app_score(scopes) #check for trusted apps datasource_obj = get_datasource(datasource_id) domain_id = datasource_obj.domain_id check_app_is_trusted = False trusted_apps_list = (get_trusted_entity_for_domain( db_session, domain_id))['trusted_apps'] if display_text in trusted_apps_list: check_app_is_trusted = True # policy check and send alert if apps are not trusted if not check_app_is_trusted: policy_params = { 'dataSourceId': datasource_id, 'policy_trigger': constants.PolicyTriggerType.APP_INSTALL.value } app_payload = {} app_payload['display_text'] = display_text app_payload['score'] = max_score user_info = db_session.query(DomainUser).filter( and_(DomainUser.datasource_id == datasource_id, DomainUser.user_id == user_id)).first() app_payload['user_email'] = user_info.email policy_payload = {} policy_payload['application'] = json.dumps(app_payload, cls=alchemy_encoder()) Logger().info("added_app : payload : {}".format(app_payload)) messaging.trigger_post_event(urls.SLACK_POLICIES_VALIDATE_PATH, constants.INTERNAL_SECRET, policy_params, policy_payload, "slack") activity_db().add_event( domain_id=domain_id, connector_type=constants.ConnectorTypes.SLACK.value, event_type='OAUTH_GRANT', actor=user_id, tags={ "score": max_score, "display_text": display_text })
def update_or_delete_resource_permission(auth_token, datasource_id, action_payload, log_entry): action_parameters = action_payload['parameters'] new_permission_role = action_parameters['new_permission_role'] user_type = action_parameters[ 'user_type'] if 'user_type' in action_parameters else 'user' resource_id = action_parameters['resource_id'] resource_owner = action_parameters['resource_owner_id'] user_email = action_parameters['user_email'] initiated_user = action_payload['initiated_by'] current_time = datetime.utcnow() db_session = db_connection().get_session() existing_permission = db_session.query(ResourcePermission).filter( and_(ResourcePermission.resource_id == resource_id, ResourcePermission.datasource_id == datasource_id, ResourcePermission.email == user_email)).first() if not existing_permission and action_payload[ 'key'] == action_constants.ActionNames.CHANGE_OWNER_OF_FILE.value: Logger().info("add a new permission ") response = add_resource_permission(auth_token, datasource_id, action_payload, log_entry) return response if not existing_permission: status_message = "Bad Request - Permission not found in records" Logger().info(status_message) log_entry.status = action_constants.ActionStatus.FAILED.value log_entry.message = status_message return ResponseMessage(400, status_message) query_param = { 'user_email': resource_owner, 'initiated_by_email': initiated_user, 'datasource_id': datasource_id, "log_id": str(log_entry.log_id) } existing_permission_json = json.loads( json.dumps(existing_permission, cls=alchemy_encoder())) existing_permission_json["permission_type"] = new_permission_role body = json.dumps([existing_permission_json], cls=alchemy_encoder()) response = "Action executed" datasource_obj = get_datasource(datasource_id) datasource_type = datasource_obj.datasource_type payload = { "permissions": body, "datasource_id": datasource_id, "domain_id": datasource_obj.domain_id, "initiated_by_email": action_payload['initiated_by'], "log_id": str(log_entry.log_id), "user_email": resource_owner, "action_type": action_payload['key'], "resource_name": action_parameters["resource_name"] } response = messaging.trigger_post_event( datasource_execute_action_map[datasource_type], auth_token, None, payload, connector_servicename_map[datasource_type], constants.TriggerType.SYNC.value) if response and response.response_code == constants.SUCCESS_STATUS_CODE: return response_messages.ResponseMessage( constants.SUCCESS_STATUS_CODE, 'Action completed successfully') else: return response_messages.ResponseMessage( response.response_code, response.response_body['message'])