async def raise_if_requires_bgcheck_and_no_bgcheck(user: str, group_info: Any) -> bool:
"""Check if group requires a background check, and if the user has completed the
background check. Will raise if the user requires a background check but has not
completed one.
"""
if not does_group_require_bg_check(group_info):
return True
user_info = await auth.get_user_info(user, object=True)
function = f"{__name__}.{sys._getframe().f_code.co_name}"
stats.count(function)
log_data = {
"function": function,
"user": user,
"group": group_info.name,
"backgroundcheck_required": group_info.backgroundcheck_required,
}
log.debug(log_data)
if user_info.passed_background_check:
return True
raise BackgroundCheckNotPassedException(
f"User {user} has not passed background check. "
f"Group {group_info.name} requires a background check. Please contact Nerds"
)
async def raise_if_background_check_required_and_no_background_check(
role, user):
for compliance_account_id in config.get("aws.compliance_account_ids", []):
if compliance_account_id == role.split(":")[4]:
user_info = await auth.get_user_info(user, object=True)
if not user_info.passed_background_check:
function = f"{__name__}.{sys._getframe().f_code.co_name}"
log_data: dict = {
"function":
function,
"user":
user,
"role":
role,
"message":
"User trying to access SEG role without background check",
}
log.error(log_data)
stats.count(
f"{function}.access_denied_background_check_not_passed",
tags={
"function": function,
"user": user,
"role": role
},
)
raise BackgroundCheckNotPassedException(
config.get(
"aws.background_check_not_passed",
"You must have passed a background check to access role "
"{role}.",
).format(role=role))