def ecommerce_approvals_get():
logger.debug("workflow_approvals()")
workflow_list = []
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_groups = okta_admin.get_user_groups(user["id"])
user_get_response = okta_admin.get_user_list_by_search(
'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests")))
for list in user_get_response:
for grp in list["profile"][get_udp_ns_fieldname("access_requests")]:
group_get_response = okta_admin.get_group(id=grp)
logging.debug(group_get_response)
var = {
"requestor": list["profile"]["login"],
"request": group_get_response["profile"]["description"],
"usr_grp": {
"user_id": list["id"],
"group_id": grp
}
}
for clist in user_groups:
if grp == clist['id']:
workflow_list.append(var)
return render_template(
"{0}/workflow-approvals.html".format(get_app_vertical()),
templatename=get_app_vertical(),
workflow_list=workflow_list,
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_get_username(altid):
logger.debug("gbac_get_username()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user_list_by_search("profile.mobilePhone eq \"" + altid + "\" or profile.primaryPhone eq \"" + altid + "\"")
logger.debug(user)
return user[0]["profile"]["login"]
def gbac_finduser_completion():
logger.debug("gbac_finduser_completion()")
firstName = request.form.get('firstname')
lastName = request.form.get('lastname')
primaryPhone = request.form.get('phone')
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_response = ""
message = ""
email = ""
login = ""
if primaryPhone:
logging.debug("checking primaryPhone")
user_response = okta_admin.get_user_list_by_search(
"profile.primaryPhone eq \"" + primaryPhone + "\"&limit=1")
if not user_response:
logging.debug("checking mobilePhone")
user_response = okta_admin.get_user_list_by_search(
"profile.mobilePhone eq \"" + primaryPhone + "\"&limit=1")
else:
user_response = okta_admin.get_user_list_by_search(
"profile.firstName eq \"" + firstName +
"\" and profile.lastName eq \"" + lastName + "\"&limit=1")
if user_response:
login = user_response[0]['profile']['login']
recipients = []
recipients.append({"address": user_response[0]["profile"]["email"]})
emailLogin(recipients, login)
message = "Your Username was found. An email is being sent to: " + user_response[
0]["profile"]["email"]
else:
message = "Your Username was not found. Please try again."
return redirect(
url_for("gbac_findusername_bp.findusername_bp",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
email=email,
message=message))
def workflow_approvals_get():
logger.debug("workflow_approvals()")
CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN)
workflow_list = []
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
# On a GET display the registration page with the defaults
admin_groups = okta_admin.get_user_groups(user_id)
admin_group_id = ""
# Must be an admin
for item in admin_groups:
if item["profile"]["name"] == CONFIG_GROUP_ADMIN:
admin_group_id = item["id"]
if admin_group_id:
# access_requests attribute contains workflow request
# 'profile.access_requests eq pr"
user_get_response = okta_admin.get_user_list_by_search(
'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests")))
for list in user_get_response:
for grp in list["profile"][get_udp_ns_fieldname(
"access_requests")]:
group_get_response = okta_admin.get_group(id=grp)
var = {
"requestor": list["profile"]["login"],
"request": group_get_response["profile"]["description"],
"usr_grp": {
"user_id": list["id"],
"group_id": grp
}
}
workflow_list.append(var)
return render_template(
"{0}/workflow-approvals.html".format(get_app_vertical()),
templatename=get_app_vertical(),
workflow_list=workflow_list,
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else:
return "ERROR: Unauthorized", 401
