def get_invitations_for_org(org_id, status=None, token_info: Dict = None):
"""Get invitations for an org."""
org_model = OrgModel.find_by_org_id(org_id)
if not org_model:
return None
if status:
status = InvitationStatus[status]
# If staff return full list
if 'staff' in token_info.get('realm_access').get('roles'):
return InvitationModel.find_pending_invitations_by_org(org_id)
current_user: UserService = UserService.find_by_jwt_token(token_info)
current_user_membership: MembershipModel = \
MembershipModel.find_membership_by_user_and_org(user_id=current_user.identifier, org_id=org_id)
# If no active membership return empty array
if current_user_membership is None or \
current_user_membership.status != Status.ACTIVE.value:
return []
# Ensure either ADMIN or COORDINATOR
if current_user_membership.membership_type_code == USER:
return []
return InvitationModel.find_invitations_by_org(org_id=org_id, status=status)
def get_invitations_for_org(org_id, status=None, **kwargs):
"""Get invitations for an org."""
user_from_context: UserContext = kwargs['user_context']
org_model = OrgModel.find_by_org_id(org_id)
if not org_model:
return None
if status:
status = InvitationStatus[status]
# If staff return full list
if user_from_context.is_staff():
return InvitationModel.find_pending_invitations_by_org(org_id)
current_user: UserService = UserService.find_by_jwt_token()
current_user_membership: MembershipModel = \
MembershipModel.find_membership_by_user_and_org(user_id=current_user.identifier, org_id=org_id)
# If no active membership return empty array
if current_user_membership is None or \
current_user_membership.status != Status.ACTIVE.value:
return []
# Ensure either ADMIN or COORDINATOR
if current_user_membership.membership_type_code == USER:
return []
return InvitationModel.find_invitations_by_org(org_id=org_id,
status=status)
def delete_anonymous_user(user_name, token_info: Dict = None):
"""
Delete User Profile.
1) check if the token user is admin/owner of the current user
2) disable the user from kc
3) set user status as INACTIVE
4) set membership as inactive
"""
admin_user: UserModel = UserModel.find_by_jwt_token(token_info)
if not admin_user:
raise BusinessException(Error.DATA_NOT_FOUND, None)
if admin_user.status == UserStatus.INACTIVE.value:
raise BusinessException(Error.DELETE_FAILED_INACTIVE_USER, None)
# handle validations.
user = UserModel.find_by_username(user_name)
membership = MembershipModel.find_membership_by_userid(user.id)
org_id = membership.org_id
is_valid_action = False
# admin/owner deleteion
admin_user_membership = MembershipModel.find_membership_by_user_and_org(
admin_user.id, org_id)
if admin_user_membership.membership_type_code in [ADMIN]:
is_valid_action = True
# staff admin deleteion
is_staff_admin = token_info and Role.STAFF_CREATE_ACCOUNTS.value in token_info.get(
'realm_access').get('roles')
if is_staff_admin:
is_valid_action = True
# self deletion
if user.keycloak_guid == admin_user.keycloak_guid:
is_valid_action = True
# is the only owner getting deleted
if is_valid_action and membership.membership_type_code == ADMIN:
count_of_owners = MembershipModel.get_count_active_owner_org_id(
org_id)
if count_of_owners == 1:
is_valid_action = False
if not is_valid_action:
raise BusinessException(Error.INVALID_USER_CREDENTIALS, None)
user.is_terms_of_use_accepted = False
user.status = UserStatus.INACTIVE.value
user.save()
membership.status = Status.INACTIVE.value
membership.save()
update_user_request = KeycloakUser()
update_user_request.user_name = user_name.replace(
IdpHint.BCROS.value + '/', '')
update_user_request.enabled = False
KeycloakService.update_user(update_user_request)
def get_members_for_org(
org_id,
status=Status.ACTIVE, # pylint:disable=too-many-return-statements
membership_roles=ALL_ALLOWED_ROLES,
token_info: Dict = None):
"""Get members of org.Fetches using status and roles."""
org_model = OrgModel.find_by_org_id(org_id)
if not org_model:
return None
status = Status.ACTIVE.value if status is None else Status[status].value
membership_roles = ALL_ALLOWED_ROLES if membership_roles is None else membership_roles
# If staff return full list
if 'staff' in token_info.get('realm_access').get('roles'):
return MembershipModel.find_members_by_org_id_by_status_by_roles(
org_id, membership_roles, status)
current_user: UserService = UserService.find_by_jwt_token(token_info)
current_user_membership: MembershipModel = \
MembershipModel.find_membership_by_user_and_org(user_id=current_user.identifier, org_id=org_id)
# If no active or pending membership return empty array
if current_user_membership is None or \
current_user_membership.status == Status.INACTIVE.value or \
current_user_membership.status == Status.REJECTED.value:
return []
# If pending approval, return empty for active, array of self only for pending
if current_user_membership.status == Status.PENDING_APPROVAL.value:
return [current_user_membership
] if status == Status.PENDING_APPROVAL.value else []
# If active status for current user, then check organizational role
if current_user_membership.status == Status.ACTIVE.value:
if current_user_membership.membership_type_code == ADMIN or \
current_user_membership.membership_type_code == COORDINATOR:
return MembershipModel.find_members_by_org_id_by_status_by_roles(
org_id, membership_roles, status)
return MembershipModel.find_members_by_org_id_by_status_by_roles(org_id, membership_roles, status) \
if status == Status.ACTIVE.value else []
return []
def get_members_for_org(
org_id,
status=Status.ACTIVE.name, # pylint:disable=too-many-return-statements
membership_roles=ALL_ALLOWED_ROLES,
**kwargs):
"""Get members of org.Fetches using status and roles."""
org_model = OrgModel.find_by_org_id(org_id)
if not org_model:
return None
user_from_context: UserContext = kwargs['user_context']
status = Status.ACTIVE.value if status is None else Status[status].value
membership_roles = ALL_ALLOWED_ROLES if membership_roles is None else membership_roles
# If staff return full list
if user_from_context.is_staff():
return MembershipModel.find_members_by_org_id_by_status_by_roles(
org_id, membership_roles, status)
current_user: UserService = UserService.find_by_jwt_token()
current_user_membership: MembershipModel = \
MembershipModel.find_membership_by_user_and_org(user_id=current_user.identifier, org_id=org_id)
# If no active or pending membership return empty array
if current_user_membership is None or \
current_user_membership.status == Status.INACTIVE.value or \
current_user_membership.status == Status.REJECTED.value:
return []
# If pending approval, return empty for active, array of self only for pending
if current_user_membership.status == Status.PENDING_APPROVAL.value:
return [current_user_membership
] if status == Status.PENDING_APPROVAL.value else []
# If active status for current user, then check organizational role
if current_user_membership.status == Status.ACTIVE.value:
if current_user_membership.membership_type_code in (ADMIN,
COORDINATOR):
return MembershipModel.find_members_by_org_id_by_status_by_roles(
org_id, membership_roles, status)
return MembershipModel.find_members_by_org_id_by_status_by_roles(org_id, membership_roles, status) \
if status == Status.ACTIVE.value else []
return []
def get_membership_for_org_and_user(org_id, user_id):
"""Get the membership for the given org and user id."""
return MembershipModel.find_membership_by_user_and_org(user_id, org_id)
