async def api_add_user_to_group_or_raise(group_name, member_name, actor):
try:
group_info = await auth.get_group_info(group_name, members=False)
except Exception:
raise NoGroupsException("Unable to retrieve the specified group")
actor_groups = await auth.get_groups(actor)
can_add_remove_members = can_modify_members(actor, actor_groups, group_info)
if not can_add_remove_members:
raise UnauthorizedToAccess("Unauthorized to modify members of this group.")
try:
await add_user_to_group(member_name, group_name, actor)
except HttpError as e:
# Inconsistent GG API error - ignore failure for user already existing
if e.resp.reason == "duplicate":
pass
except UserAlreadyAMemberOfGroupException:
pass
except BulkAddPrevented:
dynamo_handler = UserDynamoHandler(actor)
dynamo_handler.add_request(
member_name,
group_name,
f"{actor} requesting on behalf of {member_name} from a bulk operation",
updated_by=actor,
)
return "REQUESTED"
return "ADDED"
async def add_user_to_group_task(
member: str,
group: str,
requesting_user: str,
requesting_users_groups: List[str],
semaphore=None,
service: None = None,
) -> Dict[str, Union[str, bool]]:
if not semaphore:
semaphore = asyncio.BoundedSemaphore(10)
async with semaphore:
stats.count(
"add_user_to_group_task.attempt",
tags={"member": member, "group": group, "requesting_user": requesting_user},
)
member = member.strip()
result = {
"Action": "Add user",
"Member": member,
"Group": group,
"Error": False,
}
log_data = {
"function": f"{__name__, sys._getframe().f_code.co_name}",
"action": "Add user",
"member": member,
"group": group,
}
try:
group_info = await auth.get_group_info(group, members=False)
can_add_remove_members = can_modify_members(
requesting_user, requesting_users_groups, group_info
)
if not can_add_remove_members:
result[
"Result"
] = "You are unable to add members to this group. Maybe it is restricted."
result["Error"] = True
error = f"There was at least one problem. {result['Result']}"
log_data["error"] = error
log.warn(log_data, exc_info=True)
return result
if not validate_email(member):
result["Result"] = "Invalid e-mail address entered"
result["Error"] = True
log_data["message"] = "Error"
log_data["error"] = result["Result"]
log.warn(log_data, exc_info=True)
return result
if (
not group_info.allow_third_party_users
and not await auth.does_user_exist(member)
):
result[
"Result"
] = "User does not exist in our environment and this group doesn't allow third party users."
result["Error"] = True
log_data["message"] = "Error"
log_data["error"] = result["Result"]
log.warn(log_data, exc_info=True)
return result
await add_user_to_group(member, group, requesting_user, service=service)
result["Result"] = "Successfully added user to group"
return result
except Exception as e:
result["Result"] = html.escape(str(e))
result["Error"] = True
error = f"There was at least one problem. {e}"
log_data["message"] = "Error"
log_data["error"] = error
log.error(log_data, exc_info=True)
return result
async def remove_user_from_group_task(
member: str,
group: str,
requesting_user: str,
requesting_users_groups: List[str],
semaphore=None,
service: None = None,
) -> Dict[str, Union[str, bool]]:
if not semaphore:
semaphore = asyncio.BoundedSemaphore(10)
async with semaphore:
stats.count(
"remove_user_from_group_task.attempt",
tags={"member": member, "group": group, "requesting_user": requesting_user},
)
member = member.strip()
result = {
"Action": "Remove user",
"Member": member,
"Requesting User": requesting_user,
"Group": group,
"Error": False,
}
log_data = {
"function": f"{__name__, sys._getframe().f_code.co_name}",
"action": "Remove user",
"member": member,
"group": group,
}
try:
group_info = await auth.get_group_info(group, members=False)
can_add_remove_members = can_modify_members(
requesting_user, requesting_users_groups, group_info
)
if not can_add_remove_members:
result[
"Result"
] = "You are unable to remove members from this group. Maybe it is restricted."
result["Error"] = True
error = f"There was at least one problem. {result['Result']}"
log_data["error"] = error
log.warn(log_data, exc_info=True)
return result
if not validate_email(member):
result[
"Result"
] = "Invalid e-mail address entered, or user doesn't exist"
result["Error"] = True
log_data["message"] = "Error"
log_data["error"] = result["Result"]
log.warn(log_data, exc_info=True)
return result
await remove_user_from_group(
member, group, requesting_user, service=service
)
result["Result"] = "Successfully removed user from group"
return result
except Exception as e:
result["Result"] = str(e)
result["Error"] = True
error = f"There was at least one problem. {e}"
log_data["message"] = "Error"
log_data["error"] = error
log.error(log_data, exc_info=True)
return result