in server/TenantManagementService/user-management.py [0:0]
def disable_user(event, context):
tenant_id = event['requestContext']['authorizer']['tenantId']
user_pool_id = event['requestContext']['authorizer']['userPoolId']
user_role = event['requestContext']['authorizer']['userRole']
user_name = event['pathParameters']['username']
tracer.put_annotation(key="TenantId", value=tenant_id)
logger.log_with_tenant_context(event, "Request received to disable new user")
if (auth_manager.isSystemAdmin(user_role)):
user_tenant_id = event['queryStringParameters']['tenantid']
tenant_details = table_tenant_details.get_item(
Key ={
'tenantId': user_tenant_id
}
)
logger.info(tenant_details)
user_pool_id = tenant_details['Item']['userPoolId']
if (auth_manager.isTenantAdmin(user_role) or auth_manager.isSystemAdmin(user_role)):
user_info = get_user_info(event, user_pool_id, user_name)
if(user_info.tenant_id!=tenant_id):
logger.log_with_tenant_context(event, "Request completed as unauthorized. Users in other tenants cannot be accessed")
return utils.create_unauthorized_response()
else:
metrics_manager.record_metric(event, "UserDisabled", "Count", 1)
response = client.admin_disable_user(
Username=user_name,
UserPoolId=user_pool_id
)
logger.log_with_tenant_context(event, response)
logger.log_with_tenant_context(event, "Request completed to disable new user ")
return utils.create_success_response("User disabled")
else:
logger.log_with_tenant_context(event, "Request completed as unauthorized. Only tenant admin or system admin can disable user!")
return utils.create_unauthorized_response()