in server/TenantManagementService/user-management.py [0:0]
def get_user(event, context):
requesting_user_name = event['requestContext']['authorizer']['userName']
tenant_id = event['requestContext']['authorizer']['tenantId']
user_pool_id = event['requestContext']['authorizer']['userPoolId']
user_role = event['requestContext']['authorizer']['userRole']
user_name = event['pathParameters']['username']
tracer.put_annotation(key="TenantId", value=tenant_id)
logger.log_with_tenant_context(event, "Request received to get user")
if (auth_manager.isSystemAdmin(user_role)):
user_tenant_id = event['queryStringParameters']['tenantid']
tenant_details = table_tenant_details.get_item(
Key ={
'tenantId': user_tenant_id
}
)
logger.info(tenant_details)
user_pool_id = tenant_details['Item']['userPoolId']
if (auth_manager.isTenantUser(user_role) and user_name != requesting_user_name):
logger.log_with_tenant_context(event, "Request completed as unauthorized. User can only get its information.")
return utils.create_unauthorized_response()
else:
user_info = get_user_info(event, user_pool_id, user_name)
if(user_info.tenant_id!=tenant_id):
logger.log_with_tenant_context(event, "Request completed as unauthorized. Users in other tenants cannot be accessed")
return utils.create_unauthorized_response()
else:
logger.log_with_tenant_context(event, "Request completed to get new user ")
return utils.create_success_response(user_info.__dict__)