in server/TenantManagementService/user-management.py [0:0]
def create_user(event, context):
tenant_id = event['requestContext']['authorizer']['tenantId']
user_pool_id = event['requestContext']['authorizer']['userPoolId']
user_role = event['requestContext']['authorizer']['userRole']
user_details = json.loads(event['body'])
tracer.put_annotation(key="TenantId", value=tenant_id)
logger.log_with_tenant_context(event, "Request received to create new user")
if (auth_manager.isSystemAdmin(user_role)):
user_tenant_id = user_details['tenantId']
tenant_details = table_tenant_details.get_item(
Key ={
'tenantId': user_tenant_id
}
)
logger.info(tenant_details)
user_pool_id = tenant_details['Item']['userPoolId']
else:
user_tenant_id = tenant_id
if (auth_manager.isTenantAdmin(user_role) or auth_manager.isSystemAdmin(user_role)):
metrics_manager.record_metric(event, "UserCreated", "Count", 1)
response = client.admin_create_user(
Username=user_details['userName'],
UserPoolId=user_pool_id,
ForceAliasCreation=True,
UserAttributes=[
{
'Name': 'email',
'Value': user_details['userEmail']
},
{
'Name': 'custom:userRole',
'Value': user_details['userRole']
},
{
'Name': 'custom:tenantId',
'Value': user_tenant_id
}
]
)
logger.log_with_tenant_context(event, response)
user_mgmt = UserManagement()
user_mgmt.add_user_to_group(user_pool_id, user_details['userName'], user_tenant_id)
response_mapping = user_mgmt.create_user_tenant_mapping(user_details['userName'], user_tenant_id)
logger.log_with_tenant_context(event, "Request completed to create new user ")
return utils.create_success_response("New user created")
else:
logger.log_with_tenant_context(event, "Request completed as unauthorized. Only tenant admin or system admin can create user!")
return utils.create_unauthorized_response()