def __getPolicyForTenantUser()

in server/layers/auth_manager.py [0:0]

• 47 lines of code
• 1 McCabe index (conditional complexity)

def __getPolicyForTenantUser(tenant_id, region, aws_account_id):
    
    policy = {	
        "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "dynamodb:UpdateItem",
                      "dynamodb:GetItem",
                      "dynamodb:PutItem",
                      "dynamodb:DeleteItem",
                      "dynamodb:Query"      
                  ],
                  "Resource": [
                      "arn:aws:dynamodb:{0}:{1}:table/Product-*".format(region, aws_account_id),                      
                  ],
                  "Condition": {
                      "ForAllValues:StringLike": {
                          "dynamodb:LeadingKeys": [
                              "{0}-*".format(tenant_id)
                          ]
                      }
                  }
              },
              {
                  "Effect": "Allow",
                  "Action": [
                      "dynamodb:UpdateItem",
                      "dynamodb:GetItem",
                      "dynamodb:PutItem",
                      "dynamodb:DeleteItem",
                      "dynamodb:Query"               
                  ],
                  "Resource": [
                      "arn:aws:dynamodb:{0}:{1}:table/Order-*".format(region, aws_account_id),                      
                  ],
                  "Condition": {
                      "ForAllValues:StringLike": {
                          "dynamodb:LeadingKeys": [
                              "{0}-*".format(tenant_id)
                          ]
                      }
                  }
              }
          ]
        }
    
    return json.dumps(policy)