in server/TenantManagementService/user-management.py [0:0]
def update_user(event, context):
requesting_user_name = event['requestContext']['authorizer']['userName']
tenant_id = event['requestContext']['authorizer']['tenantId']
user_pool_id = event['requestContext']['authorizer']['userPoolId']
user_role = event['requestContext']['authorizer']['userRole']
user_details = json.loads(event['body'])
user_name = event['pathParameters']['username']
tracer.put_annotation(key="TenantId", value=tenant_id)
logger.log_with_tenant_context(event, "Request received to get user")
if (auth_manager.isSystemAdmin(user_role)):
user_tenant_id = user_details['tenantId']
tenant_details = table_tenant_details.get_item(
Key ={
'tenantId': user_tenant_id
}
)
logger.info(tenant_details)
user_pool_id = tenant_details['Item']['userPoolId']
if (auth_manager.isTenantUser(user_role) and user_name != requesting_user_name):
logger.log_with_tenant_context(event, "Request completed as unauthorized. User can only update itself!")
return utils.create_unauthorized_response()
else:
user_info = get_user_info(event, user_pool_id, user_name)
if(user_info.tenant_id!=tenant_id):
logger.log_with_tenant_context(event, "Request completed as unauthorized. Users in other tenants cannot be accessed")
return utils.create_unauthorized_response()
else:
metrics_manager.record_metric(event, "UserUpdated", "Count", 1)
response = client.admin_update_user_attributes(
Username=user_name,
UserPoolId=user_pool_id,
UserAttributes=[
{
'Name': 'email',
'Value': user_details['userEmail']
},
{
'Name': 'custom:userRole',
'Value': user_details['userRole']
}
]
)
logger.log_with_tenant_context(event, response)
logger.log_with_tenant_context(event, "Request completed to update user ")
return utils.create_success_response("user updated")