All files / lib/lambda/user-management requestBaseCMSAccess.ts

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
 
 
 
 
 
1x
 
 
 
 
4x
 
4x
 
 
 
4x
4x
 
4x
1x
 
 
 
 
 
3x
3x
 
3x
 
3x
1x
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1x
 
 
 
 
 
2x
1x
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1x
 
 
 
 
 
1x
 
 
 
 
 
import { APIGatewayEvent } from "aws-lambda";
import { produceMessage } from "libs/api/kafka";
 
import { authenticatedMiddy, ContextWithAuthenticatedUser } from "../middleware";
import { getAllUserRolesByEmail, getUserByEmail } from "./userManagementService";
 
export const handler = authenticatedMiddy({
  opensearch: true,
  kafka: true,
  setToContext: true,
}).handler(async (event: APIGatewayEvent, context: ContextWithAuthenticatedUser) => {
  const { authenticatedUser } = context;
 
  Iif (!authenticatedUser?.email) {
    throw new Error("Email is undefined");
  }
 
  const userInfo = await getUserByEmail(authenticatedUser.email);
  const userRoles = await getAllUserRolesByEmail(authenticatedUser.email);
 
  if (userRoles.length) {
    return {
      statusCode: 200,
      body: { message: "User roles already created" },
    };
  }
 
  const date = Date.now();
  const doneByEmail = userInfo?.email || authenticatedUser.email;
  const doneByName =
    userInfo?.fullName || `${authenticatedUser.given_name} ${authenticatedUser.family_name}`; // full name of current user. Cognito (userAttributes) may have a different full name
 
  if (authenticatedUser["custom:ismemberof"]) {
    const id = `${authenticatedUser.email}_N/A_defaultcmsuser`;
 
    await produceMessage(
      process.env.topicName || "",
      id,
      JSON.stringify({
        eventType: "user-role",
        email: authenticatedUser.email.toLowerCase(),
        status: "active",
        territory: "N/A",
        role: "defaultcmsuser", // role for this state
        doneByEmail,
        doneByName,
        date,
      }),
    );
 
    return {
      statusCode: 200,
      body: { message: "User role updated, because no default role found" },
    };
  }
 
  if (authenticatedUser["custom:cms-roles"].includes("onemac-helpdesk")) {
    const id = `${authenticatedUser.email}_N/A_helpdesk`;
 
    await produceMessage(
      process.env.topicName || "",
      id,
      JSON.stringify({
        eventType: "user-role",
        email: authenticatedUser.email.toLowerCase(),
        status: "active",
        territory: "N/A",
        role: "helpdesk", // role for this state
        doneByEmail,
        doneByName,
        date,
      }),
    );
 
    return {
      statusCode: 200,
      body: { message: "User role updated, because no default role found" },
    };
  }
 
  return {
    statusCode: 200,
    body: { message: "User role not updated" },
  };
});