Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 | 1x 8x 1x 7x 7x 1x 6x 6x 1x 1x 5x 5x 5x 5x 4x 1x 3x 1x 1x 1x 2x 1x 1x 1x 1x 1x 1x 1x | import { APIGatewayEvent } from "aws-lambda";
import { getAuthDetails, lookupUserAttributes } from "libs/api/auth/user";
import { produceMessage } from "libs/api/kafka";
import { response } from "libs/handler-lib";
import { getAllUserRolesByEmail } from "./userManagementService";
export const requestBaseCMSAccess = async (event: APIGatewayEvent) => {
if (!event?.requestContext) {
return response({
statusCode: 400,
body: { message: "Request context required" },
});
}
const topicName = process.env.topicName as string;
if (!topicName) {
throw new Error("Topic name is not defined");
}
let authDetails;
try {
authDetails = getAuthDetails(event);
} catch (err) {
console.error(err);
return response({
statusCode: 401,
body: { message: "User not authenticated" },
});
}
try {
const { userId, poolId } = authDetails;
const userAttributes = await lookupUserAttributes(userId, poolId);
// const userInfo = await getUserByEmail(userAttributes.email);
const userRoles = await getAllUserRolesByEmail(userAttributes.email);
if (userRoles.length) {
return response({
statusCode: 200,
body: { message: "User roles already created" },
});
}
if (userAttributes["custom:ismemberof"]) {
const id = `${userAttributes.email}_N/A_defaultcmsuser`;
await produceMessage(
topicName,
id,
JSON.stringify({
eventType: "user-role",
email: userAttributes.email,
status: "active",
territory: "N/A",
role: "defaultcmsuser", // role for this state
doneByEmail: userAttributes.email,
doneByName: `${userAttributes.given_name} ${userAttributes.family_name}`, // full name of current user. Cognito (userAttributes) may have a different full name
date: Date.now(), // correct time format?
}),
);
return response({
statusCode: 200,
body: {
message: "User role updated, because no default role found",
},
});
}
if (userAttributes["custom:cms-roles"].includes("onemac-helpdesk")) {
const id = `${userAttributes.email}_N/A_helpdesk`;
await produceMessage(
topicName,
id,
JSON.stringify({
eventType: "user-role",
email: userAttributes.email,
status: "active",
territory: "N/A",
role: "helpdesk", // role for this state
doneByEmail: userAttributes.email,
doneByName: `${userAttributes.given_name} ${userAttributes.family_name}`, // full name of current user. Cognito (userAttributes) may have a different full name
date: Date.now(), // correct time format?
}),
);
return response({
statusCode: 200,
body: {
message: "User role updated, because no default role found",
},
});
}
return response({
statusCode: 200,
body: { message: "User role not updated" },
});
} catch (err: unknown) {
console.log("An error occurred: ", err);
return response({
statusCode: 500,
body: { message: "Internal server error" },
});
}
};
export const handler = requestBaseCMSAccess;
|