search

unee-t / lambda2sqs

Relays SQL triggered payloads to MEFE via a queue
https://ap-southeast-1.console.aws.amazon.com/lambda/home?region=ap-southeast-1#/applications/lambda2sqs
GNU Affero General Public License v3.0
0 stars 4 forks source link

MEFE API - role assignment #11

Closed kaihendry closed 5 years ago

kaihendry commented 5 years ago

Similar to #9 & #10 and related to https://github.com/unee-t/frontend/pull/734

Assuming the payload in the above PR is correct, I need to know the:

Is there some RequestId in the JSON_OBJECT like unitCreationRequestId or userCreationRequestId?

This should be quick to implement assuming they are similar to previous ones.

franck-boullier commented 5 years ago

The payload for the MEFE API:

As per https://github.com/unee-t/frontend/pull/734#issue-263126559 is like

{
    "actionType": "ASSIGN_ROLE",
    "requestorUserId": "R4vBD6BZRCNx8JwnM",
    "addedUserId": "chFmfTz34ahKcSNM9",
    "unitId": "ths88NatbylBl6dPQ",
    "roleType": "Tenant",
    "isOccupant": false,
    "isVisible": false,
    "isDefaultInvited": true,
    "roleVisibility": {
        "Agent": false,
        "Tenant": true,
        "Owner/Landlord": false,
        "Management Company": false,
        "Contractor": true,
        "Occupant": true
    }
}

Example response:

{
    "timestamp": "2019-03-21T04:53:54.286Z"
}

The lambda:

{
   "unitId": "00V9XSzfATFa1DuT1"
   , "roleType": "Tenant"
   , "isVisible": "false"
   , "actionType": "ASSIGN_ROLE"
   , "isOccupant": "true"
   , "addedUserId": "RbpcfLvTg26P8phEA"
   , "roleVisibility": {
      "Agent": "true"
      , "Tenant": "true"
      , "Occupant": "true"
      , "Contractor": "true"
      , "Owner/Landlord": "true"
      , "Management Company": "true"
      }
   , "requestorUserId": "YYeAutqzDY3MeqbNC"
   , "isDefaultInvited": "false"
   , "mefeAPIRequestId": 1
}

Is there some RequestId in the JSON_OBJECT like unitCreationRequestId or userCreationRequestId?

yes, this is mefeAPIRequestId

SQL that needs to called on response

SET @mefe_api_request_id= 'mefeAPIRequestId';
SET @creation_datetime = 'timestamp (from_API_response - Make sure to use the correct MySQL format for timestamp)';
CALL `ut_creation_success_add_user_to_role_in_unit_with_visibility`;
kaihendry commented 5 years ago

When I try the payload, I get "Error: 403 Forbidden from MEFE: https://case.dev.unee-t.com/api/process-api-payload?accessToken=O6I9svDTizOfLfdVA5ri, Response: \"requestorUserId YYeAutqzDY3MeqbNC is not an owner of unit 00V9XSzfATFa1DuT1 and not allowed to assign roles\" from MEFE.

Do you have a positive payload I can test with in the dev environment?

franck-boullier commented 5 years ago

Do you have a positive payload I can test with in the dev environment?

Because we have some security checks to make sure only authorized users are allowed to do this operation and only on the units they are allowed to modify this would be MUCH easier if I was able to do all the steps with the API as they're supposed to happen: 1- Create a user (this works) 2- Create the unit (this is still not working see the 400 error you reported) 3- Assign a role to this newly created user in that newly created unit.

I can probably try to circumvent the security mechanisms to do 3 but that's going to be long, frustrating and painful ---> I'd rather avoid that if possible 😓

Any ETA to fix https://media.dev.unee-t.com/2019-03-24/log.png? I'd rather wait for that so we can test all end to end...

kaihendry commented 5 years ago

https://media.dev.unee-t.com/2019-03-24/log.png is not a problem (from lambda2sns). It's just showing the there is non-2xx MEFE response so lambda2sns stopped processing.

Or are you referring the the NULL stuff? https://github.com/unee-t/lambda2sns/issues/9#issuecomment-475930885

franck-boullier commented 5 years ago

This does NOT work as intended.

The Test:

1- create a new user with the MEFE API - PASSED 2- create a new unit with the MEFE API - PASSED 3- Assign the new user to the new unit is a role in that unit with the MEFE API - FAILED

The checks:

1- new user is able to log in to the MEFE - PASSED 2- After API to assign the user to the unit has run, see if the user can see the unit in the MEFE - FAILED

What worked:

Request was created with lambda from the Unee-T Enterprise Db.

the payload:

{"unitId": "jAPsg5sZBjSDT9QSD", "roleType": "Tenant", "isVisible": "true", "actionType": "ASSIGN_ROLE", "isOccupant": "true", "addedUserId": "wQY75SMMHbMv5jnhe", "roleVisibility": {"Agent": "true", "Tenant": "true", "Occupant": "true", "Contractor": "true", "Owner/Landlord": "true", "Management Company": "true"}, "requestorUserId": "YYeAutqzDY3MeqbNC", "isDefaultInvited": "false", "mefeAPIRequestId": 2}

@kaihendry and @nbiton what shall we do to fix this?

nbiton commented 5 years ago

The boolean values true and false have been sent as strings. They need to be converted to proper boolean values. (Also, this is a test comment for the Slack integration)

franck-boullier commented 5 years ago

The boolean values true and false have been sent as strings. They need to be converted to proper boolean values.

So far no solution to this issue.

The lambda we can generate from SQL (forcing boolean and using the native JSON_OBJECT MySQL function is

{"unitId": "jAPsg5sZBjSDT9QSD", "roleType": "Tenant", "isVisible": 1, "actionType": "ASSIGN_ROLE", "isOccupant": 1, "addedUserId": "wQY75SMMHbMv5jnhe", "roleVisibility": {"Agent": 1, "Tenant": 1, "Occupant": null, "Contractor": 1, "Owner/Landlord": 1, "Management Company": 1}, "requestorUserId": "YYeAutqzDY3MeqbNC", "isDefaultInvited": 0, "mefeAPIRequestId": 1}

But MySQL does not seem to have to have a clean way to generate boolean values.

There is a documented (and quite old) bug about this here https://bugs.mysql.com/bug.php?id=79813

@kaihendry do you have a way to switch the 0 and 1 to false and true respectively? This seems to be the most obvious solution at this point...

franck-boullier commented 5 years ago

More information:

        SET @test = 1 ;

        SET @test_json = IF(@test = 1
            , CAST(TRUE AS JSON) 
            , CAST(FALSE AS JSON) 
            );

        SELECT @test_json ;

Works with MySQL 5.7

BUT it FAILS with MariaDb v10.2.21 😭 ---> not really willing to use this because of that...

kaihendry commented 5 years ago

We can switch to using int I guess.

franck-boullier commented 5 years ago

We can switch to using int I guess.

That'll be great! Anything I need to do?

franck-boullier commented 5 years ago

The payload I am able to generate from the lambda:

{"unitId": "jAPsg5sZBjSDT9QSD", "roleType": "Tenant", "isVisible": 1, "actionType": "ASSIGN_ROLE", "isOccupant": 1, "addedUserId": "wQY75SMMHbMv5jnhe", "roleVisibility": {"Agent": 1, "Tenant": 1, "Occupant": 1, "Contractor": 1, "Owner/Landlord": 1, "Management Company": 1}, "requestorUserId": "YYeAutqzDY3MeqbNC", "isDefaultInvited": 0, "mefeAPIRequestId": 1}
franck-boullier commented 5 years ago

fixed in the latest version of the Master https://github.com/unee-t/frontend/pull/737