feat: add resolve pendingFailures

Author: sumedha-bhatt

Access/accessrequest_helper.py

@@ -77,6 +77,8 @@
 - {request_id} - Approver: {approver}"
 ERROR_DECLINING_REQUEST_LOG_MSG = "Error in Decline of request {request_id}. \
  Error:{error} .Please contact admin."
+ERROR_MARKING_RESOLVE_FAIL_LOG_MSG = "Error in resolving request {request_id}. \
+ Error:{error} ."
 
 
 def get_request_access(request):
@@ -284,8 +286,7 @@ def get_pending_accesses_from_modules(access_user):
 
         logger.info(
             "Time to fetch pending requests of access module: %s - %s "
-            % access_module_tag,
-            str(time.time() - access_module_start_time),
+            % (access_module_tag, str(time.time() - access_module_start_time)),
         )
 
     return individual_requests, list(group_requests.values())
@@ -878,6 +879,22 @@ def decline_group_access(request, request_id, reason):
         )
 
 
+def run_ignore_failure_task(auth_user, access_mapping, request_id, selector):
+    try:
+        if selector == "decline":
+            access_mapping.decline_access()
+        elif selector == "approve":
+            access_mapping.approve_access()
+        notifications.send_mail_for_request_resolve(auth_user, selector, request_id)
+    except Exception as e:
+        logger.exception(e)
+        return create_error_response(
+            error_msg=ERROR_MARKING_RESOLVE_FAIL_LOG_MSG.format(
+                request_id=request_id, error=str(str(e))
+            )
+        )
+
+
 def create_error_response(error_msg):
     json_response = {}
     json_response["error"] = error_msg

Access/admin.py

@@ -9,7 +9,7 @@
     GroupV2,
     MembershipV2,
     GroupAccessMapping,
-    UserIdentity
+    UserIdentity,
 )
 
 

Access/background_task_manager.py

@@ -60,15 +60,15 @@ def run_access_grant(request_id):
     user_access_mapping = UserAccessMapping.get_access_request(request_id=request_id)
     access_tag = user_access_mapping.access.access_tag
     user = user_access_mapping.user_identity.user
-    approver = user_access_mapping.approver_1.user.username
+    approver = user_access_mapping.approver_1.user
     message = ""
     if not user_access_mapping.user_identity.user.is_active():
         user_access_mapping.decline_access(decline_reason="User is not active")
         logger.debug(
             {
                 "requestId": request_id,
                 "status": "Declined",
-                "by": approver,
+                "by": approver.username,
                 "response": message,
             }
         )
@@ -298,6 +298,7 @@ def run_accept_request(data):
 
     return {"status": False}
 
+
 def accept_request(user_access_mapping):
     try:
         result = run_access_grant.delay(user_access_mapping.request_id)

Access/group_helper.py

@@ -517,6 +517,7 @@ def add_user_to_group(request):
         }
         return context
 
+
 def _check_if_members_in_group(group, selected_members):
     group_members_email = group.get_approved_and_pending_member_emails()
     duplicate_request_emails = set(selected_members).intersection(

Access/models.py

@@ -169,14 +169,14 @@ def getPendingApprovalsCount(self, all_access_modules):
 
     def getFailedGrantsCount(self):
         return (
-            UserAccessMapping.objects.filter(status__in=["grantfailed"]).count()
+            UserAccessMapping.objects.filter(status__in=["GrantFailed"]).count()
             if self.isAdminOrOps()
             else 0
         )
 
     def getFailedRevokesCount(self):
         return (
-            UserAccessMapping.objects.filter(status__in=["revokefailed"]).count()
+            UserAccessMapping.objects.filter(status__in=["RevokeFailed"]).count()
             if self.isAdminOrOps()
             else 0
         )
@@ -558,7 +558,6 @@ def get_all_approved_members(self):
         group_members = self.get_all_members().filter(status="Approved")
         return group_members
 
-
     def get_approved_and_pending_member_emails(self):
         group_member_emails = self.membership_group.filter(
             status__in=["Approved", "Pending"]
@@ -863,10 +862,6 @@ def decline_access(self, decline_reason=None):
     def approve_access(self):
         self.status = "Approved"
         self.save()
-    
-    @staticmethod
-    def get_by_id(request_id):
-        return UserAccessMapping.objects.get(request_id=request_id)
 
     def revoking(self, revoker):
         self.revoker = revoker

Access/notifications.py

@@ -23,6 +23,7 @@
 )
 USER_ACCESS_REQUEST_GRANT_FAILURE_SUBJECT = "[Enigma][Access Management] {} - {} - {} \
     Failed to Approve Request"
+USER_REQUEST_RESOLVE_SUBJECT = "[Enigma][Access Management] - Request Resolved - {}"
 
 
 def send_new_group_create_notification(auth_user, date_time, new_group, member_list):
@@ -70,11 +71,12 @@ def send_membership_accepted_notification(user, group, membership):
     destination.append(user.email)
     general.emailSES(destination, subject, body)
 
+
 def send_mulitple_membership_accepted_notification(user_names, group, membership):
     subject = MEMBERSHIP_ACCEPTED_SUBJECT.format(user_names, group.name)
     body = helpers.generateStringFromTemplate(
         filename="membershipAcceptedEmailBody.html",
-        user_name= ",".join(user_names),
+        user_name=",".join(user_names),
         group_name=group.name,
         approver=membership.approver.name,
     )
@@ -278,3 +280,16 @@ def send_decline_group_access_failed(destination, request_id, error):
     except Exception as e:
         logger.exception(str(e))
         logger.error("Something when wrong while sending Email.")
+
+
+def send_mail_for_request_resolve(auth_user, access_type, request_id):
+    destination = [auth_user.email]
+    subject = USER_REQUEST_RESOLVE_SUBJECT.format(request_id)
+    body = helpers.generateStringFromTemplate(
+        filename="requestResolvedEmail.html",
+        user=auth_user.email,
+        request_id=request_id,
+        access_type=access_type,
+    )
+    general.emailSES(destination, subject, body)
+    logger.debug("Email sent for " + subject + " to " + str(destination))

Access/views.py

@@ -22,6 +22,7 @@
     get_decline_access_request,
     accept_group_access,
     run_accept_request_task,
+    run_ignore_failure_task,
 )
 from Access.models import User, UserAccessMapping, GroupAccessMapping
 
@@ -608,7 +609,9 @@ def mark_revoked(request):
         for mapping_object in requests:
             logger.info(
                 "Marking access revoke - %s by user %s",
-                mapping_object.request_id, request.user.user)
+                mapping_object.request_id,
+                request.user.user,
+            )
             mapping_object.revoke(revoker=request.user.user)
             success_list.append(mapping_object.request_id)
         json_response["msg"] = "Success"
@@ -618,23 +621,123 @@ def mark_revoked(request):
         json_response["error"] = "Error Revoking User Access"
     return JsonResponse(json_response, status=403)
 
+
 def individual_resolve(request):
-    json_response = {"status_list":[]}
+    json_response = {"status_list": []}
     try:
-        request_ids = request.GET.getlist('requestId')
+        request_ids = request.GET.getlist("requestId")
         if not request_ids:
             raise Exception("Request id not found in the request")
-        
+
         for request_id in request_ids:
-            user_access_mapping = UserAccessMapping.get_by_id(request_id)
+            user_access_mapping = UserAccessMapping.get_access_request(request_id)
             if user_access_mapping.status.lower() in ["grantfailed", "approved"]:
-                response = run_accept_request_task(False, user_access_mapping, request.user, user_access_mapping.request_id, user_access_mapping.access.access_label)
+                response = run_accept_request_task(
+                    False,
+                    user_access_mapping,
+                    request.user,
+                    user_access_mapping.request_id,
+                    user_access_mapping.access.access_label,
+                )
                 json_response["status_list"] += response["status"]
             else:
-                json_response["status_list"].append({'title': 'The Request ('+request_id+') is already resolved.', 'msg': 'The request is already in final state.'})
-        return render(request,'BSOps/accessStatus.html',json_response)
+                json_response["status_list"].append(
+                    {
+                        "title": "The Request ("
+                        + request_id
+                        + ") is already resolved.",
+                        "msg": "The request is already in final state.",
+                    }
+                )
+        return render(request, "BSOps/accessStatus.html", json_response)
     except Exception as e:
         logger.exception(str(e))
-        json_response['error'] = {'error_msg': "Bad request", 'msg': "Error in request not found OR Invalid request type"}
-        return render(request,'BSOps/accessStatus.html',json_response)
-    
+        json_response["error"] = {
+            "error_msg": "Bad request",
+            "msg": "Error in request not found OR Invalid request type",
+        }
+        return render(request, "BSOps/accessStatus.html", json_response)
+
+
+@login_required
+@user_with_permission([PERMISSION_CONSTANTS["DEFAULT_APPROVER_PERMISSION"]])
+def ignore_failure(request, selector):
+    try:
+        json_response = {"status_list": []}
+        request_ids = request.GET.getlist("requestId")
+        for request_id in request_ids:
+            user_access_mapping = UserAccessMapping.get_access_request(request_id)
+            if user_access_mapping.status.lower() in ["grantfailed", "revokefailed"]:
+                run_ignore_failure_task(
+                    request.user,
+                    user_access_mapping,
+                    user_access_mapping.request_id,
+                    selector,
+                )
+                json_response["status_list"].append(
+                    {
+                        "title": "The Request ("
+                        + request_id
+                        + ") is now being ignored. Mark - "
+                        + selector,
+                        "msg": "A email will be sent after the requested access is ignored",
+                    }
+                )
+            else:
+                logger.debug("Cannot ignore " + request_id)
+                json_response["status_list"].append(
+                    {
+                        "title": "The Request ("
+                        + request_id
+                        + ") is already resolved.",
+                        "msg": "The request is already in final state.",
+                    }
+                )
+        return render(request, "BSOps/accessStatus.html", json_response)
+    except Exception as e:
+        logger.debug("Error in request not found OR Invalid request type")
+        logger.exception(e)
+        json_response = {}
+        json_response["error"] = {
+            "error_msg": str(e),
+            "msg": "Error in request not found OR Invalid request type",
+        }
+        return render(request, "BSOps/accessStatus.html", json_response)
+
+
+@login_required
+@user_with_permission([PERMISSION_CONSTANTS["DEFAULT_APPROVER_PERMISSION"]])
+def resolve_bulk(request):
+    try:
+        json_response = {"status_list": []}
+        request_ids = request.GET.getlist("requestId")
+        for request_id in request_ids:
+            user_access_mapping = UserAccessMapping.get_access_request(request_id)
+            if user_access_mapping.status.lower() in ["grantfailed"]:
+                response = run_accept_request_task(
+                    False,
+                    user_access_mapping,
+                    request.user,
+                    user_access_mapping.request_id,
+                    user_access_mapping.access.access_label,
+                )
+                json_response["status_list"] += response["status"]
+            else:
+                json_response["status_list"].append(
+                    {
+                        "title": "The Request ("
+                        + request_id
+                        + ") is already resolved.",
+                        "msg": "The request is already in final state.",
+                    }
+                )
+        return render(request, "BSOps/accessStatus.html", json_response)
+    except Exception as e:
+        logger.debug("Error in request not found OR Invalid request type")
+        logger.exception(e)
+        json_response = {}
+        json_response["error"] = {
+            "error_msg": str(e),
+            "msg": "Error in request not found OR Invalid request type",
+        }
+        return render(request, "BSOps/accessStatus.html", json_response)