feat(inner_range/integriti_user_sync): apply CSV sync field

Author: stakach

drivers/inner_range/integriti_user_sync.cr

@@ -15,20 +15,36 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
     sync_cron:                "0 21 * * *",
     integriti_security_group: "QG15",
 
+    _csv_sync_mappings: {
+      parking: {
+        default: "unisex with parking",
+        female:  "Female with parking",
+        male:    "Male with parking",
+      },
+      default: {
+        default: "unisex without parking",
+        female:  "Female without parking",
+        male:    "Male without parking",
+      },
+    },
+
     # use these for enabling push notifications
-    # push_authority: "authority-GAdySsf05mL"
-    # push_notification_url: "https://placeos-dev.aca.im/api/engine/v2/notifications/office365"
+    _push_authority: "authority-GAdySsf05mL",
+    _push_notification_url: "https://placeos-dev.aca.im/api/engine/v2/notifications/office365",
   })
 
   accessor directory : Calendar_1
   accessor integriti : Integriti_1
+  accessor staff_api : StaffAPI_1
 
   @time_zone : Time::Location = Time::Location.load("GMT")
 
   @syncing : Bool = false
   @sync_mutex : Mutex = Mutex.new
   @sync_requests : Int32 = 0
 
+  getter csv_sync_mappings : Hash(String, Hash(String, String))? = nil
+
   def on_update
     @time_zone_string = setting?(String, :time_zone).presence || config.control_system.not_nil!.timezone.presence || "GMT"
     @time_zone = Time::Location.load(@time_zone_string)
@@ -37,6 +53,8 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
     @user_group_id = setting(String, :user_group_id)
     @integriti_security_group = setting(String, :integriti_security_group)
 
+    @csv_sync_mappings = setting?(Hash(String, Hash(String, String)), :csv_sync_mappings)
+
     @graph_group_id = nil
 
     schedule.clear
@@ -86,6 +104,7 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
   protected def sync_users
     # get the list of users in the integriti permissions group: (i.e. QG2)
     email_to_user_id = integriti.managed_users_in_group(integriti_security_group).get.as_h.transform_values(&.as_s)
+    logger.debug { "Number of users in Integrity security group: #{email_to_user_id.size}" }
 
     ad_emails = [] of String
     new_users = [] of DirUser
@@ -95,10 +114,20 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
     loop do
       # keep track of users that need to be created
       users.each do |user|
-        user_email = user.email.downcase
         unless user.suspended
-          ad_emails << user_email
-          new_users << user unless email_to_user_id[user_email]?
+          user_email = user.email.strip.downcase
+          user.email = user_email
+          username = user.username.strip.downcase
+          user.username = username
+          # handle cases where email may not equal username (and already configured in the system)
+          user_id = email_to_user_id[username]?
+          if user_id.nil? && username != user_email
+            if user_id = email_to_user_id[user_email]?
+              email_to_user_id[username] = user_id
+            end
+          end
+          ad_emails << username
+          new_users << user unless user_id
         end
       end
 
@@ -107,10 +136,13 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
 
       # ensure we don't blow any request limits
       logger.debug { "fetching next page..." }
-      sleep 1
+      sleep 500.milliseconds
       users = Array(DirUser).from_json directory.get_members(user_group_id, next_page).get.to_json
     end
 
+    logger.debug { "Number of users in Integrity security group: #{email_to_user_id.size}" }
+    logger.debug { "Number of users in Directory security group: #{ad_emails.size}" }
+
     # find all the users that need to be removed from the group
     removed = 0
     removed_errors = 0
@@ -132,17 +164,30 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
       end
     end
 
+    logger.debug { "Removed #{removed} users from integrity security group" }
+
     # add the users that need to be in the group
     added = 0
     added_errors = 0
 
     new_users.each do |user|
-      user_email = user.email.downcase
+      username = user.username
+      user_email = user.email
+
       begin
-        # check if the user exists (find by email)
-        users = integriti.user_id_lookup(user_email).get.as_a.map(&.as_s)
+        # check if the user exists (find by email and username)
+        users = integriti.user_id_lookup(username).get.as_a.map(&.as_s)
         if users.empty?
-          users << integriti.create_user(user.name, user_email, user.phone).get.as_s
+          users = integriti.user_id_lookup(user_email).get.as_a.map(&.as_s) unless user_email == username
+          if users.empty?
+            new_user_id = integriti.create_user(user.name, username, user.phone).get.as_s
+            users << new_user_id
+            email_to_user_id[username] = new_user_id
+          else
+            # we want to update the users email address to be the username
+            logger.debug { "updating user email #{user_email} to #{username}" }
+            integriti.update_user_custom(users.first, username)
+          end
         end
 
         # add the user permission group
@@ -161,11 +206,17 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
       end
     end
 
+    logger.debug { "Added #{added} users to integrity security group" }
+
+    # CSV array
+    csv_changed = sync_csv_field(ad_emails, email_to_user_id)
+
     result = {
       removed:        removed,
       removed_errors: removed_errors,
       added:          added,
       added_errors:   added_errors,
+      base_building:  csv_changed,
     }
     logger.info { "integriti user sync results: #{result}" }
     result
@@ -205,4 +256,77 @@ class InnerRange::IntegritiUserSync < PlaceOS::Driver
       raise "google is not supported"
     end
   end
+
+  # ===================
+  # CSV Mappings
+  # ===================
+
+  DEFAULT_KEY = "default"
+
+  getter building_id : String { get_building_id.not_nil! }
+
+  def get_building_id
+    building_setting = setting?(String, :building_zone_override)
+    return building_setting if building_setting.presence
+    zone_ids = staff_api.zones(tags: "building").get.as_a.map(&.[]("id").as_s)
+    (zone_ids & system.zones).first
+  rescue error
+    logger.warn(exception: error) { "unable to determine building zone id" }
+    nil
+  end
+
+  protected def sync_csv_field(ad_emails : Array(String), email_to_user_id : Hash(String, String))
+    mappings = csv_sync_mappings
+    return "no CSV mappings" unless mappings && !mappings.empty?
+
+    check = mappings.keys
+    check.delete(DEFAULT_KEY)
+
+    possible_csv_strings = mappings.values.flat_map do |hash|
+      hash.values
+    end
+
+    logger.debug { "checking base building access for #{ad_emails.size} users" }
+
+    now = Time.local(@time_zone).at_beginning_of_day
+    end_of_day = 3.days.from_now.in(@time_zone).at_end_of_day
+    building = building_id
+
+    ad_emails.each do |email|
+      user_id = email_to_user_id[email]?
+      if user_id.nil?
+        logger.warn { "unable to apply CSV sync to #{email}. Possibly no matching integriti user" }
+        next
+      end
+
+      # TODO:: lookup gender
+      gender = DEFAULT_KEY
+
+      # check if the user has any of the required bookings
+      bookings = check.flat_map do |booking_type|
+        staff_api.query_bookings(now.to_unix, end_of_day.to_unix, zones: {building}, type: booking_type, email: email).get.as_a
+      end
+
+      key = if booking = bookings.first?
+              booking["booking_type"].as_s
+            else
+              DEFAULT_KEY
+            end
+
+      # ensure appropriate security group is selected
+      csv_security_group = mappings[key][gender]
+      user = integriti.user(user_id).get
+      csv_string = user["cf_csv"].as_s?
+      if csv_string != csv_security_group
+        if !csv_string.presence || csv_string.in?(possible_csv_strings)
+          # change the CSV string of this user
+          integriti.update_user_custom(user_id, email: email, csv: csv_security_group)
+        else
+          logger.debug { "skipping csv update for #{email} as current mapping #{csv_string} may have been manually configured" }
+        end
+      end
+    rescue error
+      logger.warn(exception: error) { "failed to check csv field for #{email}" }
+    end
+  end
 end