def remove_policies(policy_ids=None):
"""Removes a certain policy from the system
:param policy_ids: ID of the policy to be removed (All for all policies)
:return Result of operation
"""
result = AffectedItemsWazuhResult(none_msg='No policies were deleted',
some_msg='Some policies could not be deleted',
all_msg='All specified policies were deleted')
with PoliciesManager() as pm:
for p_id in policy_ids:
policy = pm.get_policy_id(int(p_id))
if policy != SecurityError.POLICY_NOT_EXIST and int(p_id) not in admin_policy_ids:
related_users = check_relationships(policy['roles'])
policy_delete = pm.delete_policy(int(p_id))
if policy_delete == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=p_id, error=WazuhError(4008))
elif not policy_delete:
result.add_failed_item(id_=p_id, error=WazuhError(4007))
elif policy:
result.affected_items.append(policy)
result.total_affected_items += 1
invalid_users_tokens(users=list(related_users))
result.affected_items = sorted(result.affected_items, key=lambda i: i['id'])
return result
def remove_roles(role_ids):
"""Removes a certain role from the system
:param role_ids: List of roles ids (None for all roles)
:return Result of operation
"""
result = AffectedItemsWazuhResult(none_msg='No role were deleted',
some_msg='Some roles could not be delete',
all_msg='All specified roles were deleted')
with RolesManager() as rm:
for r_id in role_ids:
role = rm.get_role_id(int(r_id))
if role != SecurityError.ROLE_NOT_EXIST and int(r_id) not in admin_role_ids:
related_users = check_relationships([role])
role_delete = rm.delete_role(int(r_id))
if role_delete == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=r_id, error=WazuhError(4008))
elif not role_delete:
result.add_failed_item(id_=r_id, error=WazuhError(4002))
elif role:
result.affected_items.append(role)
result.total_affected_items += 1
invalid_users_tokens(users=list(related_users))
result.affected_items = sorted(result.affected_items, key=lambda i: i['id'])
return result
def test_check_relationships(db_setup, role_list, expected_users):
"""Check that the relationship between role and user is correct according to
`schema_security_test.sql`.
Parameters
----------
role_list : list
List of role IDs.
expected_users : set
Expected users.
"""
_, _, core_security = db_setup
assert core_security.check_relationships(roles=[role_id for role_id in role_list]) == expected_users