def remove_role_policy(role_id, policy_ids):
"""Removes a relationship between a role and a policy
:param role_id: The new role_id
:param policy_ids: List of policies ids
:return Result of operation
"""
result = AffectedItemsWazuhResult(none_msg=f'No policy was unlinked from role {role_id[0]}',
some_msg=f'Some policies were not unlinked from role {role_id[0]}',
all_msg=f'All policies were unlinked from role {role_id[0]}')
success = False
with RolesPoliciesManager() as rpm:
for policy_id in policy_ids:
policy_id = int(policy_id)
role_policy = rpm.remove_policy_in_role(role_id=role_id[0], policy_id=policy_id)
if role_policy == SecurityError.INVALID:
result.add_failed_item(id_=policy_id, error=WazuhError(4010))
elif role_policy == SecurityError.ROLE_NOT_EXIST:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4002))
elif role_policy == SecurityError.POLICY_NOT_EXIST:
result.add_failed_item(id_=policy_id, error=WazuhError(4007))
elif role_policy == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4008))
else:
success = True
result.total_affected_items += 1
if success:
with RolesManager() as rm:
result.affected_items.append(rm.get_role_id(role_id=role_id[0]))
role = rm.get_role_id(role_id=role_id[0])
invalid_roles_tokens(roles=[role['id']])
result.affected_items.sort(key=str)
return result
def set_role_policy(role_id, policy_ids, position=None):
"""Create a relationship between a role and a policy
Parameters
----------
role_id : int
The new role_id
policy_ids : list of int
List of policy IDs
position : int
Position where the new role will be inserted
Returns
-------
dict
Role-Policies information
"""
result = AffectedItemsWazuhResult(
none_msg=f'No link was created to role {role_id[0]}',
some_msg=f'Some policies were not linked to role {role_id[0]}',
all_msg=f'All policies were linked to role {role_id[0]}')
success = False
with RolesPoliciesManager() as rpm:
for policy_id in policy_ids:
policy_id = int(policy_id)
role_policy = rpm.add_policy_to_role(role_id=role_id[0],
policy_id=policy_id,
position=position)
if role_policy == SecurityError.ALREADY_EXIST:
result.add_failed_item(id_=policy_id, error=WazuhError(4011))
elif role_policy == SecurityError.ROLE_NOT_EXIST:
result.add_failed_item(id_=int(role_id[0]),
error=WazuhError(4002))
elif role_policy == SecurityError.POLICY_NOT_EXIST:
result.add_failed_item(id_=policy_id, error=WazuhError(4007))
elif role_policy == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(role_id[0]),
error=WazuhError(4008))
else:
success = True
result.total_affected_items += 1
if position is not None:
position += 1
if success:
with RolesManager() as rm:
result.affected_items.append(
rm.get_role_id(role_id=role_id[0]))
role = rm.get_role_id(role_id=role_id[0])
invalid_roles_tokens(roles=[role['id']])
result.affected_items.sort(key=str)
return result