def remove_policies(policy_ids=None): """Removes a certain policy from the system :param policy_ids: ID of the policy to be removed (All for all policies) :return Result of operation """ result = AffectedItemsWazuhResult(none_msg='No policies were deleted', some_msg='Some policies could not be deleted', all_msg='All specified policies were deleted') with PoliciesManager() as pm: for p_id in policy_ids: policy = pm.get_policy_id(int(p_id)) if policy != SecurityError.POLICY_NOT_EXIST and int(p_id) not in admin_policy_ids: related_users = check_relationships(policy['roles']) policy_delete = pm.delete_policy(int(p_id)) if policy_delete == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=p_id, error=WazuhError(4008)) elif not policy_delete: result.add_failed_item(id_=p_id, error=WazuhError(4007)) elif policy: result.affected_items.append(policy) result.total_affected_items += 1 invalid_users_tokens(users=list(related_users)) result.affected_items = sorted(result.affected_items, key=lambda i: i['id']) return result
def remove_roles(role_ids): """Removes a certain role from the system :param role_ids: List of roles ids (None for all roles) :return Result of operation """ result = AffectedItemsWazuhResult(none_msg='No role were deleted', some_msg='Some roles could not be delete', all_msg='All specified roles were deleted') with RolesManager() as rm: for r_id in role_ids: role = rm.get_role_id(int(r_id)) if role != SecurityError.ROLE_NOT_EXIST and int(r_id) not in admin_role_ids: related_users = check_relationships([role]) role_delete = rm.delete_role(int(r_id)) if role_delete == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=r_id, error=WazuhError(4008)) elif not role_delete: result.add_failed_item(id_=r_id, error=WazuhError(4002)) elif role: result.affected_items.append(role) result.total_affected_items += 1 invalid_users_tokens(users=list(related_users)) result.affected_items = sorted(result.affected_items, key=lambda i: i['id']) return result
def test_check_relationships(db_setup, role_list, expected_users): """Check that the relationship between role and user is correct according to `schema_security_test.sql`. Parameters ---------- role_list : list List of role IDs. expected_users : set Expected users. """ _, _, core_security = db_setup assert core_security.check_relationships(roles=[role_id for role_id in role_list]) == expected_users