def remove_role_rule(role_id, rule_ids): """Remove a relationship between a role and one or more rules. :param role_id: The new role_id :param rule_ids: List of rule ids :return Result of operation """ result = AffectedItemsWazuhResult(none_msg=f'No security rule was unlinked from role {role_id[0]}', some_msg=f'Some security rules were not unlinked from role {role_id[0]}', all_msg=f'All security rules were unlinked from role {role_id[0]}') success = False with RolesRulesManager() as rrm: for rule_id in rule_ids: role_rule = rrm.remove_rule_in_role(role_id=int(role_id[0]), rule_id=int(rule_id)) if role_rule == SecurityError.INVALID: result.add_failed_item(id_=rule_id, error=WazuhError(4024)) elif role_rule == SecurityError.ROLE_NOT_EXIST: result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4002)) elif role_rule == SecurityError.RULE_NOT_EXIST: result.add_failed_item(id_=rule_id, error=WazuhError(4022)) elif role_rule == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4008)) else: success = True result.total_affected_items += 1 if success: with RolesManager() as rm: result.affected_items.append(rm.get_role_id(role_id=role_id[0])) # Invalidate users with auth_context invalid_run_as_tokens() result.affected_items.sort(key=str) return result
def set_role_rule(role_id, rule_ids, run_as=False): """Create a relationship between a role and one or more rules. Parameters ---------- role_id : int The new role_id rule_ids : list of int List of rule ids run_as : dict Login with an authorization context or not Returns ------- """ result = AffectedItemsWazuhResult( none_msg=f'No link was created to role {role_id[0]}', some_msg=f'Some security rules were not linked to role {role_id[0]}', all_msg=f'All security rules were linked to role {role_id[0]}') success = False with RolesRulesManager() as rrm: for rule_id in rule_ids: role_rule = rrm.add_rule_to_role(role_id=int(role_id[0]), rule_id=int(rule_id)) if role_rule == SecurityError.ALREADY_EXIST: result.add_failed_item(id_=int(rule_id), error=WazuhError(4023)) elif role_rule == SecurityError.ROLE_NOT_EXIST: result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4002)) elif role_rule == SecurityError.RULE_NOT_EXIST: result.add_failed_item(id_=int(rule_id), error=WazuhError(4022)) elif role_rule == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4008)) else: success = True result.total_affected_items += 1 if success: with RolesManager() as rm: result.affected_items.append( rm.get_role_id(role_id=role_id[0])) # Invalidate users with auth_context invalid_run_as_tokens() result.affected_items.sort(key=str) return result