Privilege and Security

# Privileges
from mstrio.access_and_security.privilege import Privilege
from mstrio.users_and_groups import list_user_groups, list_users, User, UserGroup
from mstrio.access_and_security.security_role import list_security_roles, SecurityRole
from mstrio.connection import get_connection

PROJECT_NAME = '<Project_name>'  # Insert name of project here
PRIVILEGE_NAME = '<Privilege_name>'  # Insert name of edited privilege here
PRIVILEGE_ID = '<Privilege_ID>'  # Insert ID of edited privilege here
# Following strings are for Security Roles edition
SECURITY_ROLE_NAME = '<Security_Role_name>'  # Insert name of newly created or accesed security role
SECURITY_ROLE_DESCRIPTION = '<Security_Role_desc>'  # Insert description of newly created or accesed security role
USER_NAME = '<Username>'  # Insert name of user to be assigned or revoked security role
USER_GROUP_NAME = '<User_group_name>'  # Insert name of user group to be assigned or revoked security role

conn = get_connection(workstationData, project_name=PROJECT_NAME)

# Create Privilege object by name or ID
priv = Privilege(conn, name=PRIVILEGE_NAME)
priv = Privilege(conn, id=PRIVILEGE_ID)

# List Privileges and return objects or display in DataFrame
Privilege.list_privileges(conn, to_dataframe=True, is_project_level_privilege='True')
priv = Privilege.list_privileges(conn, id=[PRIVILEGE_ID])
for p in priv:
    print(p.id)
priv[0].list_properties()

# SecurityRoles
# Create new SecurityRole
new_role = SecurityRole.create(
    conn,
    name=SECURITY_ROLE_NAME,
    description=SECURITY_ROLE_DESCRIPTION,
    privileges=[PRIVILEGE_ID, PRIVILEGE_NAME]
)

# List SecurityRoles and store the Objects
all_roles = list_security_roles(conn)
list_security_roles(conn, to_dataframe=True)

# Create SecurityRole object by name or ID
role = SecurityRole(conn, id=all_roles[0].id)
SecurityRole(conn, id=all_roles[0].id)
role = SecurityRole(conn, name=all_roles[0].name)
SecurityRole(conn, name=all_roles[0].name)
SecurityRole(connection=conn, name=SECURITY_ROLE_NAME)

# List SecurityRole members
role.list_members(project_name=PROJECT_NAME)

# Grant/Revoke Security Role to users/usergroups
user = User(conn, name=USER_NAME)
users = list_users(conn)
group = UserGroup(conn, name=USER_GROUP_NAME)
groups = list_user_groups(conn)

# Grant/Revoke for Users
role.grant_to(members=user, project=PROJECT_NAME)
role.revoke_from(members=user, project=PROJECT_NAME)
role.grant_to(members=users, project=PROJECT_NAME)
role.revoke_from(members=users, project=PROJECT_NAME)

# Grant/Revoke for UserGroups
role.grant_to(members=group, project=PROJECT_NAME)
role.revoke_from(members=group, project=PROJECT_NAME)

# List Privileges
role.list_privileges()
role.list_privileges(to_dataframe=True)

# Grant/ Revoke privileges to Security Role
role.grant_privilege(privilege=[PRIVILEGE_ID])
role.revoke_privilege([PRIVILEGE_ID])
privs = list(role.list_privileges().keys())
role.revoke_all_privileges()
role.grant_privilege(privilege=privs)