new: Test cases for restricted tags

Fix #483

pymisp/aping.py

@@ -2027,7 +2027,6 @@ class ExpandedPyMISP(PyMISP):
         response = self._prepare_request('POST', f'user_settings/delete', data=query)
         return self._check_response(response, expect_json=True)
 
-
     # ## END User Settings ###
 
     # ## BEGIN Global helpers ###
@@ -2049,12 +2048,14 @@ class ExpandedPyMISP(PyMISP):
 
         raise PyMISPError('The misp_entity must be MISPEvent, MISPObject or MISPAttribute')
 
-    def tag(self, misp_entity: Union[AbstractMISP, str], tag: str, local: bool=False):
+    def tag(self, misp_entity: Union[AbstractMISP, str], tag: Union[MISPTag, int, str], local: bool=False):
         """Tag an event or an attribute. misp_entity can be a UUID"""
         if 'uuid' in misp_entity:
             uuid = misp_entity.uuid
         else:
             uuid = misp_entity
+        if isinstance(tag, MISPTag):
+            tag = tag.name
         to_post = {'uuid': uuid, 'tag': tag, 'local': local}
         response = self._prepare_request('POST', 'tags/attachTagToObject', data=to_post)
         return self._check_response(response, expect_json=True)

tests/testlive_comprehensive.py

@@ -1166,12 +1166,32 @@ class TestComprehensive(unittest.TestCase):
         self.assertFalse(non_exportable_tag.exportable)
         first = self.create_simple_event()
         first.attributes[0].add_tag('non-exportable tag')
+        # Add tag restricted to an org
+        tag = MISPTag()
+        tag.name = f'restricted to org {self.test_org.id}'
+        tag.org_id = self.test_org.id
+        tag_org_restricted = self.admin_misp_connector.add_tag(tag, pythonify=True)
+        self.assertEqual(tag_org_restricted.org_id, tag.org_id)
+        # Add tag restricted to a user
+        tag.name = f'restricted to user {self.test_usr.id}'
+        tag.user_id = self.test_usr.id
+        tag_user_restricted = self.admin_misp_connector.add_tag(tag, pythonify=True)
+        self.assertEqual(tag_user_restricted.user_id, tag.user_id)
         try:
             first = self.user_misp_connector.add_event(first)
             self.assertFalse(first.attributes[0].tags)
             first = self.admin_misp_connector.get_event(first, pythonify=True)
             # Reference: https://github.com/MISP/MISP/issues/1394
             self.assertFalse(first.attributes[0].tags)
+            # Reference: https://github.com/MISP/PyMISP/issues/483
+            r = self.delegate_user_misp_connector.tag(first, tag_org_restricted)
+            self.assertEqual(r['errors'][1]['message'], 'Invalid Tag. This tag can only be set by a fixed organisation.')
+            r = self.user_misp_connector.tag(first, tag_org_restricted)
+            self.assertEqual(r['name'], f'Global tag {tag_org_restricted.name}({tag_org_restricted.id}) successfully attached to Event({first.id}).')
+            r = self.pub_misp_connector.tag(first.attributes[0], tag_user_restricted)
+            self.assertEqual(r['errors'][1]['message'], 'Invalid Tag. This tag can only be set by a fixed user.')
+            r = self.user_misp_connector.tag(first.attributes[0], tag_user_restricted)
+            self.assertEqual(r['name'], f'Global tag {tag_user_restricted.name}({tag_user_restricted.id}) successfully attached to Attribute({first.attributes[0].id}).')
         finally:
             # Delete event
             self.admin_misp_connector.delete_event(first)
@@ -1181,6 +1201,8 @@ class TestComprehensive(unittest.TestCase):
         self.assertEqual(response['message'], 'Tag deleted.')
         response = self.admin_misp_connector.delete_tag(non_exportable_tag)
         self.assertEqual(response['message'], 'Tag deleted.')
+        response = self.admin_misp_connector.delete_tag(tag_org_restricted)
+        response = self.admin_misp_connector.delete_tag(tag_user_restricted)
 
     def test_add_event_with_attachment_object_controller(self):
         first = self.create_simple_event()