Is your feature request related to a problem? Please describe.
When setting users to "custom" and manually adding roles back in based on groups, using the "type: role" we should be able to specify an array of values instead of copy pasting the field and changing the role value, this should also be an option for removing roles. As it stands if we want to add or remove roles we need to create a new field group with patterns, type and value, as it only accepts a keyword value.
eg:
- field: groups
pattern: ^pattern1$
type: role
value: alert_manage
- field: groups
pattern: ^pattern1$
type: role
value: alert_view
- field: groups
pattern: ^pattern1$
type: role
value: apikey_access
- field: groups
pattern: ^pattern1$
type: role
value: file_detail
Describe the solution you'd like
- field: groups
pattern: ^pattern1$
type: role
value: [file_detail, apikey_access, alert_view, alert_manage]
Describe alternatives you've considered
When trying the above exceptions is thrown;
raise ValueError(f"[{self.name or self.parent_name}] {value} not in the possible values: { self.values}")\nValueError: [roles] ['alert_manage', 'alert_view', 'apikey_access', 'file_detail', 'heuristic_view', 'obo_access', 'replay_trigger', 'safelist_view', 'safelist_manage', 'signature_view', 'signature_download', 'submission_create', 'submission_delete', 'submission_manage', 'submission_view', 'workflow_manage', 'workflow_view', 'replay_system', 'archive_view', 'archive_manage', 'archive_trigger', 'self_manage'] not in the possible values: {'bundle_download', 'signature_ import', 'signature_download', 'file_download', 'submission_view', 'self_manage', 'alert_manage', 'signature_manage', 'administration', 'archive_download', 'replay_system', 'replay_trigger', 'alert_view', 'apikey_access', 'workflow_manage', 'heuristic_view', 'submission_manage', 'safelist_view', 'archive_view', 'workflow_view', 'submission_delete', 'submission_create', 'safelist_manage', 'signature_view', 'archive_trigger', 'obo_access', 'file_detail', 'archive_manage'}\n"}
The same is true if we try:
- field: groups
pattern: ^pattern1$
type: role
value: file_detail, apikey_access, alert_view, alert_manage
or
- field: groups
pattern: ^pattern1$
type: role
value: ["file_detail", "apikey_access", "alert_view", "alert_manage"]
or
- field: groups
pattern: ^pattern1$
type: role
value:
- "file_detail"
- "apikey_access"
- "alert_view"
- "alert_manage"
Additional context
unless I'm doing something wrong here I think collections of roles are not allowed.
Similar issue on the documentation as seen below: