#2076 Send delete events to stream

TheHive-Project · Jun 11, 2021 · 22b149c · 22b149c
1 parent ebd7be3
commit 22b149c
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 7 deletions.
diff --git a/thehive/app/org/thp/thehive/services/AuditSrv.scala b/thehive/app/org/thp/thehive/services/AuditSrv.scala
@@ -19,6 +19,7 @@ import org.thp.thehive.services.CaseTemplateOps._
 import org.thp.thehive.services.DashboardOps._
 import org.thp.thehive.services.ObservableOps._
 import org.thp.thehive.services.OrganisationOps._
+import org.thp.thehive.services.ShareOps._
 import org.thp.thehive.services.TaskOps._
 import org.thp.thehive.services.notification.AuditNotificationMessage
 import play.api.libs.json.{JsObject, JsValue, Json}
@@ -401,6 +402,7 @@ object AuditOps {
             .option("Organisation", _.v[Organisation]._id)
             .option("CaseTemplate", _.v[CaseTemplate].organisation._id)
             .option("Dashboard", _.v[Dashboard].organisation._id)
+            .option("Share", _.v[Share].organisation._id)
         )
         .domainMap(EntityId.apply)
 
@@ -412,6 +414,7 @@ object AuditOps {
             .option("Case", _.v[Case]._id)
             .option("Observable", _.v[Observable].value(_.relatedId).widen[AnyRef])
             .option("Task", _.v[Task].value(_.relatedId).widen[AnyRef])
+            .option("Share", _.v[Share].`case`._id)
         )
         .domainMap(EntityId.apply)
 
@@ -426,6 +429,7 @@ object AuditOps {
             .option("Organisation", _.v[Organisation].current.widen[Any])
             .option("CaseTemplate", _.v[CaseTemplate].visible.widen[Any])
             .option("Dashboard", _.v[Dashboard].visible.widen[Any])
+            .option("Share", _.v[Share].organisation.current.widen[Any])
         )
       )
 

diff --git a/thehive/app/org/thp/thehive/services/ObservableSrv.scala b/thehive/app/org/thp/thehive/services/ObservableSrv.scala
@@ -17,7 +17,7 @@ import org.thp.thehive.services.AlertOps._
 import org.thp.thehive.services.ObservableOps._
 import org.thp.thehive.services.OrganisationOps._
 import org.thp.thehive.services.ShareOps._
-import play.api.libs.json.{JsObject, Json}
+import play.api.libs.json.{JsObject, JsString, Json}
 
 import java.util.{Map => JMap}
 import javax.inject.{Inject, Provider, Singleton}
@@ -136,35 +136,50 @@ class ObservableSrv @Inject() (
       _ <- auditSrv.observable.update(observable, Json.obj("tags" -> tags))
     } yield (tagsToAdd, tagsToRemove)
 
-  override def delete(observable: Observable with Entity)(implicit graph: Graph, authContext: AuthContext): Try[Unit] =
+  override def delete(observable: Observable with Entity)(implicit graph: Graph, authContext: AuthContext): Try[Unit] = {
+    def observableDetail(attachment: Option[Attachment with Entity]): JsObject =
+      JsObject(
+        "dataType" -> JsString(observable.dataType) ::
+          attachment.map { a =>
+            "attachment" -> Json.obj(
+              "name"        -> a.name,
+              "id"          -> a.attachmentId,
+              "size"        -> a.size,
+              "contentType" -> a.contentType,
+              "hashes"      -> a.hashes.map(_.toString)
+            )
+          }.toList ::: observable.data.map(d => "data" -> JsString(d)).toList
+      )
+
     get(observable).alert.headOption match {
       case None =>
         get(observable)
-          .share
+          .project(_.by(_.share).by(_.attachments.option))
           .toIterator
           .toTry {
-            case share if share.owner =>
+            case (share, attachment) if share.owner =>
               get(observable)
                 .shares
                 .toIterator
                 .toTry { share =>
                   auditSrv
                     .observable
-                    .delete(observable, share)
+                    .delete(observable, share, Some(observableDetail(attachment)))
                 }
                 .map(_ => get(observable).remove())
-            case share =>
+            case (share, attachment) =>
               for {
                 organisation <- organisationSrv.current.getOrFail("Organisation")
                 _            <- shareSrv.unshareObservable(observable, organisation)
-                _            <- auditSrv.observable.delete(observable, share)
+                _            <- auditSrv.observable.delete(observable, share, Some(observableDetail(attachment)))
               } yield ()
           }
           .map(_ => ())
       case Some(alert) =>
         get(observable).remove()
         auditSrv.observableInAlert.delete(observable, alert)
     }
+  }
 
   override def update(
       traversal: Traversal.V[Observable],