#1606 Refuse to delete case if user is not in owner organisation

TheHive-Project · Mar 17, 2021 · 45c3528 · 45c3528
1 parent 23446ca
commit 45c3528
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/ScalliGraph b/ScalliGraph
diff --git a/thehive/app/org/thp/thehive/services/CaseSrv.scala b/thehive/app/org/thp/thehive/services/CaseSrv.scala
@@ -214,8 +214,9 @@ class CaseSrv @Inject() (
         .flatMap {
           case share if share.owner =>
             get(`case`).shares.toSeq.toTry(s => shareSrv.unshareCase(s._id)).map(_ => get(`case`).remove())
-          case share =>
-            shareSrv.unshareCase(share._id)
+          case _ =>
+            throw BadRequestError("Your organisation must be owner of the case")
+          // shareSrv.unshareCase(share._id)
         }
         .map(_ => auditSrv.`case`.delete(`case`, organisation, Some(details)))
     }
+3 −3		core/src/main/scala/org/thp/scalligraph/controllers/FPath.scala
+35 −30		core/src/main/scala/org/thp/scalligraph/controllers/Fields.scala
+1 −1		database/janusgraph/src/main/scala/org/thp/scalligraph/janus/JanusDatabase.scala