From 7060b6d4e3a5cbf8b2d545b0e0e588cd6dffa88b Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Thu, 12 Nov 2020 08:29:25 +0100
Subject: [PATCH] #1643 Prevent creating a file observable if it already exist
 in the case

---
 .../controllers/v0/ObservableCtrl.scala       |  5 ++++-
 .../org/thp/thehive/services/CaseSrv.scala    | 21 ++++++++++++-------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/thehive/app/org/thp/thehive/controllers/v0/ObservableCtrl.scala b/thehive/app/org/thp/thehive/controllers/v0/ObservableCtrl.scala
index 972b86223d..9fadc80a6a 100644
--- a/thehive/app/org/thp/thehive/controllers/v0/ObservableCtrl.scala
+++ b/thehive/app/org/thp/thehive/controllers/v0/ObservableCtrl.scala
@@ -81,7 +81,10 @@ class ObservableCtrl @Inject() (
                         .fold(
                           e =>
                             successes -> (failures :+ errorHandler.toErrorResult(e)._2 ++ Json
-                              .obj("object" -> Json.obj("attachment" -> Json.obj("name" -> attachment.filename)))),
+                              .obj(
+                                "object" -> Json
+                                  .obj("data" -> s"file:${attachment.filename}", "attachment" -> Json.obj("name" -> attachment.filename))
+                              )),
                           s => (successes :+ s) -> failures
                         )
                     }
diff --git a/thehive/app/org/thp/thehive/services/CaseSrv.scala b/thehive/app/org/thp/thehive/services/CaseSrv.scala
index 710d0f2502..dade050113 100644
--- a/thehive/app/org/thp/thehive/services/CaseSrv.scala
+++ b/thehive/app/org/thp/thehive/services/CaseSrv.scala
@@ -175,13 +175,20 @@ class CaseSrv @Inject() (
       graph: Graph,
       authContext: AuthContext
   ): Try[Unit] = {
-    val alreadyExistInThatCase = observableSrv
-      .get(richObservable.observable)
-      .filteredSimilar
-      .visible
-      .`case`
-      .hasId(`case`._id)
-      .exists || get(`case`).observables.filter(_.hasId(richObservable.observable._id)).exists // FIXME
+    val alreadyExistInThatCase = richObservable
+      .dataOrAttachment
+      .fold(
+        _ =>
+          observableSrv
+            .get(richObservable.observable)
+            .filteredSimilar
+            .visible
+            .`case`
+            .hasId(`case`._id)
+            .exists,
+        attachment => get(`case`).share.observables.attachments.has(_.attachmentId, attachment.attachmentId).exists
+      ) || get(`case`).observables.filter(_.hasId(richObservable.observable._id)).exists
+
     if (alreadyExistInThatCase)
       Failure(CreateError("Observable already exists"))
     else