#1353 Query: "assignableUsers" of a case

An user is assignable to a case if he has manageCase on it and is in a visible organisation (from current user)

thehive/app/org/thp/thehive/controllers/v1/CaseCtrl.scala

@@ -53,7 +53,9 @@ class CaseCtrl @Inject() (
   )
   override val outputQuery: Query = Query.outputWithContext[RichCase, CaseSteps]((caseSteps, authContext) => caseSteps.richCase(authContext))
   override val extraQueries: Seq[ParamQuery[_]] = Seq(
-    Query[CaseSteps, TaskSteps]("tasks", (caseSteps, authContext) => caseSteps.tasks(authContext))
+    Query[CaseSteps, TaskSteps]("tasks", (caseSteps, authContext) => caseSteps.tasks(authContext)),
+    Query[CaseSteps, ObservableSteps]("observables", (caseSteps, authContext) => caseSteps.observables(authContext)),
+    Query[CaseSteps, UserSteps]("assignableUsers", (caseSteps, authContext) => caseSteps.assignableUsers(authContext))
   )
 
   def create: Action[AnyContent] =

thehive/app/org/thp/thehive/services/CaseSrv.scala

@@ -439,6 +439,9 @@ class CaseSteps(raw: GremlinScala[Vertex])(implicit db: Database, graph: Graph)
 
   def organisations: OrganisationSteps = new OrganisationSteps(raw.inTo[ShareCase].inTo[OrganisationShare])
 
+  def organisations(permission: Permission) =
+    new OrganisationSteps(raw.inTo[ShareCase].filter(_.outTo[ShareProfile].has(Key("permissions") of permission)).inTo[OrganisationShare])
+
   def origin: OrganisationSteps = new OrganisationSteps(raw.inTo[ShareCase].has(Key("owner") of true).inTo[OrganisationShare])
 
   // Warning: this method doesn't generate audit log
@@ -603,6 +606,12 @@ class CaseSteps(raw: GremlinScala[Vertex])(implicit db: Database, graph: Graph)
         .outTo[ShareObservable]
     )
 
+  def assignableUsers(implicit authContext: AuthContext): UserSteps =
+    organisations(Permissions.manageCase)
+      .visible
+      .users(Permissions.manageCase)
+      .dedup
+
   def alert: AlertSteps = new AlertSteps(raw.inTo[AlertCase])
 }