From aaf62c7610c426befa4e8e22ecf5304eb20d232f Mon Sep 17 00:00:00 2001 From: To-om Date: Mon, 8 Nov 2021 09:52:02 +0100 Subject: [PATCH] #2238 Add API to link alert and case after a broken migration from TH3 --- .../thehive/controllers/v1/AlertCtrl.scala | 23 +++++++++++++++++-- .../thp/thehive/controllers/v1/Router.scala | 1 + 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/thehive/app/org/thp/thehive/controllers/v1/AlertCtrl.scala b/thehive/app/org/thp/thehive/controllers/v1/AlertCtrl.scala index ecd6ed2077..c520f10cde 100644 --- a/thehive/app/org/thp/thehive/controllers/v1/AlertCtrl.scala +++ b/thehive/app/org/thp/thehive/controllers/v1/AlertCtrl.scala @@ -5,7 +5,7 @@ import org.thp.scalligraph.models.Database import org.thp.scalligraph.query._ import org.thp.scalligraph.traversal.TraversalOps._ import org.thp.scalligraph.traversal.{Converter, IteratorOutput, Traversal} -import org.thp.scalligraph.{EntityIdOrName, RichOptionTry} +import org.thp.scalligraph.{BadRequestError, EntityIdOrName, EntityName, RichOptionTry} import org.thp.thehive.controllers.v1.Conversion._ import org.thp.thehive.dto.v1.{InputAlert, InputCustomFieldValue} import org.thp.thehive.models._ @@ -19,7 +19,7 @@ import play.api.mvc.{Action, AnyContent, Results} import java.util.{Map => JMap} import javax.inject.{Inject, Singleton} import scala.reflect.runtime.{universe => ru} -import scala.util.Success +import scala.util.{Failure, Success} case class SimilarCaseFilter() @Singleton @@ -27,6 +27,7 @@ class AlertCtrl @Inject() ( entrypoint: Entrypoint, properties: Properties, alertSrv: AlertSrv, + caseSrv: CaseSrv, caseTemplateSrv: CaseTemplateSrv, userSrv: UserSrv, organisationSrv: OrganisationSrv, @@ -211,4 +212,22 @@ class AlertCtrl @Inject() ( Results.NoContent } } + + def fixCaseLink: Action[AnyContent] = + entrypoint("fix link between case and alert") + .extract("alertName", FieldsParser.string.on("alertName")) + .extract("caseNumber", FieldsParser.string.on("caseNumber")) + .extract("organisation", FieldsParser.string.on("organisation")) + .authPermittedTransaction(db, Permissions.managePlatform) { implicit request => implicit graph => + val alertName: String = request.body("alertName") + val caseNumber: String = request.body("caseNumber") + val organisation: String = request.body("organisation") + for { + organisation <- organisationSrv.getOrFail(EntityIdOrName(organisation)) + alert <- alertSrv.startTraversal.has(_.organisationId, organisation._id).get(EntityName(alertName)).getOrFail("Alert") + _ <- if (alertSrv.get(alert).`case`.exists) Failure(BadRequestError("The alert is already linked to a case")) else Success(()) + c <- caseSrv.getOrFail(EntityName(caseNumber)) + _ <- alertSrv.alertCaseSrv.create(AlertCase(), alert, c) + } yield Results.NoContent + } } diff --git a/thehive/app/org/thp/thehive/controllers/v1/Router.scala b/thehive/app/org/thp/thehive/controllers/v1/Router.scala index 0b98838365..f3c8b9cd0c 100644 --- a/thehive/app/org/thp/thehive/controllers/v1/Router.scala +++ b/thehive/app/org/thp/thehive/controllers/v1/Router.scala @@ -140,6 +140,7 @@ class Router @Inject() ( case POST(p"/alert/$alertId/follow") => alertCtrl.followAlert(alertId) case POST(p"/alert/$alertId/unfollow") => alertCtrl.unfollowAlert(alertId) case POST(p"/alert/$alertId/case") => alertCtrl.createCase(alertId) + case POST(p"/alert/fixCaseLink") => alertCtrl.fixCaseLink // PATCH /alert/_bulk controllers.AlertCtrl.bulkUpdate() // DELETE /alert/:alertId controllers.AlertCtrl.delete(alertId) // POST /alert/:alertId/merge/:caseId controllers.AlertCtrl.mergeWithCase(alertId, caseId)