Improve error message when entity is not found

cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/ActionCtrl.scala

@@ -37,11 +37,11 @@ class ActionCtrl @Inject() (
   implicit val entityWrites: OWrites[Entity] = OWrites[Entity] { entity =>
     db.roTransaction { implicit graph =>
         entity match {
-          case c: Case       => caseSrv.get(c).richCaseWithoutPerms.getOrFail().map(_.toJson.as[JsObject])
-          case t: Task       => taskSrv.get(t).richTask.getOrFail().map(_.toJson.as[JsObject])
-          case o: Observable => observableSrv.get(o).richObservable.getOrFail().map(_.toJson.as[JsObject])
-          case l: Log        => logSrv.get(l).richLog.getOrFail().map(_.toJson.as[JsObject])
-          case a: Alert      => alertSrv.get(a).richAlert.getOrFail().map(_.toJson.as[JsObject])
+          case c: Case       => caseSrv.get(c).richCaseWithoutPerms.getOrFail("Case").map(_.toJson.as[JsObject])
+          case t: Task       => taskSrv.get(t).richTask.getOrFail("Task").map(_.toJson.as[JsObject])
+          case o: Observable => observableSrv.get(o).richObservable.getOrFail("Observable").map(_.toJson.as[JsObject])
+          case l: Log        => logSrv.get(l).richLog.getOrFail("Log").map(_.toJson.as[JsObject])
+          case a: Alert      => alertSrv.get(a).richAlert.getOrFail("Alert").map(_.toJson.as[JsObject])
         }
       }
       .getOrElse(Json.obj("_type" -> entity._model.label, "_id" -> entity._id))

cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/JobCtrl.scala

@@ -69,8 +69,8 @@ class JobCtrl @Inject() (
           db.roTransaction { implicit graph =>
               val artifactId: String = request.body("artifactId")
               for {
-                o <- observableSrv.getByIds(artifactId).richObservable.getOrFail()
-                c <- observableSrv.getByIds(artifactId).`case`.getOrFail()
+                o <- observableSrv.getByIds(artifactId).richObservable.getOrFail("Observable")
+                c <- observableSrv.getByIds(artifactId).`case`.getOrFail("Case")
               } yield (o, c)
             }
             .fold(error => errorHandler.onServerError(request, error), {

cortex/connector/src/test/scala/org/thp/thehive/connector/cortex/controllers/v0/JobCtrlTest.scala

@@ -28,7 +28,7 @@ class JobCtrlTest extends PlaySpecification with TestAppBuilder {
   "job controller" should {
     "get a job" in testApp { app =>
       val observable = app[Database].roTransaction { implicit graph =>
-        app[ObservableSrv].initSteps.has("message", "Some weird domain").getOrFail().get
+        app[ObservableSrv].initSteps.has("message", "Some weird domain").getOrFail("Observable").get
       }
 
       val requestSearch = FakeRequest("POST", s"/api/connector/cortex/job/_search?range=0-200&sort=-startDate")

cortex/connector/src/test/scala/org/thp/thehive/connector/cortex/services/EntityHelperTest.scala

@@ -17,7 +17,7 @@ class EntityHelperTest extends PlaySpecification with TestAppBuilder {
     "return task info" in testApp { app =>
       app[Database].roTransaction { implicit graph =>
         for {
-          task              <- app[TaskSrv].initSteps.has("title", "case 1 task 1").getOrFail()
+          task              <- app[TaskSrv].initSteps.has("title", "case 1 task 1").getOrFail("Task")
           (title, tlp, pap) <- app[EntityHelper].entityInfo(task)
         } yield (title, tlp, pap)
       } must beASuccessfulTry.which {
@@ -31,7 +31,7 @@ class EntityHelperTest extends PlaySpecification with TestAppBuilder {
     "return observable info" in testApp { app =>
       app[Database].roTransaction { implicit graph =>
         for {
-          observable        <- app[ObservableSrv].initSteps.has("message", "Some weird domain").getOrFail()
+          observable        <- app[ObservableSrv].initSteps.has("message", "Some weird domain").getOrFail("Observable")
           (title, tlp, pap) <- app[EntityHelper].entityInfo(observable)
         } yield (title, tlp, pap)
       } must beASuccessfulTry.which {
@@ -45,7 +45,7 @@ class EntityHelperTest extends PlaySpecification with TestAppBuilder {
     "find a manageable entity only (task)" in testApp { app =>
       app[Database].roTransaction { implicit graph =>
         for {
-          task <- app[TaskSrv].initSteps.has("title", "case 1 task 1").getOrFail()
+          task <- app[TaskSrv].initSteps.has("title", "case 1 task 1").getOrFail("Task")
           t    <- app[EntityHelper].get("Task", task._id, Permissions.manageAction)
         } yield t
       } must beSuccessfulTry

cortex/connector/src/test/scala/org/thp/thehive/connector/cortex/services/JobSrvTest.scala

@@ -53,7 +53,7 @@ class JobSrvTest extends PlaySpecification with TestAppBuilder {
 
       val createdJobTry = app[Database].tryTransaction { implicit graph =>
         for {
-          observable <- app[ObservableSrv].initSteps.has("message", "hello world").getOrFail()
+          observable <- app[ObservableSrv].initSteps.has("message", "hello world").getOrFail("Observable")
           createdJob <- app[JobSrv].create(job, observable)
         } yield createdJob
       }
@@ -71,9 +71,9 @@ class JobSrvTest extends PlaySpecification with TestAppBuilder {
           }
 
           for {
-            audit        <- app[AuditSrv].initSteps.has("objectId", updatedJob._id).getOrFail()
-            organisation <- app[OrganisationSrv].get("cert").getOrFail()
-            user         <- app[UserSrv].initSteps.getByName("[email protected]").getOrFail()
+            audit        <- app[AuditSrv].initSteps.has("objectId", updatedJob._id).getOrFail("Audit")
+            organisation <- app[OrganisationSrv].get("cert").getOrFail("Organisation")
+            user         <- app[UserSrv].initSteps.getByName("[email protected]").getOrFail("User")
           } yield new JobFinished().filter(audit, Some(updatedJob), organisation, Some(user))
         } must beASuccessfulTry(true)
       }
@@ -82,7 +82,7 @@ class JobSrvTest extends PlaySpecification with TestAppBuilder {
     "submit a job" in testApp { app =>
       val x = for {
         observable <- app[Database].roTransaction { implicit graph =>
-          app[ObservableSrv].initSteps.has("message", "Some weird domain").richObservable.getOrFail()
+          app[ObservableSrv].initSteps.has("message", "Some weird domain").richObservable.getOrFail("Observable")
         }
         case0 <- app[Database].roTransaction { implicit graph =>
           app[CaseSrv].getOrFail("#1")

misp/connector/src/main/scala/org/thp/thehive/connector/misp/controllers/v0/MispCtrl.scala

@@ -40,7 +40,7 @@ class MispCtrl @Inject() (
           c <- Future.fromTry(db.roTransaction { implicit graph =>
             caseSrv
               .get(caseIdOrNumber)
-              .getOrFail()
+              .getOrFail("Case")
           })
           _ <- mispExportSrv.export(mispId, c)
         } yield Results.NoContent

misp/connector/src/test/scala/org/thp/thehive/connector/misp/services/MispImportSrvTest.scala

@@ -74,7 +74,7 @@ class MispImportSrvTest(implicit ec: ExecutionContext) extends PlaySpecification
       await(app[MispImportSrv].syncMispEvents(app[TheHiveMispClient])(authContext))(1.minute)
 
       app[Database].roTransaction { implicit graph =>
-        app[AlertSrv].initSteps.getBySourceId("misp", "ORGNAME", "1").getOrFail()
+        app[AlertSrv].initSteps.getBySourceId("misp", "ORGNAME", "1").getOrFail("Alert")
       } must beSuccessfulTry(
         Alert(
           `type` = "misp",

thehive/app/org/thp/thehive/controllers/v0/AlertCtrl.scala

@@ -12,7 +12,7 @@ import org.thp.scalligraph.query.{ParamQuery, PropertyUpdater, PublicProperty, Q
 import org.thp.scalligraph.services._
 import org.thp.scalligraph.steps.StepsOps._
 import org.thp.scalligraph.steps.{PagedResult, Traversal}
-import org.thp.scalligraph.{InvalidFormatAttributeError, RichJMap, RichSeq}
+import org.thp.scalligraph.{AuthorizationError, InvalidFormatAttributeError, RichJMap, RichSeq}
 import org.thp.thehive.controllers.v0.Conversion._
 import org.thp.thehive.dto.v0.{InputAlert, InputObservable, OutputSimilarCase}
 import org.thp.thehive.models._
@@ -87,7 +87,11 @@ class AlertCtrl @Inject() (
         val customFields                      = inputAlert.customFields.map(c => c.name -> c.value).toMap
         val caseTemplate                      = caseTemplateName.flatMap(caseTemplateSrv.get(_).visible.headOption())
         for {
-          organisation    <- userSrv.current.organisations(Permissions.manageAlert).get(request.organisation).getOrFail()
+          organisation <- userSrv
+            .current
+            .organisations(Permissions.manageAlert)
+            .get(request.organisation)
+            .orFail(AuthorizationError("Operation not permitted"))
           richObservables <- observables.toTry(createObservable).map(_.flatten)
           richAlert       <- alertSrv.create(request.body("alert").toAlert, organisation, inputAlert.tags, customFields, caseTemplate)
           _               <- auditSrv.mergeAudits(richObservables.toTry(o => alertSrv.addObservable(richAlert.alert, o)))(_ => Success(()))

thehive/app/org/thp/thehive/controllers/v0/AttachmentCtrl.scala

@@ -34,7 +34,7 @@ class AttachmentCtrl @Inject() (entrypoint: Entrypoint, appConfig: ApplicationCo
           attachmentSrv
             .get(id)
             .visible
-            .getOrFail()
+            .getOrFail("Attachment")
             .filter(attachmentSrv.exists)
             .map { attachment =>
               Result(
@@ -62,7 +62,7 @@ class AttachmentCtrl @Inject() (entrypoint: Entrypoint, appConfig: ApplicationCo
           attachmentSrv
             .get(id)
             .visible
-            .getOrFail()
+            .getOrFail("Attachment")
             .filter(attachmentSrv.exists)
             .flatMap { attachment =>
               Try {

thehive/app/org/thp/thehive/controllers/v0/CaseCtrl.scala

@@ -70,9 +70,13 @@ class CaseCtrl @Inject() (
         val inputTasks: Seq[InputTask]       = request.body("tasks")
         val customFields                     = inputCase.customFields.map(c => c.name -> c.value).toMap
         for {
-          organisation <- userSrv.current.organisations(Permissions.manageCase).get(request.organisation).getOrFail()
-          caseTemplate <- caseTemplateName.map(caseTemplateSrv.get(_).visible.richCaseTemplate.getOrFail()).flip
-          user         <- inputCase.user.map(userSrv.get(_).visible.getOrFail()).flip
+          organisation <- userSrv
+            .current
+            .organisations(Permissions.manageCase)
+            .get(request.organisation)
+            .orFail(AuthorizationError("Operation not permitted"))
+          caseTemplate <- caseTemplateName.map(caseTemplateSrv.get(_).visible.richCaseTemplate.getOrFail("CaseTemplate")).flip
+          user         <- inputCase.user.map(userSrv.get(_).visible.getOrFail("User")).flip
           tags         <- inputCase.tags.toTry(tagSrv.getOrCreate)
           tasks        <- inputTasks.toTry(t => t.owner.map(userSrv.getOrFail).flip.map(owner => t.toTask -> owner))
           richCase <- caseSrv.create(

thehive/app/org/thp/thehive/controllers/v0/CustomFieldCtrl.scala

@@ -40,7 +40,7 @@ class CustomFieldCtrl @Inject() (entrypoint: Entrypoint, db: Database, propertie
   def get(id: String): Action[AnyContent] =
     entrypoint("get custom field")
       .authRoTransaction(db) { _ => implicit graph =>
-        customFieldSrv.get(id).getOrFail().map(cf => Results.Ok(cf.toJson))
+        customFieldSrv.get(id).getOrFail("CustomField").map(cf => Results.Ok(cf.toJson))
       }
 
   def delete(id: String): Action[AnyContent] =
@@ -62,7 +62,7 @@ class CustomFieldCtrl @Inject() (entrypoint: Entrypoint, db: Database, propertie
 
         for {
           updated <- customFieldSrv.update(customFieldSrv.get(id), propertyUpdaters)
-          cf      <- updated._1.getOrFail()
+          cf      <- updated._1.getOrFail("CustomField")
         } yield Results.Ok(cf.toJson)
       }
 

thehive/app/org/thp/thehive/controllers/v0/ListCtrl.scala

@@ -85,7 +85,7 @@ class ListCtrl @Inject() (entrypoint: Entrypoint, db: Database, customFieldSrv:
             customFieldSrv
               .initSteps
               .get(v)
-              .getOrFail()
+              .getOrFail("CustomField")
               .map(f => Results.Conflict(Json.obj("found" -> f.toJson)))
               .orElse(Success(Results.Ok))
           case _ => Success(Results.Locked(""))

thehive/app/org/thp/thehive/controllers/v0/ObservableCtrl.scala

@@ -66,7 +66,7 @@ class ObservableCtrl @Inject() (
           case0 <- caseSrv
             .get(caseId)
             .can(Permissions.manageObservable)
-            .getOrFail()
+            .orFail(AuthorizationError("Operation not permitted"))
           observableType <- observableTypeSrv.getOrFail(inputObservable.dataType)
           observablesWithData <- inputObservable
             .data
@@ -90,7 +90,7 @@ class ObservableCtrl @Inject() (
           .getByIds(observableId)
           .visible
           .richObservable
-          .getOrFail()
+          .getOrFail("Observable")
           .map { observable =>
             Results.Ok(observable.toJson)
           }
@@ -145,7 +145,7 @@ class ObservableCtrl @Inject() (
           observable <- observableSrv
             .getByIds(obsId)
             .can(Permissions.manageObservable)
-            .getOrFail()
+            .getOrFail("Observable")
           _ <- observableSrv.cascadeRemove(observable)
         } yield Results.NoContent
       }

thehive/app/org/thp/thehive/controllers/v0/ObservableTypeCtrl.scala

@@ -38,7 +38,7 @@ class ObservableTypeCtrl @Inject() (
   def get(idOrName: String): Action[AnyContent] = entrypoint("get observable type").authRoTransaction(db) { _ => implicit graph =>
     observableTypeSrv
       .get(idOrName)
-      .getOrFail()
+      .getOrFail("Observable")
       .map(ot => Results.Ok(ot.toJson))
   }
 

thehive/app/org/thp/thehive/controllers/v0/OrganisationCtrl.scala

@@ -64,7 +64,7 @@ class OrganisationCtrl @Inject() (
           .get(organisationId)
           .visible
           .richOrganisation
-          .getOrFail()
+          .getOrFail("Organisation")
           .map(organisation => Results.Ok(organisation.toJson))
       }
 

thehive/app/org/thp/thehive/controllers/v0/ProfileCtrl.scala

@@ -65,7 +65,7 @@ class ProfileCtrl @Inject() (entrypoint: Entrypoint, db: Database, properties: P
         if (request.isPermitted(Permissions.manageProfile)) {
           profileSrv
             .update(_.get(profileId), propertyUpdaters)
-            .flatMap { case (profileSteps, _) => profileSteps.getOrFail() }
+            .flatMap { case (profileSteps, _) => profileSteps.getOrFail("Profile") }
             .map(profile => Results.Ok(profile.toJson))
         } else
           Failure(AuthorizationError("You don't have permission to update profiles"))