Skip to content

Commit

Permalink
[FIX] Api v2 endpoint to delete task was not working anymore
Browse files Browse the repository at this point in the history
  • Loading branch information
c8y3 committed Jan 10, 2025
1 parent 65fd709 commit 05a4060
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 30 deletions.
2 changes: 2 additions & 0 deletions source/app/blueprints/rest/v2/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from app.blueprints.rest.v2.alerts import alerts_bp
from app.blueprints.rest.v2.dashboard import dashboard_bp
from app.blueprints.rest.v2.cases import api_v2_case_blueprint
from app.blueprints.rest.v2.tasks import tasks_blueprint


# Create root /api/v2 blueprint
Expand All @@ -15,3 +16,4 @@
rest_v2_bp.register_blueprint(auth_blueprint)
rest_v2_bp.register_blueprint(alerts_bp)
rest_v2_bp.register_blueprint(dashboard_bp)
rest_v2_bp.register_blueprint(tasks_blueprint)
30 changes: 0 additions & 30 deletions source/app/blueprints/rest/v2/cases/tasks.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
from flask import Blueprint
from flask import request

from app.blueprints.rest.endpoints import response_api_deleted
from app.blueprints.rest.endpoints import response_api_not_found
from app.blueprints.rest.endpoints import response_api_error
from app.blueprints.rest.endpoints import response_api_created
Expand All @@ -28,7 +27,6 @@
from app.schema.marshables import CaseTaskSchema
from app.business.errors import ObjectNotFoundError
from app.business.errors import BusinessProcessingError
from app.business.tasks import tasks_delete
from app.business.tasks import tasks_create
from app.business.tasks import tasks_get
from app.models.authorization import CaseAccessLevel
Expand Down Expand Up @@ -83,31 +81,3 @@ def get_case_task(case_id, identifier):
return response_api_created(task_schema.dump(task))
except ObjectNotFoundError:
return response_api_not_found()


@case_tasks_bp.delete('/<int:identifier>')
@ac_api_requires()
def delete_case_task(case_id, identifier):
"""
Handle deleting a task from a case
Args:
case_id (int): The case ID
identifier (int): The task ID
"""

try:
task = tasks_get(identifier)

if task.task_case_id != case_id:
raise ObjectNotFoundError()

if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.full_access]):
return ac_api_return_access_denied(caseid=identifier)

tasks_delete(task)
return response_api_deleted()
except ObjectNotFoundError:
return response_api_not_found()
except BusinessProcessingError as e:
return response_api_error(e.get_message())
59 changes: 59 additions & 0 deletions source/app/blueprints/rest/v2/tasks.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# IRIS Source Code
# Copyright (C) 2024 - DFIR-IRIS
# [email protected]
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 3 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

from flask import Blueprint

from app.blueprints.rest.endpoints import response_api_not_found
from app.blueprints.rest.endpoints import response_api_deleted
from app.blueprints.rest.endpoints import response_api_error
from app.blueprints.access_controls import ac_api_requires
from app.blueprints.access_controls import ac_api_return_access_denied
from app.business.tasks import tasks_delete
from app.business.tasks import tasks_get
from app.business.errors import ObjectNotFoundError
from app.business.errors import BusinessProcessingError
from app.models.authorization import CaseAccessLevel
from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access


tasks_blueprint = Blueprint('tasks',
__name__,
url_prefix='/tasks')

@tasks_blueprint.delete('/<int:identifier>')
@ac_api_requires()
def delete_case_task(identifier):
"""
Handle deleting a task from a case
Args:
identifier (int): The task identifier
"""

try:
task = tasks_get(identifier)

if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.full_access]):
return ac_api_return_access_denied(caseid=identifier)

tasks_delete(task)
return response_api_deleted()
except ObjectNotFoundError:
return response_api_not_found()
except BusinessProcessingError as e:
return response_api_error(e.get_message())

0 comments on commit 05a4060

Please sign in to comment.