[IMP] Moved endpoints in namespace app.blueprints.rest.v2

dfir-iris · Oct 11, 2024 · cfdc0bb · cfdc0bb
1 parent c3aa44d
commit cfdc0bb
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 51 deletions.
diff --git a/source/app/blueprints/rest/case/case_tasks_routes.py b/source/app/blueprints/rest/case/case_tasks_routes.py
@@ -25,13 +25,8 @@
 
 from app import db
 from app.blueprints.rest.case_comments import case_comment_update
-from app.blueprints.rest.endpoints import response_api_deleted
-from app.blueprints.rest.endpoints import response_api_not_found
 from app.blueprints.rest.endpoints import endpoint_deprecated
-from app.blueprints.rest.endpoints import response_api_error
-from app.blueprints.rest.endpoints import response_api_created
 from app.business.errors import BusinessProcessingError
-from app.business.errors import ObjectNotFoundError
 from app.business.tasks import tasks_delete
 from app.business.tasks import tasks_create
 from app.business.tasks import tasks_get
@@ -46,15 +41,13 @@
 from app.datamgmt.case.case_tasks_db import get_tasks_with_assignees
 from app.datamgmt.case.case_tasks_db import update_task_status
 from app.datamgmt.states import get_tasks_state
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
 from app.iris_engine.module_handler.module_handler import call_modules_hook
 from app.iris_engine.utils.tracker import track_activity
 from app.models.authorization import CaseAccessLevel
 from app.schema.marshables import CaseTaskSchema
 from app.schema.marshables import CommentSchema
 from app.blueprints.access_controls import ac_requires_case_identifier
 from app.blueprints.access_controls import ac_api_requires
-from app.blueprints.access_controls import ac_api_return_access_denied
 from app.blueprints.responses import response_error
 from app.blueprints.responses import response_success
 
@@ -123,20 +116,6 @@ def deprecated_case_add_task(caseid):
         return response_error(e.get_message(), data=e.get_data())
 
 
-@case_tasks_rest_blueprint.route('/api/v2/cases/<int:identifier>/tasks', methods=['POST'])
-@ac_api_requires()
-def case_add_task(identifier):
-    if not ac_fast_check_current_user_has_case_access(identifier, [CaseAccessLevel.full_access]):
-        return ac_api_return_access_denied(caseid=identifier)
-
-    task_schema = CaseTaskSchema()
-    try:
-        _, case = tasks_create(identifier, request.get_json())
-        return response_api_created(task_schema.dump(case))
-    except BusinessProcessingError as e:
-        return response_api_error(e.get_message())
-
-
 @case_tasks_rest_blueprint.route('/case/tasks/<int:cur_id>', methods=['GET'])
 @endpoint_deprecated('GET', '/api/v2/tasks/<int:cur_id>')
 @ac_requires_case_identifier(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
@@ -151,20 +130,6 @@ def deprecated_case_task_view(cur_id, caseid):
     return response_success(data=task_schema.dump(task))
 
 
-@case_tasks_rest_blueprint.route('/api/v2/tasks/<int:identifier>', methods=['GET'])
-@ac_api_requires()
-def case_task_view(identifier):
-    try:
-        task = tasks_get(identifier)
-        if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]):
-            return ac_api_return_access_denied(caseid=task.task_case_id)
-
-        task_schema = CaseTaskSchema()
-        return response_api_created(task_schema.dump(task))
-    except ObjectNotFoundError:
-        return response_api_not_found()
-
-
 @case_tasks_rest_blueprint.route('/case/tasks/update/<int:cur_id>', methods=['POST'])
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
@@ -189,22 +154,6 @@ def deprecated_case_delete_task(cur_id, caseid):
         return response_error(e.get_message())
 
 
-@case_tasks_rest_blueprint.route('/api/v2/tasks/<int:identifier>', methods=['DELETE'])
-@ac_api_requires()
-def case_delete_task(identifier):
-    try:
-        task = tasks_get(identifier)
-        if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.full_access]):
-            return ac_api_return_access_denied(caseid=identifier)
-
-        tasks_delete(task)
-        return response_api_deleted()
-    except ObjectNotFoundError:
-        return response_api_not_found()
-    except BusinessProcessingError as e:
-        return response_api_error(e.get_message())
-
-
 @case_tasks_rest_blueprint.route('/case/tasks/<int:cur_id>/comments/list', methods=['GET'])
 @ac_requires_case_identifier(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
 @ac_api_requires()

diff --git a/source/app/blueprints/rest/v2/case/api_v2_case_tasks_routes.py b/source/app/blueprints/rest/v2/case/api_v2_case_tasks_routes.py
@@ -0,0 +1,83 @@
+#  IRIS Source Code
+#  Copyright (C) 2024 - DFIR-IRIS
+#  contact@dfir-iris.org
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 3 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this program; if not, write to the Free Software Foundation,
+#  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+from flask import Blueprint
+from flask import request
+
+from app.blueprints.rest.endpoints import response_api_deleted
+from app.blueprints.rest.endpoints import response_api_not_found
+from app.blueprints.rest.endpoints import response_api_error
+from app.blueprints.rest.endpoints import response_api_created
+from app.blueprints.access_controls import ac_api_return_access_denied
+from app.blueprints.access_controls import ac_api_requires
+from app.schema.marshables import CaseTaskSchema
+from app.business.errors import ObjectNotFoundError
+from app.business.errors import BusinessProcessingError
+from app.business.tasks import tasks_delete
+from app.business.tasks import tasks_create
+from app.business.tasks import tasks_get
+from app.models.authorization import CaseAccessLevel
+from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+
+api_v2_tasks_blueprint = Blueprint('case_tasks_rest_v2',
+                                   __name__,
+                                   url_prefix='/api/v2')
+
+
+@api_v2_tasks_blueprint.route('/cases/<int:identifier>/tasks', methods=['POST'])
+@ac_api_requires()
+def case_add_task(identifier):
+    if not ac_fast_check_current_user_has_case_access(identifier, [CaseAccessLevel.full_access]):
+        return ac_api_return_access_denied(caseid=identifier)
+
+    task_schema = CaseTaskSchema()
+    try:
+        _, case = tasks_create(identifier, request.get_json())
+        return response_api_created(task_schema.dump(case))
+    except BusinessProcessingError as e:
+        return response_api_error(e.get_message())
+
+
+@api_v2_tasks_blueprint.route('/tasks/<int:identifier>', methods=['GET'])
+@ac_api_requires()
+def case_task_view(identifier):
+    try:
+        task = tasks_get(identifier)
+        if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]):
+            return ac_api_return_access_denied(caseid=task.task_case_id)
+
+        task_schema = CaseTaskSchema()
+        return response_api_created(task_schema.dump(task))
+    except ObjectNotFoundError:
+        return response_api_not_found()
+
+
+@api_v2_tasks_blueprint.route('/tasks/<int:identifier>', methods=['DELETE'])
+@ac_api_requires()
+def case_delete_task(identifier):
+    try:
+        task = tasks_get(identifier)
+        if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.full_access]):
+            return ac_api_return_access_denied(caseid=identifier)
+
+        tasks_delete(task)
+        return response_api_deleted()
+    except ObjectNotFoundError:
+        return response_api_not_found()
+    except BusinessProcessingError as e:
+        return response_api_error(e.get_message())
diff --git a/source/app/views.py b/source/app/views.py
@@ -99,6 +99,7 @@
 from app.blueprints.graphql.graphql_route import graphql_blueprint
 from app.blueprints.rest.v2.case.api_v2_assets_routes import api_v2_assets_blueprint
 from app.blueprints.rest.v2.case.api_v2_ioc_routes import api_v2_ioc_blueprint
+from app.blueprints.rest.v2.case.api_v2_case_tasks_routes import api_v2_tasks_blueprint
 from app.models.authorization import User
 from app.post_init import run_post_init
 
@@ -186,6 +187,7 @@
 
 app.register_blueprint(api_v2_ioc_blueprint)
 app.register_blueprint(api_v2_assets_blueprint)
+app.register_blueprint(api_v2_tasks_blueprint)
 
 try: