Added option to have multiple cases filters.

source/app/blueprints/rest/dim_tasks_routes.py

@@ -43,8 +43,8 @@
 
 
 @dim_tasks_rest_blueprint.route('/dim/hooks/call', methods=['POST'])
-@ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
+@ac_requires_case_identifier(CaseAccessLevel.full_access)
 def dim_hooks_call(caseid):
     logs = []
     js_data = request.json

source/app/blueprints/rest/v2/alerts.py

@@ -166,7 +166,12 @@ def create(self):
     def read(self, identifier):
 
         try:
-            alert = alerts_get(iris_current_user, session['permissions'], identifier)
+            alert = alerts_get(
+                iris_current_user,
+                (session.get('permissions') or 0),
+                identifier,
+                fallback_customer_access=ac_current_user_has_customer_access
+            )
             return response_api_success(self._schema.dump(alert))
 
         except ObjectNotFoundError:
@@ -175,12 +180,26 @@ def read(self, identifier):
     def get_related_alerts(self, identifier):
 
         try:
-            alert = alerts_get(iris_current_user, session['permissions'], identifier)
+            alert = alerts_get(
+                iris_current_user,
+                (session.get('permissions') or 0),
+                identifier,
+                fallback_customer_access=ac_current_user_has_customer_access
+            )
 
             open_alerts = request.args.get('open-alerts', 'false').lower() == 'true'
-            open_cases = request.args.get('open-cases', 'false').lower() == 'true'
-            closed_cases = request.args.get('closed-cases', 'false').lower() == 'true'
             closed_alerts = request.args.get('closed-alerts', 'false').lower() == 'true'
+
+            open_cases_arg = request.args.get('open-cases')
+            closed_cases_arg = request.args.get('closed-cases')
+
+            if open_cases_arg is None and closed_cases_arg is None:
+                open_cases = True
+                closed_cases = True
+            else:
+                open_cases = (open_cases_arg or 'false').lower() == 'true'
+                closed_cases = (closed_cases_arg or 'false').lower() == 'true'
+
             days_back = request.args.get('days-back', 180, type=int)
             number_of_results = request.args.get('number-of-nodes', 100, type=int)
 
@@ -189,16 +208,25 @@ def get_related_alerts(self, identifier):
             if days_back < 0:
                 days_back = 180
 
-            similar_alerts = alerts_get_related(iris_current_user, alert, open_alerts, closed_alerts, open_cases,
-                                                closed_cases, days_back, number_of_results)
+            similar_alerts = alerts_get_related(
+                iris_current_user,
+                alert,
+                open_alerts,
+                closed_alerts,
+                open_cases,
+                closed_cases,
+                days_back,
+                number_of_results
+            )
+
             return response_api_success(similar_alerts)
 
         except ObjectNotFoundError:
             return response_api_not_found()
 
     def update(self, identifier):
         try:
-            alert = alerts_get(iris_current_user, session['permissions'], identifier)
+            alert = alerts_get(iris_current_user, (session.get('permissions') or 0), identifier)
             request_data = request.get_json()
             updated_alert = self._schema.load(request_data, instance=alert, partial=True)
             activity_data = []
@@ -232,7 +260,12 @@ def update(self, identifier):
 
     def delete(self, identifier):
         try:
-            alert = alerts_get(iris_current_user, session['permissions'], identifier)
+            alert = alerts_get(
+                iris_current_user,
+                (session.get('permissions') or 0),
+                identifier,
+                fallback_customer_access=ac_current_user_has_customer_access
+            )
             alerts_delete(alert)
             return response_api_deleted()
 
@@ -276,7 +309,7 @@ def delete_alert(identifier):
     return alerts_operations.delete(identifier)
 
 
-@alerts_blueprint.get('<int:identifier>/related-alerts')
+@alerts_blueprint.get('/<int:identifier>/related-alerts')
 @ac_api_requires(Permissions.alerts_read)
 def get_related_alerts(identifier):
     return alerts_operations.get_related_alerts(identifier)

source/app/blueprints/rest/v2/alerts_filters.py

@@ -1,21 +1,3 @@
-#  IRIS Source Code
-#  Copyright (C) 2024 - DFIR-IRIS
-#  contact@dfir-iris.org
-#
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU Lesser General Public
-#  License as published by the Free Software Foundation; either
-#  version 3 of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-#  Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this program; if not, write to the Free Software Foundation,
-#  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 from flask import Blueprint
 from flask import request
 from marshmallow import ValidationError
@@ -36,11 +18,13 @@
 from app.business.alerts_filters import alert_filter_get
 from app.business.alerts_filters import alert_filter_update
 from app.business.alerts_filters import alert_filter_delete
+from app.business.alerts_filters import alert_filter_list
 
 
 class AlertsFiltersOperations:
     def __init__(self):
         self._schema = SavedFilterSchema()
+        self._schema_many = SavedFilterSchema(many=True)
 
     def _load(self, request_data, **kwargs):
         return self._schema.load(request_data, **kwargs)
@@ -60,6 +44,21 @@ def create(self):
         except BusinessProcessingError as e:
             return response_api_error(e.get_message(), data=e.get_data())
 
+    def list(self):
+        try:
+            filter_type = request.args.get("filter_type", "alerts")
+            include_public = request.args.get("include_public", "1") == "1"
+
+            items = alert_filter_list(
+                iris_current_user,
+                filter_type=filter_type,
+                include_public=include_public
+            )
+            return response_api_success(self._schema_many.dump(items))
+
+        except BusinessProcessingError as e:
+            return response_api_error(e.get_message(), data=e.get_data())
+
     def get(self, identifier):
         try:
             saved_filter = alert_filter_get(iris_current_user, identifier)
@@ -117,6 +116,12 @@ def create_alert_filter():
     return alerts_filters_operations.create()
 
 
+@alerts_filters_blueprint.get("")
+@ac_api_requires()
+def list_alert_filters():
+    return alerts_filters_operations.list()
+
+
 @alerts_filters_blueprint.get("/<int:identifier>")
 @ac_api_requires()
 def get_alert_filter(identifier):

source/app/blueprints/rest/v2/alerts_routes/comments.py

@@ -51,15 +51,15 @@ def __init__(self):
     def search(self, alert_identifier):
         pagination_parameters = parse_pagination_parameters(request)
         try:
-            comments = comments_get_filtered_by_alert(iris_current_user, session['permissions'], alert_identifier, pagination_parameters)
+            comments = comments_get_filtered_by_alert(iris_current_user, (session.get('permissions') or 0), alert_identifier, pagination_parameters)
             return response_api_paginated(self._schema, comments)
         except ObjectNotFoundError:
             return response_api_not_found()
 
     def create(self, alert_identifier):
         try:
             comment = self._schema.load(request.get_json())
-            comments_create_for_alert(iris_current_user, session['permissions'], comment, alert_identifier)
+            comments_create_for_alert(iris_current_user, (session.get('permissions') or 0), comment, alert_identifier)
             result = self._schema.dump(comment)
             return response_api_created(result)
         except ValidationError as e:
@@ -69,7 +69,7 @@ def create(self, alert_identifier):
 
     def read(self, alert_identifier, identifier):
         try:
-            alert = alerts_get(iris_current_user, session['permissions'], alert_identifier)
+            alert = alerts_get(iris_current_user, (session.get('permissions') or 0), alert_identifier)
             comment = comments_get_for_alert(alert, identifier)
             result = self._schema.dump(comment)
             return response_api_success(result)
@@ -79,13 +79,13 @@ def read(self, alert_identifier, identifier):
             return response_api_not_found()
 
     def update(self, alert_identifier, identifier):
-        if not alerts_exists(iris_current_user, session['permissions'], alert_identifier):
+        if not alerts_exists(iris_current_user, (session.get('permissions') or 0), alert_identifier):
             return response_api_not_found()
         return case_comment_update(identifier, 'events', None)
 
     def delete(self, alert_identifier, identifier):
         try:
-            alert = alerts_get(iris_current_user, session['permissions'], alert_identifier)
+            alert = alerts_get(iris_current_user, (session.get('permissions') or 0), alert_identifier)
             comment = comments_get_for_alert(alert, identifier)
             if comment.comment_user_id != iris_current_user.id:
                 return ac_api_return_access_denied()