dfir-iris / iris-web

Collaborative Incident Response platform
GNU Lesser General Public License v3.0
1.08k stars 185 forks source link

[FR] REST API v2.1.0: GET /api/v2/cases/{identifier}/iocs #537

Open Elise17 opened 4 months ago

Elise17 commented 4 months ago

This issue is about the implementation of the first iocs endpoint:

The tasks are the following:

Create a test :

This is the previous endpoint which should be deprecated:

In the web interface:

c8y3 commented 3 months ago

Things that need to be completed:

c8y3 commented 2 months ago
c8y3 commented 2 months ago

Architecture hint and reflexion: for the IOC delete in the new API, since the case identifier is not present on the request, the case access permission check can only be done in the business level, after the ioc is retrieved. This hints that, maybe, the permission checks (or at least the case accesses checks?) should all be done at this level... Think about it...

Actually we should decide on which layer we want to do it, then it will have an impact on the business API.

c8y3 commented 2 months ago

In the end, I removed all permission checks out of business and put them in the blueprint layer. This has an impact on the signature of some methods in the business layer. But the end-result seems quite acceptable. I added the information about this choice in the architecture.md file.

c8y3 commented 2 months ago

Here are the things remaining to do to update the documentation: