[Cases] Route: Get all alerts attach to a case

x-pack/plugins/cases/common/api/cases/alerts.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as rt from 'io-ts';
+
+const AlertRt = rt.type({
+  id: rt.string,
+  index: rt.string,
+  attached_at: rt.string,
+});
+
+export const AlertResponseRt = rt.array(AlertRt);
+
+export type AlertResponse = rt.TypeOf<typeof AlertResponseRt>;

x-pack/plugins/cases/common/api/cases/index.ts

@@ -12,3 +12,4 @@ export * from './status';
 export * from './user_actions';
 export * from './sub_case';
 export * from './constants';
+export * from './alerts';

x-pack/plugins/cases/common/constants.ts

@@ -51,6 +51,7 @@ export const CASE_TAGS_URL = `${CASES_URL}/tags`;
 export const CASE_USER_ACTIONS_URL = `${CASE_DETAILS_URL}/user_actions`;
 
 export const CASE_ALERTS_URL = `${CASES_URL}/alerts/{alert_id}`;
+export const CASE_DETAILS_ALERTS_URL = `${CASE_DETAILS_URL}/alerts`;
 
 /**
  * Action routes

x-pack/plugins/cases/server/authorization/index.ts

@@ -184,6 +184,14 @@ export const Operations: Record<ReadOperations | WriteOperations, OperationDetai
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
+  [ReadOperations.GetAlertsAttachedToCase]: {
+    ecsType: EVENT_TYPES.access,
+    name: ACCESS_COMMENT_OPERATION,
+    action: 'case_comment_alerts_attach_to_case',
+    verbs: accessVerbs,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
   // comments operations
   [WriteOperations.CreateComment]: {
     ecsType: EVENT_TYPES.creation,

x-pack/plugins/cases/server/authorization/types.ts

@@ -38,6 +38,7 @@ export enum ReadOperations {
   GetReporters = 'getReporters',
   FindConfigurations = 'findConfigurations',
   GetUserActions = 'getUserActions',
+  GetAlertsAttachedToCase = 'getAlertsAttachedToCase',
 }
 
 /**

x-pack/plugins/cases/server/client/alerts/client.ts

@@ -5,30 +5,11 @@
  * 2.0.
  */
 
-import { CaseStatuses } from '../../../common/api';
-import { AlertInfo } from '../../common';
-import { CasesClientGetAlertsResponse } from './types';
+import { AlertGet, AlertUpdateStatus, CasesClientGetAlertsResponse } from './types';
 import { get } from './get';
 import { updateStatus } from './update_status';
 import { CasesClientArgs } from '../types';
 
-/**
- * Defines the fields necessary to update an alert's status.
- */
-export interface UpdateAlertRequest {
-  id: string;
-  index: string;
-  status: CaseStatuses;
-}
-
-export interface AlertUpdateStatus {
-  alerts: UpdateAlertRequest[];
-}
-
-export interface AlertGet {
-  alertsInfo: AlertInfo[];
-}
-
 export interface AlertSubClient {
   get(args: AlertGet): Promise<CasesClientGetAlertsResponse>;
   updateStatus(args: AlertUpdateStatus): Promise<void>;

x-pack/plugins/cases/server/client/alerts/get.ts

@@ -5,16 +5,11 @@
  * 2.0.
  */
 
-import { AlertInfo } from '../../common';
-import { CasesClientGetAlertsResponse } from './types';
+import { CasesClientGetAlertsResponse, AlertGet } from './types';
 import { CasesClientArgs } from '..';
 
-interface GetParams {
-  alertsInfo: AlertInfo[];
-}
-
 export const get = async (
-  { alertsInfo }: GetParams,
+  { alertsInfo }: AlertGet,
   clientArgs: CasesClientArgs
 ): Promise<CasesClientGetAlertsResponse> => {
   const { alertsService, scopedClusterClient, logger } = clientArgs;

x-pack/plugins/cases/server/client/alerts/types.ts

@@ -5,6 +5,9 @@
  * 2.0.
  */
 
+import { CaseStatuses } from '../../../common/api';
+import { AlertInfo } from '../../common';
+
 interface Alert {
   id: string;
   index: string;
@@ -17,3 +20,20 @@ interface Alert {
 }
 
 export type CasesClientGetAlertsResponse = Alert[];
+
+/**
+ * Defines the fields necessary to update an alert's status.
+ */
+export interface UpdateAlertRequest {
+  id: string;
+  index: string;
+  status: CaseStatuses;
+}
+
+export interface AlertUpdateStatus {
+  alerts: UpdateAlertRequest[];
+}
+
+export interface AlertGet {
+  alertsInfo: AlertInfo[];
+}

x-pack/plugins/cases/server/client/alerts/update_status.ts

@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-import { UpdateAlertRequest } from './client';
 import { CasesClientArgs } from '..';
+import { UpdateAlertRequest } from './types';
 
 interface UpdateAlertsStatusArgs {
   alerts: UpdateAlertRequest[];

x-pack/plugins/cases/server/client/cases/client.ts

@@ -12,6 +12,7 @@ import {
   User,
   AllTagsFindRequest,
   AllReportersFindRequest,
+  AlertResponse,
 } from '../../../common/api';
 import { CasesClient } from '../client';
 import { CasesClientInternal } from '../client_internal';
@@ -30,6 +31,8 @@ import { find } from './find';
 import {
   CaseIDsByAlertIDParams,
   get,
+  getAllAlertsAttachToCase,
+  GetAllAlertsAttachToCase,
   getCaseIDsByAlertID,
   GetParams,
   getReporters,
@@ -82,6 +85,10 @@ export interface CasesSubClient {
    * Retrieves the case IDs given a single alert ID
    */
   getCaseIDsByAlertID(params: CaseIDsByAlertIDParams): Promise<string[]>;
+  /**
+   * Retrieves all alerts attach to a case given a single case ID
+   */
+  getAllAlertsAttachToCase(params: GetAllAlertsAttachToCase): Promise<AlertResponse>;
 }
 
 /**
@@ -105,6 +112,8 @@ export const createCasesSubClient = (
     getReporters: (params: AllReportersFindRequest) => getReporters(params, clientArgs),
     getCaseIDsByAlertID: (params: CaseIDsByAlertIDParams) =>
       getCaseIDsByAlertID(params, clientArgs),
+    getAllAlertsAttachToCase: (params: GetAllAlertsAttachToCase) =>
+      getAllAlertsAttachToCase(params, clientArgs, casesClient),
   };
 
   return Object.freeze(casesSubClient);

x-pack/plugins/cases/server/client/cases/get.ts

@@ -24,15 +24,77 @@ import {
   AllReportersFindRequest,
   CasesByAlertIDRequest,
   CasesByAlertIDRequestRt,
+  AlertResponse,
+  AttributesTypeAlerts,
 } from '../../../common/api';
-import { countAlertsForID, flattenCaseSavedObject } from '../../common';
+import { countAlertsForID, flattenCaseSavedObject, getIDsAndIndicesAsArrays } from '../../common';
 import { createCaseError } from '../../common/error';
 import { ENABLE_CASE_CONNECTOR } from '../../../common/constants';
-import { CasesClientArgs } from '..';
+import { CasesClient, CasesClientArgs } from '..';
 import { Operations } from '../../authorization';
 import { combineAuthorizedAndOwnerFilter } from '../utils';
 import { CasesService } from '../../services';
 
+const normalizeAlertResponse = (alerts: Array<SavedObject<AttributesTypeAlerts>>): AlertResponse =>
+  alerts.reduce((acc: AlertResponse, alert) => {
+    const { ids, indices } = getIDsAndIndicesAsArrays(alert.attributes);
+
+    if (ids.length !== indices.length) {
+      return acc;
+    }
+
+    return [
+      ...acc,
+      ...ids.map((id, index) => ({
+        id,
+        index: indices[index],
+        attached_at: alert.attributes.created_at,
+      })),
+    ];
+  }, []);
+
+export interface GetAllAlertsAttachToCase {
+  caseId: string;
+}
+
+export const getAllAlertsAttachToCase = async (
+  { caseId }: GetAllAlertsAttachToCase,
+  clientArgs: CasesClientArgs,
+  casesClient: CasesClient
+): Promise<AlertResponse> => {
+  const { unsecuredSavedObjectsClient, authorization, caseService } = clientArgs;
+  const theCase = await casesClient.cases.get({
+    id: caseId,
+    includeComments: false,
+    includeSubCaseComments: false,
+  });
+
+  await authorization.ensureAuthorized({
+    entities: [{ owner: theCase.owner, id: caseId }],
+    operation: Operations.getAlertsAttachedToCase,
+  });
+
+  const {
+    filter: authorizationFilter,
+    ensureSavedObjectsAreAuthorized,
+  } = await authorization.getAuthorizationFilter(Operations.getAlertsAttachedToCase);
+
+  const alerts = await caseService.getAllAlertsAttachToCase({
+    unsecuredSavedObjectsClient,
+    caseId: theCase.id,
+    filter: authorizationFilter,
+  });
+
+  ensureSavedObjectsAreAuthorized(
+    alerts.map((alert) => ({
+      owner: alert.attributes.owner,
+      id: alert.id,
+    }))
+  );
+
+  return normalizeAlertResponse(alerts);
+};
+
 /**
  * Parameters for finding cases IDs using an alert ID
  */

x-pack/plugins/cases/server/client/cases/update.ts

@@ -54,7 +54,7 @@ import {
 } from '../../common';
 import { createCaseError } from '../../common/error';
 import { ENABLE_CASE_CONNECTOR } from '../../../common/constants';
-import { UpdateAlertRequest } from '../alerts/client';
+import { UpdateAlertRequest } from '../alerts/types';
 import { CasesClientInternal } from '../client_internal';
 import { CasesClientArgs } from '..';
 import { Operations, OwnerEntity } from '../../authorization';

x-pack/plugins/cases/server/client/mocks.ts

@@ -29,6 +29,7 @@ const createCasesSubClientMock = (): CasesSubClientMock => {
     getTags: jest.fn(),
     getReporters: jest.fn(),
     getCaseIDsByAlertID: jest.fn(),
+    getAllAlertsAttachToCase: jest.fn(),
   };
 };
 

x-pack/plugins/cases/server/client/sub_cases/update.ts

@@ -43,7 +43,7 @@ import {
   flattenSubCaseSavedObject,
 } from '../../common';
 import { createCaseError } from '../../common/error';
-import { UpdateAlertRequest } from '../../client/alerts/client';
+import { UpdateAlertRequest } from '../../client/alerts/types';
 import { CasesClientArgs } from '../types';
 import { CasesClientInternal } from '../client_internal';