diff --git a/source/app/blueprints/rest/v2/cases/tasks.py b/source/app/blueprints/rest/v2/cases/tasks.py index e5eb1dfcf..e9d3dba08 100644 --- a/source/app/blueprints/rest/v2/cases/tasks.py +++ b/source/app/blueprints/rest/v2/cases/tasks.py @@ -19,16 +19,13 @@ from flask import Blueprint from flask import request -from app.blueprints.rest.endpoints import response_api_not_found from app.blueprints.rest.endpoints import response_api_error from app.blueprints.rest.endpoints import response_api_created from app.blueprints.access_controls import ac_api_return_access_denied from app.blueprints.access_controls import ac_api_requires from app.schema.marshables import CaseTaskSchema -from app.business.errors import ObjectNotFoundError from app.business.errors import BusinessProcessingError from app.business.tasks import tasks_create -from app.business.tasks import tasks_get from app.models.authorization import CaseAccessLevel from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access @@ -55,29 +52,3 @@ def add_case_task(case_id): return response_api_created(task_schema.dump(case)) except BusinessProcessingError as e: return response_api_error(e.get_message()) - - -@case_tasks_bp.get('/') -@ac_api_requires() -def get_case_task(case_id, identifier): - """ - Handles getting a task from a case. - - Args: - case_id (int): The case ID - identifier (int): The task ID - """ - - try: - task = tasks_get(identifier) - - if task.task_case_id != case_id: - raise ObjectNotFoundError() - - if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]): - return ac_api_return_access_denied(caseid=task.task_case_id) - - task_schema = CaseTaskSchema() - return response_api_created(task_schema.dump(task)) - except ObjectNotFoundError: - return response_api_not_found() diff --git a/source/app/blueprints/rest/v2/tasks.py b/source/app/blueprints/rest/v2/tasks.py index 9300f06bc..4305276f7 100644 --- a/source/app/blueprints/rest/v2/tasks.py +++ b/source/app/blueprints/rest/v2/tasks.py @@ -19,6 +19,7 @@ from flask import Blueprint from app.blueprints.rest.endpoints import response_api_not_found +from app.blueprints.rest.endpoints import response_api_created from app.blueprints.rest.endpoints import response_api_deleted from app.blueprints.rest.endpoints import response_api_error from app.blueprints.access_controls import ac_api_requires @@ -28,6 +29,7 @@ from app.business.errors import ObjectNotFoundError from app.business.errors import BusinessProcessingError from app.models.authorization import CaseAccessLevel +from app.schema.marshables import CaseTaskSchema from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access @@ -35,15 +37,27 @@ __name__, url_prefix='/tasks') + +@tasks_blueprint.get('/') +@ac_api_requires() +def get_case_task(identifier): + + try: + task = tasks_get(identifier) + + if not ac_fast_check_current_user_has_case_access(task.task_case_id, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]): + return ac_api_return_access_denied(caseid=task.task_case_id) + + task_schema = CaseTaskSchema() + # TODO should be response_api_success => add a test + return response_api_created(task_schema.dump(task)) + except ObjectNotFoundError: + return response_api_not_found() + + @tasks_blueprint.delete('/') @ac_api_requires() def delete_case_task(identifier): - """ - Handle deleting a task from a case - - Args: - identifier (int): The task identifier - """ try: task = tasks_get(identifier)