elastic · jonathan-buttner · Apr 10, 2023 · Mar 21, 2023 · Mar 22, 2023 · Mar 23, 2023
@@ -105,5 +105,5 @@ export interface FindFileArgs extends Pagination {
   /**
    * File metadata values. These values are governed by the consumer.
    */
-  meta?: Record<string, string>;
+  meta?: Record<string, string | string[]>;
 }
@@ -21,6 +21,7 @@ import {
   INTERNAL_CONNECTORS_URL,
   INTERNAL_CASE_USERS_URL,
   INTERNAL_DELETE_FILE_ATTACHMENTS_URL,
+  CASE_FIND_ATTACHMENTS_URL,
 } from '../constants';
 
 export const getCaseDetailsUrl = (id: string): string => {
@@ -39,6 +40,10 @@ export const getCaseCommentDetailsUrl = (caseId: string, commentId: string): str
   return CASE_COMMENT_DETAILS_URL.replace('{case_id}', caseId).replace('{comment_id}', commentId);
 };
 
+export const getCaseFindAttachmentsUrl = (caseId: string): string => {
+  return CASE_FIND_ATTACHMENTS_URL.replace('{case_id}', caseId);
+};
+
 export const getCaseCommentDeleteUrl = (caseId: string, commentId: string): string => {
   return CASE_COMMENT_DELETE_URL.replace('{case_id}', caseId).replace('{comment_id}', commentId);
 };

@@ -47,6 +47,7 @@ export const CASE_CONFIGURE_DETAILS_URL = `${CASES_URL}/configure/{configuration
 export const CASE_CONFIGURE_CONNECTORS_URL = `${CASE_CONFIGURE_URL}/connectors` as const;
 
 export const CASE_COMMENTS_URL = `${CASE_DETAILS_URL}/comments` as const;
+export const CASE_FIND_ATTACHMENTS_URL = `${CASE_COMMENTS_URL}/_find` as const;
 export const CASE_COMMENT_DETAILS_URL = `${CASE_DETAILS_URL}/comments/{comment_id}` as const;
 export const CASE_COMMENT_DELETE_URL = `${CASE_DETAILS_URL}/comments/{comment_id}` as const;
 export const CASE_PUSH_URL = `${CASE_DETAILS_URL}/connector/{connector_id}/_push` as const;
@@ -94,6 +95,11 @@ export const CONNECTORS_URL = `${ACTION_URL}/connectors` as const;
  */
 export const MAX_ALERTS_PER_CASE = 1000 as const;
 
+/**
+ * Requests
+ */
+export const MAX_DELETE_CASE_IDS = 100 as const;
+
 /**
  * Searching
  */

@@ -18,7 +18,7 @@ export const CaseFileMetadataForDeletionRt = rt.type({
   caseIds: rt.array(rt.string),
 });
 
-export type CaseFileMetadata = rt.TypeOf<typeof CaseFileMetadataForDeletionRt>;
+export type CaseFileMetadataForDeletion = rt.TypeOf<typeof CaseFileMetadataForDeletionRt>;
 
 const FILE_KIND_DELIMITER = 'FilesCases';
 

@@ -12,18 +12,18 @@ import { identity } from 'fp-ts/lib/function';
 
 import pMap from 'p-map';
 import { partition } from 'lodash';
-import type { File } from '@kbn/files-plugin/common';
+import type { File, FileJSON } from '@kbn/files-plugin/common';
 import type { FileServiceStart } from '@kbn/files-plugin/server';
 import { FileNotFoundError } from '@kbn/files-plugin/server/file_service/errors';
 import { BulkDeleteFileAttachmentsRequestRt, excess, throwErrors } from '../../../common/api';
 import { MAX_CONCURRENT_SEARCHES } from '../../../common/constants';
 import type { CasesClientArgs } from '../types';
 import { createCaseError } from '../../common/error';
-import type { OwnerEntity } from '../../authorization';
 import { Operations } from '../../authorization';
 import type { BulkDeleteFileArgs } from './types';
-import { constructOwnerFromFileKind, CaseFileMetadataForDeletionRt } from '../../../common/files';
+import { CaseFileMetadataForDeletionRt } from '../../../common/files';
 import type { CasesClient } from '../client';
+import { createFileEntities, deleteFiles } from '../files';
 
 export const bulkDeleteFileAttachments = async (
   { caseId, fileIds }: BulkDeleteFileArgs,
@@ -67,9 +67,7 @@ export const bulkDeleteFileAttachments = async (
     });
 
     await Promise.all([
-      pMap(request.ids, async (fileId: string) => fileService.delete({ id: fileId }), {
-        concurrency: MAX_CONCURRENT_SEARCHES,
-      }),
+      deleteFiles(request.ids, fileService),
       attachmentService.bulkDelete({
         attachmentIds: fileAttachments.map((so) => so.id),
         refresh: false,
@@ -117,7 +115,7 @@ const getFiles = async (
   caseId: BulkDeleteFileArgs['caseId'],
   fileIds: BulkDeleteFileArgs['fileIds'],
   fileService: FileServiceStart
-) => {
+): Promise<FileJSON[]> => {
   // it's possible that we're trying to delete a file when an attachment wasn't created (for example if the create
   // attachment request failed)
   const files = await pMap(fileIds, async (fileId: string) => fileService.getById({ id: fileId }), {
@@ -143,25 +141,5 @@ const getFiles = async (
     throw Boom.badRequest('Failed to find files to delete');
   }
 
-  return validFiles;
-};
-
-const createFileEntities = (files: File[]) => {
-  const fileEntities: OwnerEntity[] = [];
-
-  // It's possible that the owner array could have invalid information in it so we'll use the file kind for determining if the user
-  // has the correct authorization for deleting these files
-  for (const fileInfo of files) {
-    const ownerFromFileKind = constructOwnerFromFileKind(fileInfo.data.fileKind);
-
-    if (ownerFromFileKind == null) {
-      throw Boom.badRequest(
-        `File id ${fileInfo.id} has invalid file kind ${fileInfo.data.fileKind}`
-      );
-    }
-
-    fileEntities.push({ id: fileInfo.id, owner: ownerFromFileKind });
-  }
-
-  return fileEntities;
+  return validFiles.map((fileInfo) => fileInfo.data);
 };
@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { MAX_FILES_PER_CASE } from '../../../common/constants';
+import type { FindFileArgs } from '@kbn/files-plugin/server';
+import { createFileServiceMock } from '@kbn/files-plugin/server/mocks';
+import type { FileJSON } from '@kbn/shared-ux-file-types';
+import type { CaseFileMetadataForDeletion } from '../../../common/files';
+import { constructFileKindIdByOwner } from '../../../common/files';
+import { getFileEntities } from './delete';
+
+const getCaseIds = (numIds: number) => {
+  return Array.from(Array(numIds).keys()).map((key) => key.toString());
+};
+describe('delete', () => {
+  describe('getFileEntities', () => {
+    const numCaseIds = 1000;
+    const caseIds = getCaseIds(numCaseIds);
+    const mockFileService = createFileServiceMock();
+    mockFileService.find.mockImplementation(async (args: FindFileArgs) => {
+      const caseMeta = args.meta as unknown as CaseFileMetadataForDeletion;
+      const numFilesToGen = caseMeta.caseIds.length * MAX_FILES_PER_CASE;
+      const files = Array.from(Array(numFilesToGen).keys()).map(() => createMockFileJSON());
+
+      return {
+        files,
+        total: files.length,
+      };
+    });
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+    });
+
+    it('only provides 50 case ids in a single call to the find api', async () => {
+      await getFileEntities(caseIds, mockFileService);
+
+      for (const call of mockFileService.find.mock.calls) {
+        const callMeta = call[0].meta as unknown as CaseFileMetadataForDeletion;
+        expect(callMeta.caseIds.length).toEqual(50);
+      }
+    });
+
+    it('calls the find function the number of case ids divided by the chunk size', async () => {
+      await getFileEntities(caseIds, mockFileService);
+
+      const chunkSize = 50;
+
+      expect(mockFileService.find).toHaveBeenCalledTimes(numCaseIds / chunkSize);
+    });
+
+    it('returns the number of entities equal to the case ids times the max files per case limit', async () => {
+      const entities = await getFileEntities(caseIds, mockFileService);
+
+      expect(entities.length).toEqual(numCaseIds * MAX_FILES_PER_CASE);
+    });
+  });
+});
+
+const createMockFileJSON = (): FileJSON => {
+  return {
+    id: '123',
+    fileKind: constructFileKindIdByOwner('securitySolution'),
+    meta: {
+      owner: ['securitySolution'],
+    },
+  } as unknown as FileJSON;
+};
@@ -6,27 +6,32 @@
  */
 
 import { Boom } from '@hapi/boom';
+import pMap from 'p-map';
+import { chunk } from 'lodash';
 import type { SavedObjectsBulkDeleteObject } from '@kbn/core/server';
+import type { FileServiceStart } from '@kbn/files-plugin/server';
 import {
   CASE_COMMENT_SAVED_OBJECT,
   CASE_SAVED_OBJECT,
   CASE_USER_ACTION_SAVED_OBJECT,
+  MAX_DELETE_CASE_IDS,
+  MAX_DOCS_PER_PAGE,
 } from '../../../common/constants';
 import type { CasesClientArgs } from '..';
 import { createCaseError } from '../../common/error';
 import type { OwnerEntity } from '../../authorization';
 import { Operations } from '../../authorization';
+import { createFileEntities, deleteFiles } from '../files';
 
 /**
  * Deletes the specified cases and their attachments.
- *
- * @ignore
  */
 export async function deleteCases(ids: string[], clientArgs: CasesClientArgs): Promise<void> {
   const {
     services: { caseService, attachmentService, userActionService },
     logger,
     authorization,
+    fileService,
   } = clientArgs;
   try {
     const cases = await caseService.getCases({ caseIds: ids });
@@ -44,9 +49,11 @@ export async function deleteCases(ids: string[], clientArgs: CasesClientArgs): P
       entities.set(theCase.id, { id: theCase.id, owner: theCase.attributes.owner });
     }
 
+    const fileEntities = await getFileEntities(ids, fileService);
+
     await authorization.ensureAuthorized({
       operation: Operations.deleteCase,
-      entities: Array.from(entities.values()),
+      entities: [...Array.from(entities.values()), ...fileEntities],
     });
 
     const attachmentIds = await attachmentService.getter.getAttachmentIdsForCases({
@@ -61,10 +68,14 @@ export async function deleteCases(ids: string[], clientArgs: CasesClientArgs): P
       ...userActionIds.map((id) => ({ id, type: CASE_USER_ACTION_SAVED_OBJECT })),
     ];
 
-    await caseService.bulkDeleteCaseEntities({
-      entities: bulkDeleteEntities,
-      options: { refresh: 'wait_for' },
-    });
+    const fileIds = fileEntities.map((entity) => entity.id);
+    await Promise.all([
+      deleteFiles(fileIds, fileService),
+      caseService.bulkDeleteCaseEntities({
+        entities: bulkDeleteEntities,
+        options: { refresh: 'wait_for' },
+      }),
+    ]);
 
     await userActionService.creator.bulkAuditLogCaseDeletion(
       cases.saved_objects.map((caseInfo) => caseInfo.id)
@@ -77,3 +88,29 @@ export async function deleteCases(ids: string[], clientArgs: CasesClientArgs): P
     });
   }
 }
+
+export const getFileEntities = async (
+  caseIds: string[],
+  fileService: FileServiceStart
+): Promise<OwnerEntity[]> => {
+  // using 50 just to be safe, each case can have 100 files = 50 * 100 = 5000 which is half the max number of docs that
+  // the client can request
+  const chunkSize = MAX_DELETE_CASE_IDS / 2;
+  const chunkedIds = chunk(caseIds, chunkSize);
+
+  const fileResults = await pMap(chunkedIds, async (ids: string[]) => {
+    const files = await fileService.find({
+      perPage: MAX_DOCS_PER_PAGE,
+      meta: {
+        caseIds: ids,
+      },
+    });
+
+    return files;
+  });
+
+  const files = fileResults.flatMap((res) => res.files);
+  const fileEntities = createFileEntities(files);
+
+  return fileEntities;
+};
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import Boom from '@hapi/boom';
+import type { FileJSON } from '@kbn/files-plugin/common';
+import type { FileServiceStart } from '@kbn/files-plugin/server';
+import pMap from 'p-map';
+import { constructOwnerFromFileKind } from '../../../common/files';
+import { MAX_CONCURRENT_SEARCHES } from '../../../common/constants';
+import type { OwnerEntity } from '../../authorization';
+
+export const createFileEntities = (files: FileJSON[]): OwnerEntity[] => {
+  const fileEntities: OwnerEntity[] = [];
+
+  // It's possible that the owner array could have invalid information in it so we'll use the file kind for determining if the user
+  // has the correct authorization for deleting these files
+  for (const fileInfo of files) {
+    const ownerFromFileKind = constructOwnerFromFileKind(fileInfo.fileKind);
+
+    if (ownerFromFileKind == null) {
+      throw Boom.badRequest(`File id ${fileInfo.id} has invalid file kind ${fileInfo.fileKind}`);
+    }
+
+    fileEntities.push({ id: fileInfo.id, owner: ownerFromFileKind });
+  }
+
+  return fileEntities;
+};
+
+export const deleteFiles = async (fileIds: string[], fileService: FileServiceStart) => {
+  pMap(fileIds, async (fileId: string) => fileService.delete({ id: fileId }), {
+    concurrency: MAX_CONCURRENT_SEARCHES,
+  });
+};
diff --git a/x-pack/plugins/cases/server/routes/api/cases/delete_cases.ts b/x-pack/plugins/cases/server/routes/api/cases/delete_cases.ts
@@ -7,7 +7,7 @@
 
 import { schema } from '@kbn/config-schema';
 
-import { CASES_URL } from '../../../../common/constants';
+import { CASES_URL, MAX_DELETE_CASE_IDS } from '../../../../common/constants';
 import { createCaseError } from '../../../common/error';
 import { createCasesRoute } from '../create_cases_route';
 
@@ -16,7 +16,10 @@ export const deleteCaseRoute = createCasesRoute({
   path: CASES_URL,
   params: {
     query: schema.object({
-      ids: schema.arrayOf(schema.string()),
+      ids: schema.arrayOf(schema.string({ minLength: 1 }), {
+        minSize: 1,
+        maxSize: MAX_DELETE_CASE_IDS,
+      }),
     }),
   },
   handler: async ({ context, request, response }) => {

@@ -15,7 +15,9 @@ import {
   CommentPatchRequest,
   CommentRequest,
   CommentResponse,
+  CommentsResponse,
   CommentType,
+  getCaseFindAttachmentsUrl,
   getCasesDeleteFileAttachmentsUrl,
 } from '@kbn/cases-plugin/common/api';
 import { User } from '../authentication/types';
@@ -280,3 +282,26 @@ export const bulkDeleteFileAttachments = async ({
     .auth(auth.user.username, auth.user.password)
     .expect(expectedHttpCode);
 };
+
+export const findAttachments = async ({
+  supertest,
+  caseId,
+  query = {},
+  expectedHttpCode = 200,
+  auth = { user: superUser, space: null },
+}: {
+  supertest: SuperTest.SuperTest<SuperTest.Test>;
+  caseId: string;
+  query?: Record<string, unknown>;
+  expectedHttpCode?: number;
+  auth?: { user: User; space: string | null };
+}): Promise<CommentsResponse> => {
+  const { body } = await supertest
+    .get(`${getSpaceUrlPrefix(auth.space)}${getCaseFindAttachmentsUrl(caseId)}`)
+    .set('kbn-xsrf', 'true')
+    .query(query)
+    .auth(auth.user.username, auth.user.password)
+    .expect(expectedHttpCode);
+
+  return body;
+};