[backend] handle orga delete in retention manager

SouadHadjiat · SouadHadjiat · commit 6c24ab3d66c6 · 2024-11-05T11:39:27.000+01:00
diff --git a/opencti-platform/opencti-graphql/src/manager/retentionManager.ts b/opencti-platform/opencti-graphql/src/manager/retentionManager.ts
@@ -16,6 +16,8 @@ import type { FileEdge, RetentionRule } from '../generated/graphql';
 import { RetentionRuleScope, RetentionUnit } from '../generated/graphql';
 import { deleteFile } from '../database/file-storage';
 import { DELETABLE_FILE_STATUSES, paginatedForPathWithEnrichment } from '../modules/internal/document/document-domain';
+import { ENTITY_TYPE_IDENTITY_ORGANIZATION } from '../modules/organization/organization-types';
+import { organizationDelete } from '../modules/organization/organization-domain';
 import type { BasicStoreCommonEdge, StoreObject } from '../types/store';
 import { ALREADY_DELETED_ERROR } from '../config/errors';
 
@@ -33,7 +35,12 @@ export const RETENTION_UNIT_VALUES = Object.values(RetentionUnit);
 
 export const deleteElement = async (context: AuthContext, scope: string, nodeId: string, nodeEntityType?: string) => {
   if (scope === 'knowledge') {
-    await deleteElementById(context, RETENTION_MANAGER_USER, nodeId, nodeEntityType, { forceDelete: true });
+    if (nodeEntityType === ENTITY_TYPE_IDENTITY_ORGANIZATION) {
+      // call organizationDelete which will ensure protections (for platform organization & members)
+      await organizationDelete(context, RETENTION_MANAGER_USER, nodeId);
+    } else {
+      await deleteElementById(context, RETENTION_MANAGER_USER, nodeId, nodeEntityType, { forceDelete: true });
+    }
   } else if (scope === 'file' || scope === 'workbench') {
     await deleteFile(context, RETENTION_MANAGER_USER, nodeId);
   } else {
diff --git a/opencti-platform/opencti-graphql/tests/02-integration/04-manager/retentionManager-test.ts b/opencti-platform/opencti-graphql/tests/02-integration/04-manager/retentionManager-test.ts
@@ -1,10 +1,11 @@
 import { describe, expect, it, beforeAll, afterAll } from 'vitest';
 import gql from 'graphql-tag';
 import { Readable } from 'stream';
-import { ADMIN_USER, queryAsAdmin, testContext } from '../../utils/testQuery';
+import { ADMIN_USER, queryAsAdmin, TEST_ORGANIZATION, testContext } from '../../utils/testQuery';
 import { utcDate } from '../../../src/utils/format';
 import { deleteElement, getElementsToDelete } from '../../../src/manager/retentionManager';
 import { allFilesForPaths } from '../../../src/modules/internal/document/document-domain';
+import { ENTITY_TYPE_IDENTITY_ORGANIZATION } from '../../../src/modules/organization/organization-types';
 import { uploadToStorage } from '../../../src/database/file-storage-helper';
 import { elLoadById, elRawUpdateByQuery } from '../../../src/database/engine';
 import { READ_INDEX_INTERNAL_OBJECTS, READ_INDEX_STIX_DOMAIN_OBJECTS } from '../../../src/database/utils';
@@ -322,4 +323,8 @@ describe('Retention Manager tests ', () => {
     const report1deleted = await elLoadById(testContext, ADMIN_USER, report1Id);
     expect(report1deleted).toBeUndefined();
   });
+  it('should not delete organization with members', async () => {
+    await expect(() => deleteElement(context, 'knowledge', TEST_ORGANIZATION.id, ENTITY_TYPE_IDENTITY_ORGANIZATION))
+      .rejects.toThrowError('Cannot delete the organization that has members.');
+  });
 });
