dfir-iris · c8y3 · Sep 5, 2025 · Sep 5, 2025 · Sep 5, 2025 · Sep 5, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -185,7 +185,13 @@ jobs:
           PYTHONUNBUFFERED=true python -m unittest --verbose
       - name: Stop development server
         run: |
+          docker compose logs app > ${{ runner.temp }}/iriswebapp_app.log
           docker compose down
+      - name: Upload artifact
-      - name: Stop development server
-        run: |
-          docker compose logs app > ${{ runner.temp }}/iriswebapp_app.log
-          docker compose down
-      - name: Upload artifact
+      - name: Stop development server
+        if: ${{ always() }}
+        run: |
+          docker compose -f docker-compose.dev.yml logs --no-color --timestamps --tail=5000 app > "${{ runner.temp }}/iriswebapp_app.log" \
+            || docker compose -f docker-compose.dev.yml logs --no-color --timestamps --tail=5000 > "${{ runner.temp }}/iriswebapp_app.log" || true
+          docker compose -f docker-compose.dev.yml down
+      - name: Upload artifact
-      - name: Stop development server
-        run: |
-          docker compose logs app > ${{ runner.temp }}/iriswebapp_app.log
-          docker compose down
-      - name: Upload artifact
+      - name: Stop development server
+        if: ${{ always() }}
+        run: |
+          docker compose -f docker-compose.dev.yml logs --no-color --timestamps --tail=5000 app > "${{ runner.temp }}/iriswebapp_app.log" \
+            || docker compose -f docker-compose.dev.yml logs --no-color --timestamps --tail=5000 > "${{ runner.temp }}/iriswebapp_app.log" || true
+          docker compose -f docker-compose.dev.yml down
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: Test API iriswebapp_app logs
+          path: ${{ runner.temp }}/iriswebapp_app.log
-        uses: actions/upload-artifact@v4
-        with:
-          name: Test API iriswebapp_app logs
-          path: ${{ runner.temp }}/iriswebapp_app.log
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: Test API iriswebapp_app logs
+          path: ${{ runner.temp }}/iriswebapp_app.log
+          if-no-files-found: ignore
+          retention-days: 7
-        uses: actions/upload-artifact@v4
-        with:
-          name: Test API iriswebapp_app logs
-          path: ${{ runner.temp }}/iriswebapp_app.log
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: Test API iriswebapp_app logs
+          path: ${{ runner.temp }}/iriswebapp_app.log
+          if-no-files-found: ignore
+          retention-days: 7
 
   test-database-migration:
     name: Database migration tests

diff --git a/source/app/blueprints/access_controls.py b/source/app/blueprints/access_controls.py
@@ -48,7 +48,7 @@
 from app.datamgmt.manage.manage_access_control_db import user_has_client_access
 from app.datamgmt.manage.manage_users_db import get_user
 from app.iris_engine.access_control.iris_user import iris_current_user
-from app.iris_engine.access_control.utils import ac_fast_check_user_has_case_access
+from app.business.access_controls import ac_fast_check_user_has_case_access
 from app.iris_engine.access_control.utils import ac_get_effective_permissions_of_user
 from app.iris_engine.utils.tracker import track_activity
 from app.models.authorization import Permissions

diff --git a/source/app/blueprints/graphql/permissions.py b/source/app/blueprints/graphql/permissions.py
@@ -25,7 +25,7 @@
 from app.blueprints.access_controls import get_case_access_from_api
 from app.iris_engine.access_control.iris_user import iris_current_user
 from app.iris_engine.access_control.utils import ac_get_effective_permissions_of_user
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 
 
 class PermissionDeniedError(Exception):

diff --git a/source/app/blueprints/pages/manage/manage_cases_routes.py b/source/app/blueprints/pages/manage/manage_cases_routes.py
@@ -34,7 +34,7 @@
 from app.datamgmt.manage.manage_cases_db import get_case_protagonists
 from app.datamgmt.manage.manage_common import get_severities_list
 from app.forms import AddCaseForm
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.iris_engine.access_control.utils import ac_current_user_has_permission
 from app.models.authorization import CaseAccessLevel
 from app.models.authorization import Permissions

diff --git a/source/app/blueprints/rest/alerts_routes.py b/source/app/blueprints/rest/alerts_routes.py
@@ -1019,6 +1019,7 @@ def alert_comment_edit(alert_id, com_id):
 
 
 @alerts_rest_blueprint.route('/alerts/<int:alert_id>/comments/add', methods=['POST'])
+@endpoint_deprecated('POST', '/api/v2/alerts/{alert_identifier}/comments')
 @ac_api_requires(Permissions.alerts_write)
 def case_comment_add(alert_id):
     """

diff --git a/source/app/blueprints/rest/case/case_assets_routes.py b/source/app/blueprints/rest/case/case_assets_routes.py
@@ -47,7 +47,7 @@
 from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes
 from app.datamgmt.manage.manage_users_db import get_user_cases_fast
 from app.datamgmt.states import get_assets_state
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.iris_engine.module_handler.module_handler import call_modules_hook
 from app.iris_engine.utils.tracker import track_activity
 from app.models.models import AnalysisStatus
@@ -349,6 +349,7 @@ def case_comment_asset_list(cur_id, caseid):
 
 
 @case_assets_rest_blueprint.route('/case/assets/<int:cur_id>/comments/add', methods=['POST'])
+@endpoint_deprecated('POST', '/api/v2/assets/{asset_identifier}/comments')
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_comment_asset_add(cur_id, caseid):

diff --git a/source/app/blueprints/rest/case/case_evidences_routes.py b/source/app/blueprints/rest/case/case_evidences_routes.py
@@ -152,6 +152,7 @@ def case_comment_evidence_list(cur_id, caseid):
 
 
 @case_evidences_rest_blueprint.route('/case/evidences/<int:cur_id>/comments/add', methods=['POST'])
+@endpoint_deprecated('POST', '/api/v2/evidences/{evidence_identifier}/comments')
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_comment_evidence_add(cur_id, caseid):

diff --git a/source/app/blueprints/rest/case/case_ioc_routes.py b/source/app/blueprints/rest/case/case_ioc_routes.py
@@ -45,7 +45,7 @@
 from app.datamgmt.case.case_iocs_db import get_tlps_dict
 from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes
 from app.datamgmt.states import get_ioc_state
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.iris_engine.module_handler.module_handler import call_modules_hook
 from app.iris_engine.utils.tracker import track_activity
 from app.models.authorization import CaseAccessLevel
@@ -259,6 +259,7 @@ def case_comment_ioc_list(cur_id, caseid):
 
 
 @case_ioc_rest_blueprint.route('/case/ioc/<int:cur_id>/comments/add', methods=['POST'])
+@endpoint_deprecated('POST', '/api/v2/iocs/{ioc_identifier}/comments')
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_comment_ioc_add(cur_id, caseid):

diff --git a/source/app/blueprints/rest/case/case_notes_routes.py b/source/app/blueprints/rest/case/case_notes_routes.py
@@ -404,6 +404,7 @@ def case_comment_note_list(cur_id, caseid):
 
 
 @case_notes_rest_blueprint.route('/case/notes/<int:cur_id>/comments/add', methods=['POST'])
+@endpoint_deprecated('POST', '/api/v2/notes/{note_identifier}/comments')
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_comment_note_add(cur_id, caseid):

diff --git a/source/app/blueprints/rest/case/case_routes.py b/source/app/blueprints/rest/case/case_routes.py
@@ -38,9 +38,8 @@
 from app.datamgmt.manage.manage_groups_db import get_group_with_members
 from app.datamgmt.manage.manage_users_db import get_user
 from app.datamgmt.manage.manage_users_db import get_users_list_restricted_from_case
-from app.datamgmt.manage.manage_users_db import set_user_case_access
+from app.business.access_controls import set_user_case_access, ac_fast_check_user_has_case_access
 from app.business.cases import cases_export_to_json
-from app.iris_engine.access_control.utils import ac_fast_check_user_has_case_access
 from app.iris_engine.access_control.utils import ac_set_case_access_for_users
 from app.iris_engine.utils.tracker import track_activity
 from app.models.models import CaseStatus
@@ -243,21 +242,29 @@ def user_cac_set_case(caseid):
 
     try:
 
-        success, logs = set_user_case_access(user.id, data.get('case_id'), data.get('access_level'))
+        case_identifier = data.get('case_id')
+        access_level = data.get('access_level')
+
+        if user.id is None or type(user.id) is not int:
+            return response_error('Invalid user id')
+        if case_identifier is None or type(case_identifier) is not int:
+            return response_error('Invalid case id')
+        if access_level is None or type(access_level) is not int:
+            return response_error('Invalid access level')
+        if CaseAccessLevel.has_value(access_level) is False:
+            return response_error('Invalid access level')
+
+        set_user_case_access(user.id, case_identifier, access_level)
         track_activity('case access set to {} for user {}'.format(data.get('access_level'), user.name), caseid)
         add_obj_history_entry(case, 'access changed to {} for user {}'.format(data.get('access_level'), user.name))
 
         db.session.commit()
+        return response_success(msg=f'Case access set to {access_level} for user {user.id}')
 
     except Exception as e:
         log.error(f'Error while setting case access for user: {e}')
         log.error(traceback.format_exc())
-        return response_error(msg=str(e))
-
-    if success:
-        return response_success(msg=logs)
-
-    return response_error(msg=logs)
+        return response_error(str(e))
 
 
 @case_rest_blueprint.route('/case/update-status', methods=['POST'])

diff --git a/source/app/blueprints/rest/case/case_tasks_routes.py b/source/app/blueprints/rest/case/case_tasks_routes.py
@@ -177,6 +177,7 @@ def case_comment_task_list(cur_id: int, caseid: int):
 
 
 @case_tasks_rest_blueprint.route('/case/tasks/<int:cur_id>/comments/add', methods=['POST'])
+@endpoint_deprecated('POST', '/api/v2/tasks/{task_identifier}/comments')
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_comment_task_add(cur_id: int, caseid: int):

diff --git a/source/app/blueprints/rest/case/case_timeline_routes.py b/source/app/blueprints/rest/case/case_timeline_routes.py
@@ -125,6 +125,7 @@ def case_comment_edit(cur_id, com_id, caseid):
 
 
 @case_timeline_rest_blueprint.route('/case/timeline/events/<int:cur_id>/comments/add', methods=['POST'])
+@endpoint_deprecated('POST', '/api/v2/events/{event_identifier}/comments')
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_comment_add(cur_id, caseid):

diff --git a/source/app/blueprints/rest/case_comments.py b/source/app/blueprints/rest/case_comments.py
@@ -25,14 +25,15 @@
 from app.blueprints.responses import response_success
 from app.business.comments import comments_update_for_case
 from app.business.errors import BusinessProcessingError
+from app.iris_engine.access_control.iris_user import iris_current_user
 
 
 def case_comment_update(comment_id, object_type, caseid):
     try:
         comment_schema = CommentSchema()
         rq_t = request.get_json()
         comment_text = rq_t.get('comment_text')
-        comment = comments_update_for_case(comment_text, comment_id, object_type, caseid)
+        comment = comments_update_for_case(iris_current_user, comment_text, comment_id, object_type, caseid)
         return response_success("Comment edited", data=comment_schema.dump(comment))
     except BusinessProcessingError as e:
         return response_error(e.get_message(), data=e.get_data())

diff --git a/source/app/blueprints/rest/manage/manage_assets_routes.py b/source/app/blueprints/rest/manage/manage_assets_routes.py
@@ -21,7 +21,7 @@
 from werkzeug import Response
 
 from app.datamgmt.manage.manage_assets_db import get_filtered_assets
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.models.authorization import CaseAccessLevel
 from app.schema.marshables import CaseAssetsSchema
 from app.blueprints.access_controls import ac_api_requires

diff --git a/source/app/blueprints/rest/manage/manage_cases_routes.py b/source/app/blueprints/rest/manage/manage_cases_routes.py
@@ -38,7 +38,7 @@
 from app.datamgmt.manage.manage_cases_db import get_case_details_rt
 from app.datamgmt.manage.manage_cases_db import list_cases_dict
 from app.datamgmt.manage.manage_cases_db import reopen_case
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.iris_engine.module_handler.module_handler import call_modules_hook
 from app.iris_engine.module_handler.module_handler import configure_module_on_init
 from app.iris_engine.module_handler.module_handler import instantiate_module_from_name

diff --git a/source/app/blueprints/rest/manage/manage_groups.py b/source/app/blueprints/rest/manage/manage_groups.py
@@ -37,10 +37,9 @@
 from app.datamgmt.manage.manage_groups_db import update_group_members
 from app.datamgmt.manage.manage_users_db import get_user
 from app.iris_engine.access_control.utils import ac_ldp_group_removal
-from app.iris_engine.access_control.utils import ac_flag_match_mask
 from app.iris_engine.access_control.utils import ac_ldp_group_update
 from app.iris_engine.access_control.utils import ac_recompute_effective_ac_from_users_list
-from app.models.authorization import Permissions
+from app.models.authorization import Permissions, ac_flag_match_mask
 from app.schema.marshables import AuthorizationGroupSchema
 from app.blueprints.access_controls import ac_api_requires
 from app.blueprints.access_controls import ac_api_return_access_denied

diff --git a/source/app/blueprints/rest/search_routes.py b/source/app/blueprints/rest/search_routes.py
@@ -21,7 +21,7 @@
 from sqlalchemy import and_
 
 from app.iris_engine.utils.tracker import track_activity
-from app.models.models import Comments
+from app.models.comments import Comments
 from app.models.authorization import Permissions
 from app.models.cases import Cases
 from app.models.models import Client

diff --git a/source/app/blueprints/rest/v2/alerts_routes/comments.py b/source/app/blueprints/rest/v2/alerts_routes/comments.py
@@ -18,14 +18,18 @@
 
 from flask import Blueprint
 from flask import request
+from marshmallow.exceptions import ValidationError
 
 from app.blueprints.access_controls import ac_api_requires
 from app.models.authorization import Permissions
 from app.blueprints.rest.endpoints import response_api_paginated
 from app.blueprints.rest.endpoints import response_api_not_found
+from app.blueprints.rest.endpoints import response_api_created
+from app.blueprints.rest.endpoints import response_api_error
 from app.blueprints.rest.parsing import parse_pagination_parameters
 from app.schema.marshables import CommentSchema
 from app.business.comments import comments_get_filtered_by_alert
+from app.business.comments import comments_create_for_alert
 from app.iris_engine.access_control.iris_user import iris_current_user
 from app.business.errors import ObjectNotFoundError
 
@@ -35,14 +39,25 @@ class CommentsOperations:
     def __init__(self):
         self._schema = CommentSchema()
 
-    def get(self, alert_identifier):
+    def search(self, alert_identifier):
         pagination_parameters = parse_pagination_parameters(request)
         try:
             comments = comments_get_filtered_by_alert(iris_current_user, alert_identifier, pagination_parameters)
             return response_api_paginated(self._schema, comments)
         except ObjectNotFoundError:
             return response_api_not_found()
 
+    def create(self, alert_identifier):
+        try:
+            comment = self._schema.load(request.get_json())
+            comments_create_for_alert(iris_current_user, comment, alert_identifier)
+            result = self._schema.dump(comment)
+            return response_api_created(result)
+        except ValidationError as e:
+            return response_api_error('Data error', data=e.normalized_messages())
+        except ObjectNotFoundError:
+            return response_api_not_found()
+
 
 alerts_comments_blueprint = Blueprint('alerts_comments', __name__, url_prefix='/<int:alert_identifier>/comments')
 comments_operations = CommentsOperations()
@@ -51,4 +66,10 @@ def get(self, alert_identifier):
 @alerts_comments_blueprint.get('')
 @ac_api_requires(Permissions.alerts_read)
 def get_alerts_comments(alert_identifier):
-    return comments_operations.get(alert_identifier)
+    return comments_operations.search(alert_identifier)
+
+
+@alerts_comments_blueprint.post('')
+@ac_api_requires(Permissions.alerts_write)
+def create_alerts_comment(alert_identifier):
+    return comments_operations.create(alert_identifier)
diff --git a/source/app/blueprints/rest/v2/assets.py b/source/app/blueprints/rest/v2/assets.py
@@ -28,7 +28,7 @@
 from app.business.assets import assets_get
 from app.business.errors import BusinessProcessingError
 from app.business.errors import ObjectNotFoundError
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.models.authorization import CaseAccessLevel
 from app.schema.marshables import CaseAssetsSchema
 from app.blueprints.access_controls import ac_api_return_access_denied

diff --git a/source/app/blueprints/rest/v2/assets_routes/comments.py b/source/app/blueprints/rest/v2/assets_routes/comments.py
@@ -18,17 +18,21 @@
 
 from flask import Blueprint
 from flask import request
+from marshmallow.exceptions import ValidationError
 
 from app.blueprints.access_controls import ac_api_requires
 from app.blueprints.rest.endpoints import response_api_paginated
 from app.blueprints.rest.endpoints import response_api_not_found
+from app.blueprints.rest.endpoints import response_api_created
+from app.blueprints.rest.endpoints import response_api_error
 from app.blueprints.rest.parsing import parse_pagination_parameters
-from app.blueprints.access_controls import ac_api_return_access_denied
 from app.business.comments import comments_get_filtered_by_asset
+from app.business.comments import comments_create_for_asset
 from app.business.assets import assets_get
 from app.business.errors import ObjectNotFoundError
 from app.schema.marshables import CommentSchema
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
+from app.iris_engine.access_control.iris_user import iris_current_user
 from app.models.authorization import CaseAccessLevel
 
 
@@ -37,20 +41,37 @@ class CommentsOperations:
     def __init__(self):
         self._schema = CommentSchema()
 
+    @staticmethod
+    def _get_asset(asset_identifier, possible_case_access_levels):
+        asset = assets_get(asset_identifier)
+        if not ac_fast_check_current_user_has_case_access(asset.case_id, possible_case_access_levels):
+            raise ObjectNotFoundError()
+        return asset
+
-    @staticmethod
-    def _get_asset(asset_identifier, possible_case_access_levels):
-        asset = assets_get(asset_identifier)
-        if not ac_fast_check_current_user_has_case_access(asset.case_id, possible_case_access_levels):
-            raise ObjectNotFoundError()
-        return asset
+    @staticmethod
+    def _get_asset(asset_identifier, required_level):
+        asset = assets_get(asset_identifier)
+        if not ac_fast_check_current_user_has_case_access(asset.case_id, required_level):
+            raise ObjectNotFoundError()
+        return asset
-    @staticmethod
-    def _get_asset(asset_identifier, possible_case_access_levels):
-        asset = assets_get(asset_identifier)
-        if not ac_fast_check_current_user_has_case_access(asset.case_id, possible_case_access_levels):
-            raise ObjectNotFoundError()
-        return asset
+    @staticmethod
+    def _get_asset(asset_identifier, required_level):
+        asset = assets_get(asset_identifier)
+        if not ac_fast_check_current_user_has_case_access(asset.case_id, required_level):
+            raise ObjectNotFoundError()
+        return asset
     def get(self, asset_identifier):
         try:
-            asset = assets_get(asset_identifier)
-            if not ac_fast_check_current_user_has_case_access(asset.case_id,
-                                                              [CaseAccessLevel.read_only, CaseAccessLevel.full_access]):
-                return ac_api_return_access_denied(caseid=asset.case_id)
+            asset = self._get_asset(asset_identifier, [CaseAccessLevel.read_only, CaseAccessLevel.full_access])
 
             pagination_parameters = parse_pagination_parameters(request)
 
-            comments = comments_get_filtered_by_asset(asset_identifier, pagination_parameters)
+            comments = comments_get_filtered_by_asset(asset, pagination_parameters)
             return response_api_paginated(self._schema, comments)
         except ObjectNotFoundError:
             return response_api_not_found()
 
+    def create(self, asset_identifier):
+        try:
+            asset = self._get_asset(asset_identifier, [CaseAccessLevel.full_access])
+            comment = self._schema.load(request.get_json())
+            comments_create_for_asset(iris_current_user, asset, comment)
-            comment = self._schema.load(request.get_json())
-            comments_create_for_asset(iris_current_user, asset, comment)
+            # Prevent client-controlled ownership fields
+            comment = CommentSchema(
+                exclude=('user', 'user_id', 'case_id', 'comment_id')
+            ).load(request.get_json(), unknown=RAISE)
+            comments_create_for_asset(iris_current_user, asset, comment)
-            comment = self._schema.load(request.get_json())
-            comments_create_for_asset(iris_current_user, asset, comment)
+            # Prevent client-controlled ownership fields
+            comment = CommentSchema(
+                exclude=('user', 'user_id', 'case_id', 'comment_id')
+            ).load(request.get_json(), unknown=RAISE)
+            comments_create_for_asset(iris_current_user, asset, comment)
+
+            result = self._schema.dump(comment)
+            return response_api_created(result)
+        except ValidationError as e:
+            return response_api_error('Data error', data=e.normalized_messages())
+        except ObjectNotFoundError:
+            return response_api_not_found()
+
 
 assets_comments_blueprint = Blueprint('assets_comments', __name__, url_prefix='/<int:asset_identifier>/comments')
 comments_operations = CommentsOperations()
@@ -60,3 +81,9 @@ def get(self, asset_identifier):
 @ac_api_requires()
 def get_assets_comments(asset_identifier):
     return comments_operations.get(asset_identifier)
+
+
+@assets_comments_blueprint.post('')
+@ac_api_requires()
+def create_assets_comment(asset_identifier):
+    return comments_operations.create(asset_identifier)
diff --git a/source/app/blueprints/rest/v2/case_objects/assets.py b/source/app/blueprints/rest/v2/case_objects/assets.py
@@ -38,7 +38,7 @@
 from app.business.assets import assets_delete
 from app.business.errors import BusinessProcessingError
 from app.business.errors import ObjectNotFoundError
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
 from app.models.authorization import CaseAccessLevel
 from app.schema.marshables import CaseAssetsSchema

diff --git a/source/app/blueprints/rest/v2/case_objects/events.py b/source/app/blueprints/rest/v2/case_objects/events.py
@@ -36,7 +36,7 @@
 from app.business.errors import BusinessProcessingError
 from app.business.errors import ObjectNotFoundError
 from app.business.cases import cases_exists
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.iris_engine.utils.collab import notify
 from app.models.authorization import CaseAccessLevel
 from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook

diff --git a/source/app/blueprints/rest/v2/case_objects/evidences.py b/source/app/blueprints/rest/v2/case_objects/evidences.py
@@ -20,7 +20,7 @@
 from flask import request
 
 from app.blueprints.access_controls import ac_api_requires
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.models.authorization import CaseAccessLevel
 from app.business.errors import BusinessProcessingError
 from app.business.errors import ObjectNotFoundError

diff --git a/source/app/blueprints/rest/v2/case_objects/iocs.py b/source/app/blueprints/rest/v2/case_objects/iocs.py
@@ -35,7 +35,7 @@
 from app.business.iocs import iocs_delete
 from app.business.iocs import iocs_update
 from app.datamgmt.case.case_iocs_db import get_filtered_iocs
-from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
+from app.business.access_controls import ac_fast_check_current_user_has_case_access
 from app.models.authorization import CaseAccessLevel
 from app.schema.marshables import IocSchemaForAPIV2
 from app.blueprints.access_controls import ac_api_return_access_denied