[BUG] Case merge of alerts with assets broken in =>v2.4.8 - unexpected results for multiple merges of same alert (<=v2.4.7)

[StaSys846]

Describe the bug
Affects IRIS versions > v2.4.7 (currently 2.4.8 & 2.4.9). A merge of an alert with assets to an existing IRIS case is broken. Assets will not be added to the selected case.
The expected behavior is that all merges of alert assets will be visible in the merged cases. That should also be the case for multiple merges (one alert to multiple cases), which is also not the case for iris versions <=2.4.7 (see explanation below).

To Reproduce
Steps to reproduce the behavior (=> v2.4.8):

1. Go to Alerts
2. Click on Merge for an alert with included assets
3. Switch to merged case
4. In category "assets" the alert assets won't be available

Expected behavior
Alert assets shall be available in case assets, where the alert have been merged into

Additional context
Code analysis showed that at least one problem lies in merge_alert_in_case() (app/datamgmt/alerts/alerts_db.py):

• Code introduced with commit 1ffe476 ([ADD] Dedup of alerts assets)
• Code changes causes, that asset search for a specific asset uuid (the alert asset) will be performed over all iris assets (all alerts/cases). When an asset is found (which is always the case, since the alert asset itself is in the search set) the asset object remains unchanged (no asset.case_id update) what is the reason why the asset is not mapped to the target case.
• In my opinion the search have to be confined to the target case assets and NOT over all iris assets (depends on the intended overall goal; see below).
• Proposal to confine search set to case assets: Code line #584 in alerts_db.py: add CaseAssets.case_id == case.case_id, as an additional search filter
  • with that the alert asset will be changed to asset.case_id = target case id (asset<->case relation is 1:1)
• (Also valid for current iris versions <= v2.4.7) -> No new asset is created by alert merge. An additional merge of the same alert to a different target case will remap the alert asset to the new target case and the old case mapping will be removed. So additional fixes are needed e.g. using deepcopy for the asset object to get a new object.
  • Overall dedup goal is not clear:
    • Keep only unique assets in iris over all cases? -> then the alert escalate behavior is wrong (where a duplicate asset will be created with deepcopy) and in addition the overall db model for asset<->case relation mus be n:m and not 1:1.
    • Keep unique assets in a iris case? -> either escalate or merge must result in a asset copy which is mapped to the case. My preferred behavior: Since asset information (asset fields, custom attributes, etc.) might be case or customer dependent, assets should be a dedicated case asset and not be an unique object over all cases.