PSP-11373 Correct PIMS file/project access by eddherrera · Pull Request #5285 · bcgov/PSP

eddherrera · 2026-04-17T16:09:39Z

No description provided.

asanchezr · 2026-04-17T16:20:21Z

+        /// <returns></returns>
+        public static short[] GetShortArrayValue(this IDictionary<string, Microsoft.Extensions.Primitives.StringValues> dict, string key, string separator = ",")
+        {
+            return dict.TryGetValue(key, out Microsoft.Extensions.Primitives.StringValues value) ? value.ToString().Split(separator).Select(v => { return short.TryParse(v, out short iv) ? (short?)iv : null; }).Where(v => v != null).Select(v => (short)v).ToArray() : Array.Empty<short>();


please address this codeql warning

github-actions · 2026-04-17T16:17:49Z

See CodeCov Report Here: https://app.codecov.io/github/bcgov/psp/pull/5285

github-actions · 2026-04-17T16:28:08Z

See CodeCov Report Here: https://app.codecov.io/github/bcgov/psp/pull/5285

sonarqubecloud · 2026-04-17T17:31:07Z

Quality Gate failed

Failed conditions
8.6% Duplication on New Code (required ≤ 3%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

github-actions · 2026-04-17T17:33:05Z

See CodeCov Report Here: https://app.codecov.io/github/bcgov/psp/pull/5285

github-actions · 2026-04-17T17:43:10Z

See CodeCov Report Here: https://app.codecov.io/github/bcgov/psp/pull/5285

asanchezr

Please see comments. There are a few places where region restriction is still in place (exports mainly)

asanchezr · 2026-04-17T21:47:30Z

            var userRegions = pimsUser.PimsRegionUsers.Select(r => r.RegionCode).ToHashSet();
            long? contractorPersonId = pimsUser.IsContractor ? pimsUser.PersonId : null;

            var acqFiles = _acqFileRepository.GetAcquisitionFileExportDeep(filter, userRegions, contractorPersonId);


This needs to be updated as well. Exports are included in the story ACs:

Make sure this behaviour is applied consistently on dependent excel reports.

asanchezr · 2026-04-17T21:53:53Z

            var userRegions = pimsUser.PimsRegionUsers.Select(r => r.RegionCode).ToHashSet();
            long? contractorPersonId = pimsUser.IsContractor ? pimsUser.PersonId : null;

            var teamMembers = _acqFileRepository.GetTeamMembers(userRegions, contractorPersonId);


The endpoint to return "all file team-members" is also being filtered by the current user regions. I think the region restriction should be lifted as well here. I understand this was not explicitly called for in the ACs so this could be logged as a follow-up story/fix. Please reach out to Devin for feedback.

If not fixed with this PR we will need to track the change in another story

asanchezr · 2026-04-17T22:02:35Z

            var userRegions = pimsUser.PimsRegionUsers.Select(r => r.RegionCode).ToHashSet();
            long? contractorPersonId = pimsUser.IsContractor ? pimsUser.PersonId : null;

            var teamMembers = _leaseRepository.GetTeamMembers(userRegions, contractorPersonId);


Same comment re: team-members region restriction

asanchezr · 2026-04-17T22:05:08Z

            var pimsUser = _userRepository.GetUserInfoByKeycloakUserId(_user.GetUserKey());
            long? contractorPersonId = pimsUser.IsContractor ? pimsUser.PersonId : null;

            var leases = _leaseRepository.GetAllByIds(leaseIds, pimsUser.PimsRegionUsers.Select(u => u.RegionCode).ToHashSet(), contractorPersonId).ToList();


this method is called in one of the lease exports. please remove the region restriction here.

asanchezr · 2026-04-17T22:38:13Z

            var pimsUser = _userRepository.GetUserInfoByKeycloakUserId(_user.GetUserKey());
            var userRegions = pimsUser.PimsRegionUsers.Select(r => r.RegionCode).ToHashSet();

            return _projectRepository.SearchProjects(filter, userRegions, maxResult);


This correspond to the endpoints that serve the project "auto-complete". Not called explicitly in ACs so it would be okay to bundle with the other changes already mentioned that could go to a separate story. Check with Devin anyways please

asanchezr · 2026-04-17T23:35:39Z

+      acquisitionTeamMemberPersonId: acquisitionTeamPersonId ? acquisitionTeamPersonId : null,
+      acquisitionTeamMemberOrganizationId: acquistionTeamOrganizationId
+        ? acquistionTeamOrganizationId


use isValidId to check here

asanchezr · 2026-04-17T23:43:47Z

+  leaseStatusTypes: MultiSelectOption[] = [];
+  tenantName = '';
+  expiryEndDate = '';
+  regionType = '';


I think this single-select region is not needed

asanchezr · 2026-04-17T23:57:50Z

  searchBy = 'address';
  pin = '';
  pid = '';
  regionCode = '';


remove this field

asanchezr · 2026-04-18T00:02:11Z

+export interface MultiSelectOption {
+  id: string;
+  text: string;
+}


Thanks for moving this to a shared folder

asanchezr · 2026-04-18T00:02:32Z

  searchBy: string;
  pin: string;
  pid: string;
  regionCode: string;


please remove

Herrera added 2 commits April 15, 2026 22:33

PSP-11373 : Correct PIMS file/project access

ccef4f2

- unit tests updates

b7872ab

eddherrera requested a review from asanchezr April 17, 2026 16:09

eddherrera self-assigned this Apr 17, 2026

eddherrera added the enhancement New feature or request label Apr 17, 2026

github-advanced-security AI found potential problems Apr 17, 2026

View reviewed changes

Comment thread source/frontend/src/features/management/list/ManagementFilter/ManagementFilter.test.tsx Fixed

github-advanced-security AI found potential problems Apr 17, 2026

View reviewed changes

Herrera added 2 commits April 17, 2026 10:16

Merge branch 'dev' into psp-11373

1a91809

- linting

5bbd04d

asanchezr requested changes Apr 18, 2026

View reviewed changes

asanchezr added the 6.2 label Apr 18, 2026

Conversation

eddherrera commented Apr 17, 2026

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Apr 17, 2026

Uh oh!

github-actions bot commented Apr 17, 2026

Uh oh!

sonarqubecloud bot commented Apr 17, 2026

Quality Gate failed

Uh oh!

github-actions bot commented Apr 17, 2026

Uh oh!

github-actions bot commented Apr 17, 2026

Uh oh!

asanchezr left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants