Auth/PM-32035 - Emergency Access - DeleteEmergencyAccessCommand refactor (#7054)

* PM-32035 - EmergencyAccessService - fix interface docs, method docs, and tests to cover grantee / grantor deletion which is supported today. * PM-32035 - EmergencyAccessService - mark existing delete as deprecated * PM-32035 - EmergencyAccess readme docs - fix deletion docs * PM-32035 - Add new EmergencyAccessDetails_ReadByUserIds stored proc * PM-32035 - Add migration script for EmergencyAccessDetails_ReadByUserIds * PM-32035 - Build out GetManyDetailsByUserIdsAsync in repository layer plus add tests * PM-32035 - EmergencyAccessRepo - DeleteManyAsync - remove grantee revision bump as not necessary since no EA sync data exists + update tests * PM-32035 - Fix incorrect nullability annotation on EmergencyAccessDetails.GrantorEmail. Both the SQL view and EF projection use a LEFT JOIN to the User table, meaning the value can be null if the grantor's account no longer exists. Changed to string? and removed the required modifier since the class is only ever materialized from database queries, never directly instantiated. * PM-32035 - Refactor DeleteEmergencyAccess command to offer new DeleteAllByUserIdAsync and DeleteAllByUserIdsAsync methods. Need to build out DeleteByIdAndUserIdAsync with a new stored proc. * PM-32035 - Build out IEmergencyAccessRepository.GetDetailsByIdAsync because we need such a method in order to meet the product requirements to send grantor email notifications for normal deletions in the future. * PM-32035 - Wire up DeleteEmergencyAccessCommand.DeleteByIdAndUserIdAsync to use new repository method emergencyAccessRepository.GetDetailsByIdAsync so we can send notifications. Now, it is full replacement for the existing emergency access service deletion method + has the new notification functionaliy requested. * PM-32035 - Add more test coverage for DeleteByIdAndUserIdAsync * PM-32035 - Fix missing GranteeAvatarColor and GrantorAvatarColor projections in EmergencyAccessDetailsViewQuery. The EF view query omitted both avatar color fields from its Select projection, causing the integration tests to fail on all non-SqlServer databases (MySql, Postgres, Sqlite) where EF is used instead of Dapper. * PM-32035 - Rename migration after main merge revealed collision * PM-32035 - Rename migration script * PM-32035 - PR feedback - add ticket + todos to deprecated delete async method. * PM-32035 - DeleteEmergencyAccessCommand - add logs if we don't have user data required to send email notifications. * PM-32035 - PR Feedback - rename EmergencyAccessDetails_ReadByUserIds to EmergencyAccessDetails_ReadManyByUserIds
2026-02-27 18:03:17 +00:00 · 2026-02-26 12:49:26 -05:00
parent fd5ea2f7b3
commit 18973a4f63
17 changed files with 1400 additions and 272 deletions
--- a/test/Infrastructure.IntegrationTest/Auth/Repositories/EmergencyAccessRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/Auth/Repositories/EmergencyAccessRepositoryTests.cs
@@ -48,7 +48,7 @@ public class EmergencyAccessRepositoriesTests
    /// All 3 records are then deleted in a single call to DeleteManyAsync.
    /// </summary>
    [DatabaseTheory, DatabaseData]
-    public async Task DeleteManyAsync_DeletesMultipleGranteeRecords_UpdatesUserRevisionDates(
+    public async Task DeleteManyAsync_DeletesMultipleGranteeRecordsAsync(
        IUserRepository userRepository,
        IEmergencyAccessRepository emergencyAccessRepository)
    {
@@ -77,9 +77,6 @@ public class EmergencyAccessRepositoriesTests
            SecurityStamp = "stamp",
        });

-        // The inmemory datetime has a precision issue, so we need to refresh the user to get the stored AccountRevisionDate
-        invitedGranteeUser2 = await userRepository.GetByIdAsync(invitedGranteeUser2.Id);
-
        var granteeUser3 = await userRepository.CreateAsync(new User
        {
            Name = "Test Grantee User 3",
@@ -124,15 +121,329 @@ public class EmergencyAccessRepositoriesTests
            var granteeEmergencyAccess = await emergencyAccessRepository.GetManyDetailsByGranteeIdAsync(grantee.Id);
            Assert.Empty(granteeEmergencyAccess);
        }
+    }

-        // Only the Status.Confirmed grantee's AccountRevisionDate should be updated
-        var updatedConfirmedGrantee = await userRepository.GetByIdAsync(confirmedGranteeUser1.Id);
-        Assert.NotNull(updatedConfirmedGrantee);
-        Assert.NotEqual(updatedConfirmedGrantee.AccountRevisionDate, confirmedGranteeUser1.AccountRevisionDate);
+    /// <summary>
+    /// Verifies GetManyDetailsByUserIdsAsync returns all emergency access records
+    /// where the user IDs are either grantors or grantees.
+    /// </summary>
+    [DatabaseTheory, DatabaseData]
+    public async Task GetManyDetailsByUserIdsAsync_ReturnsAllMatchingRecords(
+        IUserRepository userRepository,
+        IEmergencyAccessRepository emergencyAccessRepository)
+    {
+        // Arrange - Create users
+        var grantorUser1 = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantor 1",
+            Email = $"test+grantor1{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });

-        // Invited user should not have an updated AccountRevisionDate
-        var updatedInvitedGrantee = await userRepository.GetByIdAsync(invitedGranteeUser2.Id);
-        Assert.NotNull(updatedInvitedGrantee);
-        Assert.Equal(updatedInvitedGrantee.AccountRevisionDate, invitedGranteeUser2.AccountRevisionDate);
+        var grantorUser2 = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantor 2",
+            Email = $"test+grantor2{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var granteeUser1 = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantee 1",
+            Email = $"test+grantee1{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var granteeUser2 = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantee 2",
+            Email = $"test+grantee2{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        // Create emergency access records
+        // Grantor1 -> Grantee1 (matches both queried IDs)
+        var ea1 = await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser1.Id,
+            GranteeId = granteeUser1.Id,
+            Status = EmergencyAccessStatusType.Confirmed,
+        });
+
+        // Grantor2 -> Grantee1 (matches via grantee)
+        var ea2 = await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser2.Id,
+            GranteeId = granteeUser1.Id,
+            Status = EmergencyAccessStatusType.Confirmed,
+        });
+
+        // Grantor1 -> Grantee2 (matches via grantor)
+        var ea3 = await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser1.Id,
+            GranteeId = granteeUser2.Id,
+            Status = EmergencyAccessStatusType.Accepted,
+        });
+
+        // Grantor2 -> Grantee2 (should NOT be returned - neither user is in the query)
+        await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser2.Id,
+            GranteeId = granteeUser2.Id,
+            Status = EmergencyAccessStatusType.Confirmed,
+        });
+
+        // Act - Query with Grantor1 and Grantee1 user IDs
+        var userIds = new List<Guid> { grantorUser1.Id, granteeUser1.Id };
+        var results = await emergencyAccessRepository.GetManyDetailsByUserIdsAsync(userIds);
+
+        // Assert - Should return exactly the 3 records involving Grantor1 or Grantee1:
+        // - Grantor1 -> Grantee1 (matches both, returned once)
+        // - Grantor2 -> Grantee1 (matches via grantee)
+        // - Grantor1 -> Grantee2 (matches via grantor)
+        Assert.NotNull(results);
+        Assert.Equal(3, results.Count);
+
+        var resultIds = results.Select(r => r.Id).ToHashSet();
+        Assert.Contains(ea1.Id, resultIds);
+        Assert.Contains(ea2.Id, resultIds);
+        Assert.Contains(ea3.Id, resultIds);
+    }
+
+    /// <summary>
+    /// Verifies GetManyDetailsByUserIdsAsync handles an empty list gracefully
+    /// and returns an empty collection.
+    /// </summary>
+    [DatabaseTheory, DatabaseData]
+    public async Task GetManyDetailsByUserIdsAsync_HandlesEmptyList(
+        IEmergencyAccessRepository emergencyAccessRepository)
+    {
+        // Act
+        var results = await emergencyAccessRepository.GetManyDetailsByUserIdsAsync([]);
+
+        // Assert
+        Assert.NotNull(results);
+        Assert.Empty(results);
+    }
+
+    /// <summary>
+    /// Verifies GetManyDetailsByUserIdsAsync includes full details from both
+    /// grantor and grantee users (emails, names populated via JOIN).
+    /// </summary>
+    [DatabaseTheory, DatabaseData]
+    public async Task GetManyDetailsByUserIdsAsync_IncludesDetailsFromBothUsers(
+        IUserRepository userRepository,
+        IEmergencyAccessRepository emergencyAccessRepository)
+    {
+        // Arrange
+        var grantorEmail = $"test+grantor{Guid.NewGuid()}@email.com";
+        var granteeEmail = $"test+grantee{Guid.NewGuid()}@email.com";
+
+        var grantorUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantor Name",
+            Email = grantorEmail,
+            AvatarColor = "#ff0000",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var granteeUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantee Name",
+            Email = granteeEmail,
+            AvatarColor = "#0000ff",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser.Id,
+            GranteeId = granteeUser.Id,
+            Status = EmergencyAccessStatusType.Confirmed,
+        });
+
+        // Act
+        var results = await emergencyAccessRepository.GetManyDetailsByUserIdsAsync([grantorUser.Id]);
+
+        // Assert
+        Assert.NotNull(results);
+        Assert.Single(results);
+
+        var record = results.First();
+        Assert.Equal(grantorEmail, record.GrantorEmail);
+        Assert.Equal(granteeEmail, record.GranteeEmail);
+        Assert.Equal("Grantor Name", record.GrantorName);
+        Assert.Equal("Grantee Name", record.GranteeName);
+        Assert.Equal("#ff0000", record.GrantorAvatarColor);
+        Assert.Equal("#0000ff", record.GranteeAvatarColor);
+    }
+
+    /// <summary>
+    /// Verifies GetManyDetailsByUserIdsAsync returns records when the queried user ID
+    /// appears only as a grantee (not as a grantor in any record).
+    /// </summary>
+    [DatabaseTheory, DatabaseData]
+    public async Task GetManyDetailsByUserIdsAsync_GranteeOnlyQuery_ReturnsMatchingRecordsAsync(
+        IUserRepository userRepository,
+        IEmergencyAccessRepository emergencyAccessRepository)
+    {
+        // Arrange
+        var grantorUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantor",
+            Email = $"test+grantor{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var granteeUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantee",
+            Email = $"test+grantee{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var unrelatedUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Unrelated",
+            Email = $"test+unrelated{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var expectedRecord = await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser.Id,
+            GranteeId = granteeUser.Id,
+            Status = EmergencyAccessStatusType.Confirmed,
+        });
+
+        // Record that should NOT be returned - granteeUser is not involved
+        await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser.Id,
+            GranteeId = unrelatedUser.Id,
+            Status = EmergencyAccessStatusType.Confirmed,
+        });
+
+        // Act - query using only the grantee's ID; granteeUser has no grantor records
+        var results = await emergencyAccessRepository.GetManyDetailsByUserIdsAsync([granteeUser.Id]);
+
+        // Assert
+        Assert.NotNull(results);
+        Assert.Single(results);
+        Assert.Equal(expectedRecord.Id, results.First().Id);
+    }
+
+    /// <summary>
+    /// Verifies GetDetailsByIdAsync returns the correct EmergencyAccessDetails record,
+    /// including email and name fields populated via the view JOIN.
+    /// </summary>
+    [DatabaseTheory, DatabaseData]
+    public async Task GetDetailsByIdAsync_ReturnsDetails_WhenRecordExistsAsync(
+        IUserRepository userRepository,
+        IEmergencyAccessRepository emergencyAccessRepository)
+    {
+        // Arrange
+        var grantorEmail = $"test+grantor{Guid.NewGuid()}@email.com";
+        var granteeEmail = $"test+grantee{Guid.NewGuid()}@email.com";
+
+        var grantorUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantor Name",
+            Email = grantorEmail,
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var granteeUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantee Name",
+            Email = granteeEmail,
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var ea = await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser.Id,
+            GranteeId = granteeUser.Id,
+            Status = EmergencyAccessStatusType.Confirmed,
+        });
+
+        // Act
+        var result = await emergencyAccessRepository.GetDetailsByIdAsync(ea.Id);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(ea.Id, result.Id);
+        Assert.Equal(grantorEmail, result.GrantorEmail);
+        Assert.Equal(granteeEmail, result.GranteeEmail);
+    }
+
+    /// <summary>
+    /// Verifies GetDetailsByIdAsync returns null when no record matches the given ID.
+    /// </summary>
+    [DatabaseTheory, DatabaseData]
+    public async Task GetDetailsByIdAsync_ReturnsNull_WhenRecordDoesNotExistAsync(
+        IEmergencyAccessRepository emergencyAccessRepository)
+    {
+        // Act
+        var result = await emergencyAccessRepository.GetDetailsByIdAsync(Guid.NewGuid());
+
+        // Assert
+        Assert.Null(result);
+    }
+
+    /// <summary>
+    /// Verifies GetManyDetailsByUserIdsAsync returns invited emergency access records
+    /// (where GranteeId is null and only Email is set) when querying by grantor ID,
+    /// and that GranteeEmail falls back to the invite email address.
+    /// </summary>
+    [DatabaseTheory, DatabaseData]
+    public async Task GetManyDetailsByUserIdsAsync_InvitedRecord_ReturnedByGrantorIdAsync(
+        IUserRepository userRepository,
+        IEmergencyAccessRepository emergencyAccessRepository)
+    {
+        // Arrange
+        var grantorUser = await userRepository.CreateAsync(new User
+        {
+            Name = "Grantor",
+            Email = $"test+grantor{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        var inviteEmail = $"test+invited{Guid.NewGuid()}@email.com";
+
+        var invitedRecord = await emergencyAccessRepository.CreateAsync(new EmergencyAccess
+        {
+            GrantorId = grantorUser.Id,
+            GranteeId = null,
+            Email = inviteEmail,
+            Status = EmergencyAccessStatusType.Invited,
+        });
+
+        // Act
+        var results = await emergencyAccessRepository.GetManyDetailsByUserIdsAsync([grantorUser.Id]);
+
+        // Assert
+        Assert.NotNull(results);
+        Assert.Single(results);
+
+        var record = results.First();
+        Assert.Equal(invitedRecord.Id, record.Id);
+        Assert.Null(record.GranteeId);
+        Assert.Equal(inviteEmail, record.GranteeEmail); // falls back to EA.Email when no registered grantee
+        Assert.Null(record.GranteeName);
+        Assert.Null(record.GranteeAvatarColor);
    }
 }