Enforce Strict Field Replacement in Review Object Approval

[david-rocca]

Ticket: Enforce Strict Field Replacement in Review Object Approval

Description

Current implementation of approveReviewOrgObject uses _.merge(org.toObject(), newReviewData). This is incorrect because _.merge performs a deep merge, retaining fields from the existing organization record that are not present in newReviewData.
The newReviewData provided by the Secretariat should be considered the definitive state for the organization, meaning any fields not present in newReviewData (except for specific internal fields) should be removed from the final object.

Acceptance Criteria / TODOs

Backend Changes (src/repositories/reviewObjectRepository.js)

• Refactor approveReviewOrgObject:
  • Remove usages of _.merge().
  • Implement a direct replacement strategy:
    • The base object should be newReviewData.
    • Filter out temporary/internal fields from newReviewData:
      • x_privateComment
      • x_requiredRequestUpdates
    • Retain essential system fields from the original org object that must persist (e.g., UUID, _id, time.created if applicable), but do not retain content fields that are missing from newReviewData.
  • Ensure the final object passed to updateOrgFull exactly matches the sanitized newReviewData plus required system identifiers.

Testing

• Unit Tests:
  • Create a test case where org has a field A and newReviewData does NOT have field A.
    • Verify: The resulting object saved to the database does not contain field A. (Current behavior likely retains it).
  • Verify that x_ fields are correctly stripped from the saved object.
  • Verify that critical system fields (UUID) remain intact.