fix: resolve SonarQube issues - workflow permissions and method parameter count Move write permissions from workflow-level to job-level in check-pull-request.yml (S6890). Extract CleanseIssueFilterValues record to reduce CleanseIssueQueryDto.From parameters from 18 to 5 (S107). Add unit tests for From method.

Author: kristan66

.github/workflows/check-pull-request.yml

@@ -12,15 +12,15 @@ on:
       - synchronize
       - ready_for_review
 
-permissions:
-  id-token: write
-  pull-requests: write
-  contents: read
+permissions: {}
 
 jobs:
   pr-validator:
     name: Run Pull Request Checks
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - uses: actions/setup-dotnet@v3
         with:
@@ -66,6 +66,8 @@ jobs:
   integration-tests:
     name: Run Integration Tests
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     needs: pr-validator
     steps:
       - uses: actions/setup-dotnet@v3
@@ -95,6 +97,10 @@ jobs:
 
   sonarcloud-scan:
     name: CDP SonarCloud Scan
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
     uses: ./.github/workflows/sonarcloud.yml
     needs: pr-validator
     secrets:

src/KeeperData.Bridge/Controllers/CleanseController.cs

@@ -624,20 +624,23 @@ private static CleanseIssueQueryDto BuildIssueQuery(GetIssuesRequest request, Cl
     {
         return CleanseIssueQueryDto.From(
             sortField, request.SortDescending, request.Skip, request.Top,
-            isActive: request.IsActive,
-            ctsLidFullIdentifier: request.CtsLidFullIdentifier,
-            cph: request.Cph,
-            issueCode: request.IssueCode,
-            ruleCode: request.RuleCode,
-            errorCode: request.ErrorCode,
-            isIgnored: request.IsIgnored,
-            resolutionStatus: request.ResolutionStatus,
-            assignedTo: request.AssignedTo,
-            isUnassigned: request.IsUnassigned,
-            createdAfterUtc: request.CreatedAfterUtc,
-            createdBeforeUtc: request.CreatedBeforeUtc,
-            updatedAfterUtc: request.UpdatedAfterUtc,
-            updatedBeforeUtc: request.UpdatedBeforeUtc);
+            new CleanseIssueFilterValues
+            {
+                IsActive = request.IsActive,
+                CtsLidFullIdentifier = request.CtsLidFullIdentifier,
+                Cph = request.Cph,
+                IssueCode = request.IssueCode,
+                RuleCode = request.RuleCode,
+                ErrorCode = request.ErrorCode,
+                IsIgnored = request.IsIgnored,
+                ResolutionStatus = request.ResolutionStatus,
+                AssignedTo = request.AssignedTo,
+                IsUnassigned = request.IsUnassigned,
+                CreatedAfterUtc = request.CreatedAfterUtc,
+                CreatedBeforeUtc = request.CreatedBeforeUtc,
+                UpdatedAfterUtc = request.UpdatedAfterUtc,
+                UpdatedBeforeUtc = request.UpdatedBeforeUtc
+            });
     }
 }
 

src/KeeperData.Core.Reports/Issues/Query/Dtos/CleanseIssueFilterValues.cs

@@ -0,0 +1,53 @@
+using System.Diagnostics.CodeAnalysis;
+
+namespace KeeperData.Core.Reports.Issues.Query.Dtos;
+
+/// <summary>
+/// Groups filter values for building a <see cref="CleanseIssueQueryDto"/>.
+/// Null/empty values are ignored by the query builder.
+/// </summary>
+[ExcludeFromCodeCoverage(Justification = "DTO record - no logic to test.")]
+public sealed record CleanseIssueFilterValues
+{
+    /// <summary>Filter by active status (null = all).</summary>
+    public bool? IsActive { get; init; }
+
+    /// <summary>Filter by CTS LID full identifier (contains).</summary>
+    public string? CtsLidFullIdentifier { get; init; }
+
+    /// <summary>Filter by CPH (contains).</summary>
+    public string? Cph { get; init; }
+
+    /// <summary>Filter by exact issue code.</summary>
+    public string? IssueCode { get; init; }
+
+    /// <summary>Filter by exact rule code.</summary>
+    public string? RuleCode { get; init; }
+
+    /// <summary>Filter by exact error code.</summary>
+    public string? ErrorCode { get; init; }
+
+    /// <summary>Filter by ignored status (null = all).</summary>
+    public bool? IsIgnored { get; init; }
+
+    /// <summary>Filter by resolution status (null = all).</summary>
+    public string? ResolutionStatus { get; init; }
+
+    /// <summary>Filter by assigned user (null = all).</summary>
+    public string? AssignedTo { get; init; }
+
+    /// <summary>Filter to unassigned issues only when true.</summary>
+    public bool? IsUnassigned { get; init; }
+
+    /// <summary>Filter issues created after this time.</summary>
+    public DateTime? CreatedAfterUtc { get; init; }
+
+    /// <summary>Filter issues created before this time.</summary>
+    public DateTime? CreatedBeforeUtc { get; init; }
+
+    /// <summary>Filter issues updated after this time.</summary>
+    public DateTime? UpdatedAfterUtc { get; init; }
+
+    /// <summary>Filter issues updated before this time.</summary>
+    public DateTime? UpdatedBeforeUtc { get; init; }
+}

src/KeeperData.Core.Reports/Issues/Query/Dtos/CleanseIssueQueryDto.cs

@@ -203,34 +203,33 @@ public CleanseIssueQueryDto Page(int skip, int top)
     }
 
     /// <summary>
-    /// Creates a query from explicit filter values. Null/empty values are ignored by the query builder.
+    /// Creates a query from sort/pagination parameters and optional filter values.
     /// </summary>
     public static CleanseIssueQueryDto From(
         CleanseIssueSortField sortField, bool sortDescending, int skip, int top,
-        bool? isActive = null, string? ctsLidFullIdentifier = null, string? cph = null,
-        string? issueCode = null, string? ruleCode = null, string? errorCode = null,
-        bool? isIgnored = null, string? resolutionStatus = null,
-        string? assignedTo = null, bool? isUnassigned = null,
-        DateTime? createdAfterUtc = null, DateTime? createdBeforeUtc = null,
-        DateTime? updatedAfterUtc = null, DateTime? updatedBeforeUtc = null) => new()
+        CleanseIssueFilterValues? filters = null)
+    {
+        var f = filters ?? new CleanseIssueFilterValues();
+        return new()
         {
             SortBy = sortField,
             SortDescending = sortDescending,
             Skip = skip,
             Top = top,
-            IsActive = isActive,
-            CtsLidFullIdentifierContains = ctsLidFullIdentifier,
-            CphContains = cph,
-            IssueCode = issueCode,
-            RuleCode = ruleCode,
-            ErrorCode = errorCode,
-            IsIgnored = isIgnored,
-            ResolutionStatus = resolutionStatus,
-            AssignedTo = assignedTo,
-            IsUnassigned = isUnassigned is true ? true : null,
-            CreatedAfterUtc = createdAfterUtc,
-            CreatedBeforeUtc = createdBeforeUtc,
-            UpdatedAfterUtc = updatedAfterUtc,
-            UpdatedBeforeUtc = updatedBeforeUtc
+            IsActive = f.IsActive,
+            CtsLidFullIdentifierContains = f.CtsLidFullIdentifier,
+            CphContains = f.Cph,
+            IssueCode = f.IssueCode,
+            RuleCode = f.RuleCode,
+            ErrorCode = f.ErrorCode,
+            IsIgnored = f.IsIgnored,
+            ResolutionStatus = f.ResolutionStatus,
+            AssignedTo = f.AssignedTo,
+            IsUnassigned = f.IsUnassigned is true ? true : null,
+            CreatedAfterUtc = f.CreatedAfterUtc,
+            CreatedBeforeUtc = f.CreatedBeforeUtc,
+            UpdatedAfterUtc = f.UpdatedAfterUtc,
+            UpdatedBeforeUtc = f.UpdatedBeforeUtc
         };
+    }
 }

tests/KeeperData.Core.Tests.Unit/CleanseReporting/Issues/Query/Dtos/CleanseIssueQueryDtoTests.cs

@@ -154,4 +154,65 @@ public void FluentChaining_ShouldApplyAllFilters()
         query.Skip.Should().Be(0);
         query.Top.Should().Be(25);
     }
+
+    [Fact]
+    public void From_WithFilters_ShouldMapAllProperties()
+    {
+        var created = new DateTime(2025, 1, 1, 0, 0, 0, DateTimeKind.Utc);
+        var updated = new DateTime(2025, 6, 1, 0, 0, 0, DateTimeKind.Utc);
+
+        var query = CleanseIssueQueryDto.From(
+            CleanseIssueSortField.Cph, sortDescending: true, skip: 5, top: 20,
+            new CleanseIssueFilterValues
+            {
+                IsActive = true,
+                CtsLidFullIdentifier = "UK-12/345/6789",
+                Cph = "12/345",
+                IssueCode = "RULE_1",
+                RuleCode = "2A",
+                ErrorCode = "02A",
+                IsIgnored = false,
+                ResolutionStatus = "InProgress",
+                AssignedTo = "user@test.com",
+                IsUnassigned = true,
+                CreatedAfterUtc = created,
+                CreatedBeforeUtc = updated,
+                UpdatedAfterUtc = created,
+                UpdatedBeforeUtc = updated
+            });
+
+        query.SortBy.Should().Be(CleanseIssueSortField.Cph);
+        query.SortDescending.Should().BeTrue();
+        query.Skip.Should().Be(5);
+        query.Top.Should().Be(20);
+        query.IsActive.Should().BeTrue();
+        query.CtsLidFullIdentifierContains.Should().Be("UK-12/345/6789");
+        query.CphContains.Should().Be("12/345");
+        query.IssueCode.Should().Be("RULE_1");
+        query.RuleCode.Should().Be("2A");
+        query.ErrorCode.Should().Be("02A");
+        query.IsIgnored.Should().BeFalse();
+        query.ResolutionStatus.Should().Be("InProgress");
+        query.AssignedTo.Should().Be("user@test.com");
+        query.IsUnassigned.Should().BeTrue();
+        query.CreatedAfterUtc.Should().Be(created);
+        query.CreatedBeforeUtc.Should().Be(updated);
+        query.UpdatedAfterUtc.Should().Be(created);
+        query.UpdatedBeforeUtc.Should().Be(updated);
+    }
+
+    [Fact]
+    public void From_WithoutFilters_ShouldUseDefaults()
+    {
+        var query = CleanseIssueQueryDto.From(
+            CleanseIssueSortField.LastUpdatedAtUtc, sortDescending: false, skip: 0, top: 50);
+
+        query.IsActive.Should().BeNull();
+        query.IssueCode.Should().BeNull();
+        query.CphContains.Should().BeNull();
+        query.IsIgnored.Should().BeNull();
+        query.IsUnassigned.Should().BeNull();
+        query.SortBy.Should().Be(CleanseIssueSortField.LastUpdatedAtUtc);
+        query.SortDescending.Should().BeFalse();
+    }
 }