Skip to content

Develop #259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ucswift merged 4 commits into from
Oct 23, 2025
Merged

Develop #259

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0c3b08d
CU-868fwmkkw Fixing issue with disabled/deletes user showing on map.
ucswift Oct 7, 2025
1aed9bf
CU-868g38fhz Adding in a changelog
ucswift Oct 23, 2025
8163810
Potential fix for code scanning alert no. 529: Workflow does not cont…
ucswift Oct 23, 2025
402f17b
Update .github/workflows/changerawr-sync.yml
ucswift Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions .github/workflows/changerawr-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
name: Sync PR to Changerawr
permissions:
contents: read
issues: write

on:
pull_request:
types:
- closed
branches:
- master

jobs:
post-to-changerawr:
# Only run if the PR was merged (not just closed)
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest

Comment on lines +13 to +18
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Add explicit permissions block for security.

The workflow should define explicit permissions for the GITHUB_TOKEN to follow the principle of least privilege. This prevents potential security issues if the workflow is modified in the future.

Apply this diff to add a minimal permissions block:

 jobs:
   post-to-changerawr:
     # Only run if the PR was merged (not just closed)
     if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: read
     
     steps:

Based on static analysis hints.

🤖 Prompt for AI Agents 
.github/workflows/changerawr-sync.yml lines 10-15: the workflow lacks an
explicit permissions block for GITHUB_TOKEN; add a top-level permissions section
(placed before jobs:) that explicitly grants only the minimal scopes this job
needs (e.g., contents: read and any specific scopes like pull-requests: write or
actions: read only if required by the post-to-changerawr job); ensure you scope
permissions to the least privilege necessary and do not rely on default
permissions.

steps:
- name: Post to Changerawr API
uses: actions/github-script@v7
env:
CHANGERAWR_API_KEY: ${{ secrets.CHANGERAWR_API_KEY }}
CHANGERAWR_PROJECT_ID: ${{ secrets.CHANGERAWR_PROJECT_ID }}
with:
script: |
const prBody = context.payload.pull_request.body || '';
const prNumber = context.payload.pull_request.number;
const prTitle = context.payload.pull_request.title;
const prUrl = context.payload.pull_request.html_url;

// Prepare the payload for Changerawr API
const payload = {
notes: prBody,
metadata: {
pr_number: prNumber,
pr_title: prTitle,
pr_url: prUrl,
merged_at: context.payload.pull_request.merged_at,
merged_by: context.payload.pull_request.merged_by?.login || 'unknown'
}
};

try {
const response = await fetch(
`https://clog.resgrid.com/api/projects/${process.env.CHANGERAWR_PROJECT_ID}/changelog`,
{
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${process.env.CHANGERAWR_API_KEY}`
},
body: JSON.stringify(payload)
}
);

if (!response.ok) {
const errorText = await response.text();
throw new Error(`Changerawr API request failed: ${response.status} - ${errorText}`);
}

const result = await response.json();
console.log('Successfully posted to Changerawr:', result);

// Optionally, comment on the PR with confirmation
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
body: '✅ Change notes have been posted to Changerawr.'
});

} catch (error) {
console.error('Error posting to Changerawr:', error);
core.setFailed(`Failed to post to Changerawr: ${error.message}`);
}
4 changes: 2 additions & 2 deletions Core/Resgrid.Services/SubscriptionsService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ public async Task<DepartmentPlanCount> GetPlanCountsForDepartmentAsync(int depar
var response = await client.ExecuteAsync<GetPlanCountsForDepartmentResult>(request);

if (response.StatusCode == HttpStatusCode.NotFound)
return null;
return new DepartmentPlanCount();

if (response.Data == null)
return null;
return new DepartmentPlanCount();

return response.Data.Data;
}
Expand Down
1 change: 0 additions & 1 deletion Repositories/Resgrid.Repositories.NoSqlRepository/MongoRepository.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
using System.Threading.Tasks;
using Resgrid.Model;
using Resgrid.Config;
using System.Runtime.CompilerServices;
using MongoDB.Driver.Linq;

namespace Resgrid.Repositories.NoSqlRepository
Expand Down
7 changes: 4 additions & 3 deletions Web/Resgrid.Web.Services/Controllers/v4/MappingController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,8 @@ public async Task<ActionResult<GetMapDataResult>> GetMapDataAndMarkers()
var callTypes = await _callsService.GetCallTypesForDepartmentAsync(DepartmentId);

var personnelStates = await _actionLogsService.GetLastActionLogsForDepartmentAsync(DepartmentId);
var personnelNames = await _departmentsService.GetAllPersonnelNamesForDepartmentAsync(DepartmentId);
//var personnelNames = await _departmentsService.GetAllPersonnelNamesForDepartmentAsync(DepartmentId);
var people = await _usersService.GetUserGroupAndRolesByDepartmentIdAsync(DepartmentId, false, false, false);
Comment on lines +105 to +106
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Remove commented-out code.

The commented-out line should be deleted rather than left in the codebase. Version control preserves the history if needed.

Apply this diff:

 
-			//var personnelNames = await _departmentsService.GetAllPersonnelNamesForDepartmentAsync(DepartmentId);
 			var people = await _usersService.GetUserGroupAndRolesByDepartmentIdAsync(DepartmentId, false, false, false);
 			var personnelLocations = await _usersService.GetLatestLocationsForDepartmentPersonnelAsync(DepartmentId);

As per coding guidelines (avoid commented-out code).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
//var personnelNames = await _departmentsService.GetAllPersonnelNamesForDepartmentAsync(DepartmentId);
var people = await _usersService.GetUserGroupAndRolesByDepartmentIdAsync(DepartmentId, false, false, false);
var people = await _usersService.GetUserGroupAndRolesByDepartmentIdAsync(DepartmentId, false, false, false);
🤖 Prompt for AI Agents 
In Web/Resgrid.Web.Services/Controllers/v4/MappingController.cs around lines 105
to 106, remove the commented-out line "//var personnelNames = await
_departmentsService.GetAllPersonnelNamesForDepartmentAsync(DepartmentId);" so
only the active call to _usersService remains; commit the deletion (no code
changes beyond removing the commented line) to keep the codebase clean and rely
on version control for history.

var personnelLocations = await _usersService.GetLatestLocationsForDepartmentPersonnelAsync(DepartmentId);

var personnelLocationTTL = await _departmentSettingsService.GetMappingPersonnelLocationTTLAsync(DepartmentId);
Expand Down Expand Up @@ -373,9 +374,9 @@ public async Task<ActionResult<GetMapDataResult>> GetMapDataAndMarkers()
}
}

if (personnelNames != null && personnelNames.Any())
if (people != null && people.Any())
{
foreach (var person in personnelNames)
foreach (var person in people)
{
if (!await _authorizationService.CanUserViewPersonLocationViaMatrixAsync(person.UserId, UserId, DepartmentId))
continue;
Expand Down
Loading