[PM-20041] Deleting Notifications when Task is completed

[nick-livefront]

🎟️ Tracking

PM-20041
Client PR: bitwarden/clients#14980

📔 Objective

When a security task is marked as complete, all notifications associated with that task should be marked as deleted.

• Add GetActiveByTaskIdAsync query to find all non-deleted notifications associated with a task id.
• Add MarkNotificationsForTaskAsDeletedCommand to mark all notifications as deleted for that task.
  • This largely follows the patterns in MarkNotificationDeletedCommand. Because a single user can complete a task and then delete notifications for any user, this omits the authorization checks that are in MarkNotificationDeletedCommand.
    ❓ If there should be some authorization checks outside of the SecurityTasks checks, let me know.

📸 Screenshots

mark-notification-as-deleted.mov

[codecov]

Codecov Report

Attention: Patch coverage is 7.14286% with 65 lines in your changes missing coverage. Please review.

Project coverage is 51.01%. Comparing base (812fe94) to head (bde0aa3).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...ationCenter/Repositories/NotificationRepository.cs	0.00%	38 Missing ⚠️
...mmands/MarkNotificationsForTaskAsDeletedCommand.cs	0.00%	15 Missing ⚠️
...ationCenter/Repositories/NotificationRepository.cs	0.00%	12 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5896      +/-   ##
==========================================
+ Coverage   47.73%   51.01%   +3.28%     
==========================================
  Files        1665     1666       +1     
  Lines       75014    75084      +70     
  Branches     6755     6761       +6     
==========================================
+ Hits        35806    38304    +2498     
+ Misses      37743    35260    -2483     
- Partials     1465     1520      +55     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 92f7a257-59fc-4ab5-831e-0edd23105b8e

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/Controllers/CollectionsController.cs: 143	details Method Post at line 143 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from orgId. This parameter value fl... ID: W5s%2FSNe54CPP1CxzYuVqrn9v0%2Fk%3D Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 135	details Method Post at line 135 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgId. This parameter ... ID: Qs417oLwYMuJ1g8cUCMHpbUJ9d0%3D Attack Vector
	Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/Layouts/Full.html.hbs: 164	details A Content Security Policy is not explicitly defined within the web-application. ID: iDkz8rv3w1QoR%2BKANf%2FBdTS52Xc%3D Attack Vector

Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Billing/Controllers/PayPalController.cs: 52
	CSRF	/src/Api/SecretsManager/Controllers/SecretsController.cs: 201

[withinfocus]

I am confused about the notification spread related to the task.

[withinfocus]

Makes sense to me now. Thanks for working through this with me.

Testing will still be important to see the performance and effect across several users' "inboxes" so let's be sure to include that in testing notes.

[shane-melton]

Really great work on this! 🚀 I only noticed a comment in the sprocs that is now out of date after some back and forth in the other discussions on the PR.

[shane-melton]

⛏️ Tiny nit, but we're collecting UserIds here

[nick-livefront]

9850fdc

[shane-melton]

⛏️ Tiny nit, but we're collecting UserIds here

[nick-livefront]

9850fdc

[withinfocus]

If we are ⛏️ing, the different forms of "ID" triggered my OCD but I chose not to mention it 😜 so fix those if you'd like.

[nick-livefront]

I'm all for it 963c7e9

[withinfocus]

Deferring to your team for final approval.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
33.7% Duplication on New Code

See analysis details on SonarQube Cloud