[PM-28531] Remove old proc and use new one

[voommen-livefront]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-28531

📔 Objective

1. Removed procedure OrganizationReport_GetSummariesByDateRange as it didn't confirm to naming convention
2. Created new proc OrganizationReport_ReadByOrganizationIdAndRevisionDate
3. Update repo to use this new proc
4. Updated model to include encrpytion key, org id and date.

📸 Screenshots

[github-actions]

Checkmarx One – Scan Summary & Details – 90c75654-1908-4a9d-bac1-07bde741af05

---

New Issues (2)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 306	details Method at line 306 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from organizationUser... Attack Vector
2		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 306	details Method at line 306 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector

---

Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 307
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 307

[codecov]

Codecov Report

❌ Patch coverage is 78.26087% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 60.74%. Comparing base (1e7f7ac) to head (0717496).
⚠️ Report is 28 commits behind head on main.

Files with missing lines	Patch %	Lines
.../Dirt/Repositories/OrganizationReportRepository.cs	0.00%	9 Missing ⚠️
...ucture.Dapper/Dirt/OrganizationReportRepository.cs	0.00%	3 Missing ⚠️
...etOrganizationReportSummaryDataByDateRangeQuery.cs	94.28%	1 Missing and 1 partial ⚠️
.../Dirt/Controllers/OrganizationReportsController.cs	0.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7110      +/-   ##
==========================================
+ Coverage   56.70%   60.74%   +4.04%     
==========================================
  Files        2013     2026      +13     
  Lines       88191    88684     +493     
  Branches     7861     7906      +45     
==========================================
+ Hits        50009    53874    +3865     
+ Misses      36362    32901    -3461     
- Partials     1820     1909      +89     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mkincaid-bw]

The entire SELECT statement should be indented 4 spaces, and SQL keywords should be on their own line
https://contributing.bitwarden.com/contributing/code-style/sql#select-statements

Suggested change

	SELECT
	[OrganizationId],
	[ContentEncryptionKey],
	[SummaryData],
	[RevisionDate]
	FROM [dbo].[OrganizationReportView]
	WHERE [OrganizationId] = @OrganizationId
	AND [RevisionDate] >= @StartDate
	AND [RevisionDate] <= @EndDate
	ORDER BY [RevisionDate] DESC
	SELECT
	[OrganizationId],
	[ContentEncryptionKey],
	[SummaryData],
	[RevisionDate]
	FROM
	[dbo].[OrganizationReportView]
	WHERE
	[OrganizationId] = @OrganizationId
	AND [RevisionDate] >= @StartDate
	AND [RevisionDate] <= @EndDate
	ORDER BY
	[RevisionDate] DESC

[voommen-livefront]

I didn't commit this suggestion because I renamed the file, but I have updated the formatting in the new file,

[mkincaid-bw]

This does not follow our EDD pattern.
https://contributing.bitwarden.com/contributing/database-migrations/edd/

Database changes must be deployable independently of code changes, and must support both the current and next release. Dropping this proc should happen later in another PR once the server code has been deployed and hardened a bit.

[voommen-livefront]

@mkincaid-bw The procedure and the endpoint weren't used this far.
It is safe to drop the proc in this PR as it is being replaced by a new one.

[voommen-livefront]

Also, my apologies for this PR being so large - I should have made two PR's one with the DB changes and another with the code changes. I came in this morning thinking of what else I got to do next and didn't think about making another PR.

[mkincaid-bw]

Same comment as above re: formatting.

[mkincaid-bw]

The file name is OrganizationReport_ReadyByOrganizationIdAndRevisionDate.sql (_ReadyBy...) but should be OrganizationReport_ReadByOrganizationIdAndRevisionDate.sql (_ReadBy...) to match the stored proc name.

[voommen-livefront]

I am so sorry about this - I should have fixed this before this was made available to you.

[mkincaid-bw]

The SummaryData and RevisionDate (below) properties are required here, but both columns in the DB allow nulls. Not sure if it's an issue or not but I just wanted to point it out.

[voommen-livefront]

@mkincaid-bw you are right - the properties are required, otherwise I would get a whole host of null checking in areas of the project that I shouldn't touch - if there is no summary data, than this object is not relevant. And I tested it in the database

[prograhamming]

@mkincaid-bw SummaryData and RevisionDate were added later to this table and we used NULL as way to safely add them.

[mkincaid-bw]

Couple minor formatting changes.

[sonarqubecloud]

Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud