fix: migration related issue for oid4vc schema

[pranalidhanavade]

What

• fix: migration related issue for oid4vc schema

Summary by CodeRabbit

• Chores
  • Enhanced system data handling to ensure better consistency when organizations are removed from the system.

[coderabbitai]

📝 Walkthrough

Walkthrough

Three models in the Prisma schema (oidc_issuer, oid4vc_credentials, issued_oid4vc_credentials) are updated to explicitly define onDelete: SetNull on their organisation relation, changing referential integrity behavior.

Changes

Organisation Relation Referential Integrity

Layer / File(s)	Summary
Schema Relations libs/prisma-service/prisma/schema.prisma	Three models (oidc_issuer, oid4vc_credentials, issued_oid4vc_credentials) now explicitly specify onDelete: SetNull for their organisation relations, nullifying the orgId field when a parent organisation is deleted.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• refactor: create oid4vc issuer and update oid4vc issuer API endpoints #1607 — Related modification to the same Prisma relations between organisation and OIDC/OID4VC models, adding nullable fields and updating foreign-key referential actions.

Suggested reviewers

• RinkalBhojani
• shitrerohit

Poem

🐰 When organisations fade away,
Relations need not cry or stay,
SetNull brings closure, clean and bright,
Nulling refs in Prisma's night.
Three models heal with grace so true,
Your schema's safe—hop along, you! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding onDelete: SetNull to organisation relations in oid4vc-related schema models to fix a migration issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/migration-failed-for-create-issuer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@libs/prisma-service/prisma/schema.prisma`:
- Line 603: The DB schema uses onDelete: SetNull for the organisation FK but
deleteOrganisation in apps/organization/repositories/organization.repository.ts
currently throws ConflictException when oidc_issuer, oid4vc_credentials, or
issued_oid4vc_credentials reference the org, creating a behavioral mismatch;
update deleteOrganisation to mirror how schema and credential_definition are
handled by calling updateMany on the three models (oidc_issuer,
oid4vc_credentials, issued_oid4vc_credentials) to set orgId: null for rows with
the target org id before invoking prisma.organisation.delete, so the
application-level logic aligns with the declared onDelete: SetNull behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cc21d6d2-9ae7-4d7d-9655-f0bcd8d2df37

📥 Commits

Reviewing files that changed from the base of the PR and between f95dcd3 and 722e857.

📒 Files selected for processing (1)

• libs/prisma-service/prisma/schema.prisma

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Application-level deletion guard is now inconsistent with the declared onDelete: SetNull behavior

Prisma's implicit default onDelete for optional relations is already SetNull, so making this explicit is the correct fix for the migration failure. However, a behavioral inconsistency has been introduced across the codebase.

deleteOrganisation in apps/organization/repositories/organization.repository.ts (lines 860–876):

• Pre-checks record counts in oidc_issuer, oid4vc_credentials, and issued_oid4vc_credentials
• Throws ConflictException if any rows reference the org — preventing deletion entirely for these three tables

Compare this with how schema and credential_definition are handled: both declare onDelete: SetNull and the same deleteOrganisation method explicitly calls updateMany({ data: { orgId: null } }) before the delete, keeping the DB-level action and application logic aligned.

For the three models in this PR, the contract is contradictory:

• DB level: deletion of organisation rows sets orgId to null via the FK cascade
• App level: deletion is blocked with a 409 Conflict if any such rows exist

In practice this means onDelete: SetNull never fires for app-initiated deletes (the guard prevents reaching prisma.organisation.delete), but will fire for any direct DB-level deletion (migrations with cascades, admin tooling, raw SQL). If that happens, getCredentialAllocations in apps/oid4vc-issuance/src/status-list-allocator.service.ts queries { where: { orgId, issuanceSessionId } } and would silently return no results for any credential whose orgId was nulled out.

The fix should align the two layers — either:

1. Preferred (consistent with schema/credential_definition): Update deleteOrganisation to null out orgId in these three tables instead of throwing, relying on the DB-level SetNull cascade.
2. Alternative: Keep the ConflictException and change the referential action to onDelete: Restrict (verify that this doesn't re-introduce the migration failure).

Also applies to: 623-623, 670-670

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@libs/prisma-service/prisma/schema.prisma` at line 603, The DB schema uses
onDelete: SetNull for the organisation FK but deleteOrganisation in
apps/organization/repositories/organization.repository.ts currently throws
ConflictException when oidc_issuer, oid4vc_credentials, or
issued_oid4vc_credentials reference the org, creating a behavioral mismatch;
update deleteOrganisation to mirror how schema and credential_definition are
handled by calling updateMany on the three models (oidc_issuer,
oid4vc_credentials, issued_oid4vc_credentials) to set orgId: null for rows with
the target org id before invoking prisma.organisation.delete, so the
application-level logic aligns with the declared onDelete: SetNull behavior.