RE1-T105 Added Languages to missing pages, gdpr support for export, e… by ucswift · Pull Request #307 · Resgrid/Core

ucswift · 2026-03-26T19:11:41Z

…u logic

Summary by CodeRabbit

New Features
- Paddle payment provider for subscription billing and management
- GDPR data export: request, process, and download personal data
- Option to require plan selection during signup
- GDPR "export ready" email notifications
Documentation
- Updated development documentation (coding standards section removed)
Chores
- Added audit logging for account deletion
- Database migrations and backend services to support GDPR exports
- Extended payment methods and related system audit/events enums

…u logic

coderabbitai · 2026-03-26T19:12:01Z

📝 Walkthrough

Walkthrough

Adds Paddle payment integration and GDPR data export: new Paddle config, billing models, subscription APIs; GDPR export entity, repository, migrations, service that builds ZIP exports and emails users; small localization scaffolding; telemetry config removals; account deletion audit logging; local Claude settings file added.

Changes

Cohort / File(s)	Summary
Paddle payment config & enums `Core/Resgrid.Config/PaymentProviderConfig.cs`, `Core/Resgrid.Model/PaymentMethods.cs`, `Core/Resgrid.Model/CqrsEventTypes.cs`, `Core/Resgrid.Model/DepartmentSettingTypes.cs`	Add Paddle config fields and getters, add `Paddle` payment method, new Paddle CQRS events, and `PaddleCustomerId` department setting type.
Paddle billing API models `Core/Resgrid.Model/Billing/Api/CreatePaddleCheckoutResult.cs`, `Core/Resgrid.Model/Billing/Api/GetActivePaddleSubscriptionResult.cs`	Introduce response models and nested data DTOs for Paddle checkout and active subscription endpoints.
Subscription service interfaces & impl `Core/Resgrid.Model/Services/ISubscriptionsService.cs`, `Core/Resgrid.Services/SubscriptionsService.cs`	Expose Paddle checkout/update/get/change/cancel methods and add optional discountCode to Stripe session; implement REST calls to billing API with auth and error mapping.
Department settings & service changes `Core/Resgrid.Model/Services/IDepartmentSettingsService.cs`, `Core/Resgrid.Services/DepartmentSettingsService.cs`	Add methods to map Paddle customer IDs ↔ department IDs and implement cached lookup.
GDPR domain, enum, repo, migrations `Core/Resgrid.Model/GdprDataExportRequest.cs`, `Core/Resgrid.Model/GdprExportStatus.cs`, `Repositories/.../GdprDataExportRequestRepository.cs`, `Providers/.../M0055_AddGdprDataExportRequests*.cs`	Add GDPR export request entity and status enum, repository with async queries, and SQL/PG migrations to create table.
GDPR service interface & implementation `Core/Resgrid.Model/Services/IGdprDataExportService.cs`, `Core/Resgrid.Services/GdprDataExportService.cs`	New service to create/claim/process/expire/mark downloads, generate ZIP with serialized JSON datasets, persist export payload and token, and send export-ready email.
Email service additions `Core/Resgrid.Model/Services/IEmailService.cs`, `Core/Resgrid.Services/EmailService.cs`	Add and implement `SendGdprDataExportReadyAsync` to send plain-text export-ready emails.
Repository DI registration `Repositories/Resgrid.Repositories.DataRepository/Modules/DataModule.cs`, `Core/Resgrid.Services/ServicesModule.cs`	Register GDPR repository and GDPR service in Autofac modules (InstancePerLifetimeScope).
Service surface extensions (shifts/training) `Core/Resgrid.Model/Services/IShiftsService.cs`, `Core/Resgrid.Services/ShiftsService.cs`, `Core/Resgrid.Model/Services/ITrainingService.cs`, `Core/Resgrid.Services/TrainingService.cs`	Add methods to fetch shift persons and training users by userId and implement simple wrappers returning lists.
Repository interfaces `Core/Resgrid.Model/Repositories/IGdprDataExportRequestRepository.cs`	Add repository interface declaring pending/token/user/expired query methods and claim method.
Account controller audit logging `Web/Resgrid.Web/Areas/User/Controllers/AccountController.cs`	Inject `ISystemAuditsService` and log `SystemAudit` for account deletion requests before deletion.
System behavior & telemetry changes `Core/Resgrid.Config/SystemBehaviorConfig.cs`, `Core/Resgrid.Config/TelemetryConfig.cs`	Add `RequirePlanSelectionDuringSignup` flag; remove TelemetryExporters enum and several PostHog/Aptabase-related telemetry fields and GetAnalyticsKey method.
Localization scaffolding `Core/Resgrid.Localization/Areas/User/...`	Add seven empty localization classes (Forms, Groups, Links, Notifications, Orders, Protocols, Reports).
Localization / misc models `Core/Resgrid.Model/Billing/Api/*`, other model files	Add small DTOs and enums referenced above.
Docs & local settings `CLAUDE.md`, `.claude/settings.local.json`, `.gitignore`	Removed C# coding standards section from CLAUDE.md; add `.claude/settings.local.json` (ignored via .gitignore) with allowed Bash/PowerShell commands and session hooks.
Large/complex files to review `Core/Resgrid.Services/GdprDataExportService.cs`, `Repositories/.../GdprDataExportRequestRepository.cs`, `Core/Resgrid.Services/SubscriptionsService.cs`	Contains bulk logic: ZIP creation, serialization, DB publish flow, REST billing integrations — review for correctness, error handling, and resource disposal.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Scheduler as ExportProcessor
participant Repo as GdprRepo
participant Domain as DomainServices
participant Zip as ZipBuilder
participant DB as Database
participant Email as EmailService
participant User as User (download)

ExportProcessor->>Repo: GetPendingRequestsAsync()
loop per-request
ExportProcessor->>Repo: TryClaimForProcessingAsync(requestId)
Repo-->>ExportProcessor: claimed
ExportProcessor->>Domain: Fetch profile/memberships/logs/messages/certs/trainings/shifts
Domain-->>ExportProcessor: datasets
ExportProcessor->>Zip: Build zip from datasets
Zip-->>ExportProcessor: zipBytes, size
ExportProcessor->>DB: Update request (ExportData, Token, CompletedOn, Status)
ExportProcessor->>Email: SendGdprDataExportReadyAsync(email, token URL, expiresAt)
end
User->>DB: Download using token
DB-->>User: ExportData stream

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

Develop #234 — touches TelemetryConfig and TelemetryExporters enum; directly related to telemetry removals in this PR.
CU-868f7n1u3 Adding in Countly for analytics. PW validation fix. #244 — also modifies TelemetryConfig (Countly/telemetry changes); relevant to recent telemetry config edits.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title refers to GDPR export support and language additions, but the actual changes include comprehensive Paddle payment integration, analytics removal, and extensive GDPR infrastructure—not just localization.	Revise the title to accurately reflect the primary scope: something like 'RE1-T105: Add Paddle payment integration, GDPR data export, and localization support' would better capture the main changes.
Docstring Coverage	⚠️ Warning	Docstring coverage is 3.66% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch develop

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 5

🧹 Nitpick comments (9)

Core/Resgrid.Services/SubscriptionsService.cs (1)

1212-1243: Consider adding timeout configuration for reliability.

The new Paddle methods create RestClient without specifying MaxTimeout, while several existing methods in this file (e.g., GetCurrentPlanForDepartmentAsync at lines 59-64) use RestClientOptions with MaxTimeout = 200000. Without a timeout, these HTTP calls to the billing API could hang indefinitely.

♻️ Proposed refactor to add timeout

 public async Task<CreatePaddleCheckoutData> CreatePaddleCheckoutForSub(int departmentId, string paddleCustomerId, string paddlePriceId, int planId, string email, string departmentName, int count)
 {
     if (!String.IsNullOrWhiteSpace(Config.SystemBehaviorConfig.BillingApiBaseUrl) && !String.IsNullOrWhiteSpace(Config.ApiConfig.BackendInternalApikey))
     {
         if (string.IsNullOrWhiteSpace(paddleCustomerId))
             paddleCustomerId = " ";

-        var client = new RestClient(Config.SystemBehaviorConfig.BillingApiBaseUrl, configureSerialization: s => s.UseNewtonsoftJson());
+        var options = new RestClientOptions(Config.SystemBehaviorConfig.BillingApiBaseUrl)
+        {
+            MaxTimeout = 200000 // ms
+        };
+        var client = new RestClient(options, configureSerialization: s => s.UseNewtonsoftJson());
         var request = new RestRequest($"/api/Billing/CreatePaddleCheckoutForSubscription", Method.Get);

Apply the same pattern to all new Paddle methods.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Services/SubscriptionsService.cs` around lines 1212 - 1243, The
CreatePaddleCheckoutForSub method creates a RestClient without a timeout which
can cause hanging requests; replace the current RestClient construction with the
same pattern used elsewhere (use RestClientOptions with MaxTimeout = 200000 and
the BaseUrl set to Config.SystemBehaviorConfig.BillingApiBaseUrl) and keep the
Newtonsoft JSON configuration so the request serialization stays the same;
update the RestClient creation in CreatePaddleCheckoutForSub to use new
RestClient(new RestClientOptions { BaseUrl = ..., MaxTimeout = 200000 },
configureSerialization: s => s.UseNewtonsoftJson()) and leave the rest of the
request logic unchanged.

Web/Resgrid.Web/Areas/User/Controllers/AccountController.cs (1)

32-43: Consider reducing controller dependency breadth.
Adding another injected service here increases an already large constructor surface; consider extracting account-deletion/auditing orchestration into a dedicated service/facade to keep controller coupling lower.

As per coding guidelines, "Minimise constructor injection in C# classes; if a class requires many constructor dependencies, it signals a design problem that should be refactored".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@Web/Resgrid.Web/Areas/User/Controllers/AccountController.cs` around lines 32
- 43, AccountController's constructor has grown too many injected services
(_deleteService, _systemAuditsService, etc.); extract the account-deletion and
auditing orchestration into a dedicated service (e.g., IAccountDeletionService
or IAccountFacade) and move the deletion/audit logic out of the controller into
that service; then replace the two specific injections (_deleteService,
_systemAuditsService) in the AccountController constructor with a single
IAccountDeletionService injection and update the controller actions to call that
service (keep other dependencies unchanged).

Providers/Resgrid.Providers.Migrations/Migrations/M0055_AddGdprDataExportRequests.cs (1)

10-22: Consider adding an index on DownloadToken for lookup performance.

The repository's GetByTokenAsync method queries by DownloadToken. Without an index, this lookup will require a full table scan. Similarly, queries for pending/expired requests filter by Status.

💡 Suggested index additions

 Create.Table("GdprDataExportRequests")
     .WithColumn("GdprDataExportRequestId").AsString(128).NotNullable().PrimaryKey()
     .WithColumn("UserId").AsString(128).Nullable()
     .WithColumn("DepartmentId").AsInt32().NotNullable()
     .WithColumn("Status").AsInt32().NotNullable().WithDefaultValue(0)
     .WithColumn("RequestedOn").AsDateTime().NotNullable()
     .WithColumn("ProcessingStartedOn").AsDateTime().Nullable()
     .WithColumn("CompletedOn").AsDateTime().Nullable()
     .WithColumn("DownloadToken").AsString(100).Nullable()
     .WithColumn("TokenExpiresAt").AsDateTime().Nullable()
     .WithColumn("ExportData").AsBinary(int.MaxValue).Nullable()
     .WithColumn("FileSizeBytes").AsInt64().Nullable()
     .WithColumn("ErrorMessage").AsString(2000).Nullable();
+
+Create.Index("IX_GdprDataExportRequests_DownloadToken")
+    .OnTable("GdprDataExportRequests")
+    .OnColumn("DownloadToken").Ascending();
+
+Create.Index("IX_GdprDataExportRequests_Status")
+    .OnTable("GdprDataExportRequests")
+    .OnColumn("Status").Ascending();

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@Providers/Resgrid.Providers.Migrations/Migrations/M0055_AddGdprDataExportRequests.cs`
around lines 10 - 22, Add non-unique indexes to the new table to speed queries:
create an index on the DownloadToken column (used by GetByTokenAsync) and an
index on Status (used for pending/expired filters); update the migration
M0055_AddGdprDataExportRequests to include
Create.Index().OnTable("GdprDataExportRequests").OnColumn("DownloadToken") and
Create.Index().OnTable("GdprDataExportRequests").OnColumn("Status") (consider
also indexing TokenExpiresAt if expiry scans are common) so lookups by
DownloadToken and Status are covered.

Providers/Resgrid.Providers.MigrationsPg/Migrations/M0055_AddGdprDataExportRequestsPg.cs (1)

10-22: Consider adding indexes on downloadtoken and status for query performance.

Same as the SQL Server migration, the GetByTokenAsync and pending/expired request queries would benefit from indexes.

💡 Suggested index additions

 Create.Table("gdprdataexportrequests")
     .WithColumn("gdprdataexportrequestid").AsCustom("citext").NotNullable().PrimaryKey()
     .WithColumn("userid").AsCustom("citext").Nullable()
     .WithColumn("departmentid").AsInt32().NotNullable()
     .WithColumn("status").AsInt32().NotNullable().WithDefaultValue(0)
     .WithColumn("requestedon").AsDateTime().NotNullable()
     .WithColumn("processingstartedon").AsDateTime().Nullable()
     .WithColumn("completedon").AsDateTime().Nullable()
     .WithColumn("downloadtoken").AsCustom("citext").Nullable()
     .WithColumn("tokenexpiresat").AsDateTime().Nullable()
     .WithColumn("exportdata").AsBinary(int.MaxValue).Nullable()
     .WithColumn("filesizebytes").AsInt64().Nullable()
     .WithColumn("errormessage").AsCustom("text").Nullable();
+
+Create.Index("ix_gdprdataexportrequests_downloadtoken")
+    .OnTable("gdprdataexportrequests")
+    .OnColumn("downloadtoken").Ascending();
+
+Create.Index("ix_gdprdataexportrequests_status")
+    .OnTable("gdprdataexportrequests")
+    .OnColumn("status").Ascending();

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@Providers/Resgrid.Providers.MigrationsPg/Migrations/M0055_AddGdprDataExportRequestsPg.cs`
around lines 10 - 22, The migration creates the gdprdataexportrequests table but
doesn't add indexes for query-heavy columns; update
M0055_AddGdprDataExportRequestsPg.cs to add indexes after
Create.Table("gdprdataexportrequests") — create an index on the downloadtoken
column (match the SQL Server migration choice: unique if tokens are unique for
GetByTokenAsync) and an index on the status column to speed pending/expired
request queries; add the Create.Index(...) calls referencing
"gdprdataexportrequests", "downloadtoken" and "status" (and mark uniqueness for
downloadtoken only if the application expects a unique token).

Repositories/Resgrid.Repositories.DataRepository/GdprDataExportRequestRepository.cs (1)

75-78: Use explicit column list instead of SELECT * for consistency.

Other methods in this repository explicitly list columns (Lines 39, 115, 153), but GetByTokenAsync uses SELECT *. This inconsistency can lead to maintenance issues and potential performance problems if the table schema changes.

♻️ Proposed fix

-					return await x.QueryFirstOrDefaultAsync<GdprDataExportRequest>(
-						sql: "SELECT * FROM GdprDataExportRequests WHERE DownloadToken = `@Token`",
+					return await x.QueryFirstOrDefaultAsync<GdprDataExportRequest>(
+						sql: "SELECT GdprDataExportRequestId, UserId, DepartmentId, Status, RequestedOn, ProcessingStartedOn, CompletedOn, DownloadToken, TokenExpiresAt, FileSizeBytes, ErrorMessage, ExportData FROM GdprDataExportRequests WHERE DownloadToken = `@Token`",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@Repositories/Resgrid.Repositories.DataRepository/GdprDataExportRequestRepository.cs`
around lines 75 - 78, Get rid of the "SELECT *" in the QueryFirstOrDefaultAsync
call inside GetByTokenAsync and replace it with an explicit column list matching
the other queries in this repository for GdprDataExportRequest; update the sql
param passed to QueryFirstOrDefaultAsync<GdprDataExportRequest> to use the same
explicit column names used in the other methods (copy the column list from the
queries at the other locations in this file) so the SELECT statement is
consistent and resilient to schema changes.

Core/Resgrid.Services/GdprDataExportService.cs (4)

157-173: Large exports may cause memory pressure.

The entire ZIP is built in memory before being stored. For users with extensive action logs or messages, this could create large memory allocations. Consider:

Adding a size limit check during data collection
Streaming directly to blob storage if available
Logging/monitoring export sizes to track potential issues

This is acceptable for an initial implementation but should be monitored in production.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Services/GdprDataExportService.cs` around lines 157 - 173,
BuildExportZipAsync currently constructs the entire ZIP in memory (MemoryStream
+ ZipArchive), which can cause high memory pressure for large exports; change
the implementation to enforce a max export size during data collection (e.g.,
when calling
BuildActionLogsDataAsync/BuildInboxMessagesDataAsync/BuildSentMessagesDataAsync)
and stream entries directly to a persistent store instead of holding the full
ZIP in MemoryStream — for example, replace the in-memory MemoryStream/ZipArchive
pattern in BuildExportZipAsync with a streaming approach that writes zip entries
using a seekable stream backed by blob storage or a temp file, and add size
checks around AddJsonEntry and the Build*DataAsync calls to abort and log if the
accumulated size exceeds the configured threshold; also add logging/metrics to
capture final export sizes for monitoring.

217-235: Minor: Consider consistent return patterns in Build*DataAsync methods.

BuildCertificationsDataAsync explicitly projects to an anonymous type and returns an empty list on null, while other methods (Lines 199-215, 237-247) return the raw result directly. Consider applying consistent null handling across all methods.

♻️ Example of consistent pattern

 private async Task<object> BuildActionLogsDataAsync(string userId)
 {
     var logs = await _actionLogsService.GetAllActionLogsForUser(userId);
-    return logs;
+    return logs ?? new List<object>();
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Services/GdprDataExportService.cs` around lines 217 - 235,
BuildCertificationsDataAsync projects certifications into an anonymous type and
returns an empty list on null, which is inconsistent with other Build*DataAsync
methods that return the raw service result; change BuildCertificationsDataAsync
to mirror the others by returning the raw certs result from
_certificationService.GetCertificationsByUserIdAsync(userId) (or, if projection
is required for privacy, apply the same projection pattern in the other Build*
methods) and use a consistent null coalescing approach (e.g., return certs ??
new List<...> matching the return type used elsewhere) so the null handling and
return shapes match across methods.

113-123: Verify email is sent only after successful persistence.

The email containing the download URL is sent after SaveOrUpdateAsync completes (Line 111), which is correct. However, if the email send fails, the user won't know their export is ready. Consider adding a fallback mechanism (e.g., users can check status via UI) or retry logic for failed emails.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Services/GdprDataExportService.cs` around lines 113 - 123,
Ensure the export record is persisted via SaveOrUpdateAsync before emailing
(already done) and add a retry and fallback when calling
_emailService.SendGdprDataExportReadyAsync: wrap the
SendGdprDataExportReadyAsync call (the one that uses downloadUrl, user.Email,
profile.FirstName, request.TokenExpiresAt.Value) in a bounded retry loop with
exponential backoff and logging on each failure, update the export entity with
an EmailSent/EmailFailed flag after attempts, persist that state (via the same
repository SaveOrUpdateAsync flow), and surface the failure status so the UI (or
a polling endpoint) can show the user the export is ready even if email delivery
failed.

34-60: Constructor has 12 dependencies — consider refactoring for better maintainability.

Per coding guidelines, a class requiring many constructor dependencies signals a design problem. Consider grouping related services (e.g., an IUserDataProvider that wraps profile, user, and membership services) or using a mediator/query pattern for data collection.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Services/GdprDataExportService.cs` around lines 34 - 60, The
GdprDataExportService constructor currently depends on 12 services which makes
it hard to maintain; refactor by introducing higher-level provider interfaces
that group related dependencies (for example create IUserDataProvider to wrap
IUserProfileService, IUsersService and IMessageService, and an IOrgDataProvider
to wrap IDepartmentsService, IDepartmentGroupsService, IPersonnelRolesService,
and IShiftsService, plus a IRecordsProvider for IActionLogsService,
ICertificationService, ITrainingService and IEmailService), update the
GdprDataExportService constructor to accept these new providers plus the
IGdprDataExportRequestRepository, replace the existing private fields
(_userProfileService, _usersService, _departmentsService,
_departmentGroupsService, _personnelRolesService, _actionLogs_service,
_messageService, _certificationService, _trainingService, _shiftsService,
_email_service) with the new provider fields, and move the grouped call logic
into the new providers (or adapters) so callers of methods like Export... in
GdprDataExportService use the provider methods instead of directly calling many
services.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/settings.local.json:
- Around line 6-12: The command entries are inconsistent and brittle (e.g., the
malformed path "G:ResgridResgridCoreResgrid.ModelBilling" and mixed slash styles
in lines like
"G:\\Resgrid\\Resgrid/Repositories/Resgrid.Repositories.DataRepository/"), so
normalize all command paths to a single, consistent style (choose either
Windows-style with escaped backslashes like "G:\\Resgrid\\..." or POSIX-style
with forward slashes like "G:/Resgrid/Resgrid/..."), consistently quote
arguments and globs (e.g., "*.cs" and the grep target directory), and ensure any
backslashes are properly escaped for JSON; update the Bash(...) entries (grep
-l, find, and xargs patterns) to use the chosen path style and consistent
quoting so they execute reliably across shells.
- Around line 17-49: The hooks call external scripts under ".dual-graph" (seen
in the SessionStart, Stop, and PreCompact hook command entries) but those files
are gitignored and may be missing; wrap each PowerShell invocation with a
pre-check using Test-Path for the target file and only execute the script when
it exists, otherwise silently no-op (or emit a clear info message) so fresh
environments don’t fail hook execution; update the "command" values for the
SessionStart, Stop, and PreCompact hook objects to perform this existence check
before calling prime.ps1 or stop_hook.ps1.
- Around line 3-13: The allowlist contains overly broad entries
(Bash(python3:*), Bash(xargs grep:*), Bash(dotnet build:*)) that permit
near-arbitrary command execution; tighten them by replacing wildcard patterns
with explicit, constrained command templates and safe path restrictions (e.g.
restrict python3 to a specific script path or approved flags, limit xargs/grep
invocations to fixed directories or file globs, and constrain dotnet build to
exact project/solution files), update the entries for Bash(python3:*),
Bash(xargs grep:*), and Bash(dotnet build:*) accordingly, and ensure any new
templates document allowed arguments and target paths to minimize blast radius.

In `@Core/Resgrid.Model/CqrsEventTypes.cs`:
- Around line 22-26: The new Paddle enum values (PaddleTransactionCompleted,
PaddleTransactionPaymentFailed, PaddleSubscriptionUpdated,
PaddleSubscriptionCanceled, PaddleSubscriptionCreated) are not handled in the
PaymentQueueLogic switch and will hit the default throw; update the switch in
Workers/Resgrid.Workers.Framework/Logic/PaymentQueueLogic.cs to add explicit
cases for each of these five CqrsEventTypes and route them to the appropriate
Paddle handling logic (mirror the structure used for the Stripe cases—call or
delegate to the same worker/service methods responsible for Paddle
transaction/subscription processing), ensuring the default no-longer receives
these events.

In `@Core/Resgrid.Services/GdprDataExportService.cs`:
- Around line 85-133: ProcessPendingRequestsAsync currently fetches all pending
requests via GetPendingRequestsAsync and sets Status=Processing in-memory, which
allows race conditions when multiple workers run; add a repository method
TryClaimForProcessingAsync(requestId, cancellationToken) that performs an atomic
conditional update (SET Status=Processing, ProcessingStartedOn=@Now WHERE Id=@Id
AND Status=Pending) and returns true only if rowsAffected>0, then in
ProcessPendingRequestsAsync call TryClaimForProcessingAsync for each request and
only proceed to BuildExportZipAsync, update ExportData, send emails, etc., when
the claim returns true; keep all status transitions persisted through the
repository (SaveOrUpdateAsync) and mark Failed when exceptions occur.

---

Nitpick comments:
In `@Core/Resgrid.Services/GdprDataExportService.cs`:
- Around line 157-173: BuildExportZipAsync currently constructs the entire ZIP
in memory (MemoryStream + ZipArchive), which can cause high memory pressure for
large exports; change the implementation to enforce a max export size during
data collection (e.g., when calling
BuildActionLogsDataAsync/BuildInboxMessagesDataAsync/BuildSentMessagesDataAsync)
and stream entries directly to a persistent store instead of holding the full
ZIP in MemoryStream — for example, replace the in-memory MemoryStream/ZipArchive
pattern in BuildExportZipAsync with a streaming approach that writes zip entries
using a seekable stream backed by blob storage or a temp file, and add size
checks around AddJsonEntry and the Build*DataAsync calls to abort and log if the
accumulated size exceeds the configured threshold; also add logging/metrics to
capture final export sizes for monitoring.
- Around line 217-235: BuildCertificationsDataAsync projects certifications into
an anonymous type and returns an empty list on null, which is inconsistent with
other Build*DataAsync methods that return the raw service result; change
BuildCertificationsDataAsync to mirror the others by returning the raw certs
result from _certificationService.GetCertificationsByUserIdAsync(userId) (or, if
projection is required for privacy, apply the same projection pattern in the
other Build* methods) and use a consistent null coalescing approach (e.g.,
return certs ?? new List<...> matching the return type used elsewhere) so the
null handling and return shapes match across methods.
- Around line 113-123: Ensure the export record is persisted via
SaveOrUpdateAsync before emailing (already done) and add a retry and fallback
when calling _emailService.SendGdprDataExportReadyAsync: wrap the
SendGdprDataExportReadyAsync call (the one that uses downloadUrl, user.Email,
profile.FirstName, request.TokenExpiresAt.Value) in a bounded retry loop with
exponential backoff and logging on each failure, update the export entity with
an EmailSent/EmailFailed flag after attempts, persist that state (via the same
repository SaveOrUpdateAsync flow), and surface the failure status so the UI (or
a polling endpoint) can show the user the export is ready even if email delivery
failed.
- Around line 34-60: The GdprDataExportService constructor currently depends on
12 services which makes it hard to maintain; refactor by introducing
higher-level provider interfaces that group related dependencies (for example
create IUserDataProvider to wrap IUserProfileService, IUsersService and
IMessageService, and an IOrgDataProvider to wrap IDepartmentsService,
IDepartmentGroupsService, IPersonnelRolesService, and IShiftsService, plus a
IRecordsProvider for IActionLogsService, ICertificationService, ITrainingService
and IEmailService), update the GdprDataExportService constructor to accept these
new providers plus the IGdprDataExportRequestRepository, replace the existing
private fields (_userProfileService, _usersService, _departmentsService,
_departmentGroupsService, _personnelRolesService, _actionLogs_service,
_messageService, _certificationService, _trainingService, _shiftsService,
_email_service) with the new provider fields, and move the grouped call logic
into the new providers (or adapters) so callers of methods like Export... in
GdprDataExportService use the provider methods instead of directly calling many
services.

In `@Core/Resgrid.Services/SubscriptionsService.cs`:
- Around line 1212-1243: The CreatePaddleCheckoutForSub method creates a
RestClient without a timeout which can cause hanging requests; replace the
current RestClient construction with the same pattern used elsewhere (use
RestClientOptions with MaxTimeout = 200000 and the BaseUrl set to
Config.SystemBehaviorConfig.BillingApiBaseUrl) and keep the Newtonsoft JSON
configuration so the request serialization stays the same; update the RestClient
creation in CreatePaddleCheckoutForSub to use new RestClient(new
RestClientOptions { BaseUrl = ..., MaxTimeout = 200000 },
configureSerialization: s => s.UseNewtonsoftJson()) and leave the rest of the
request logic unchanged.

In
`@Providers/Resgrid.Providers.Migrations/Migrations/M0055_AddGdprDataExportRequests.cs`:
- Around line 10-22: Add non-unique indexes to the new table to speed queries:
create an index on the DownloadToken column (used by GetByTokenAsync) and an
index on Status (used for pending/expired filters); update the migration
M0055_AddGdprDataExportRequests to include
Create.Index().OnTable("GdprDataExportRequests").OnColumn("DownloadToken") and
Create.Index().OnTable("GdprDataExportRequests").OnColumn("Status") (consider
also indexing TokenExpiresAt if expiry scans are common) so lookups by
DownloadToken and Status are covered.

In
`@Providers/Resgrid.Providers.MigrationsPg/Migrations/M0055_AddGdprDataExportRequestsPg.cs`:
- Around line 10-22: The migration creates the gdprdataexportrequests table but
doesn't add indexes for query-heavy columns; update
M0055_AddGdprDataExportRequestsPg.cs to add indexes after
Create.Table("gdprdataexportrequests") — create an index on the downloadtoken
column (match the SQL Server migration choice: unique if tokens are unique for
GetByTokenAsync) and an index on the status column to speed pending/expired
request queries; add the Create.Index(...) calls referencing
"gdprdataexportrequests", "downloadtoken" and "status" (and mark uniqueness for
downloadtoken only if the application expects a unique token).

In
`@Repositories/Resgrid.Repositories.DataRepository/GdprDataExportRequestRepository.cs`:
- Around line 75-78: Get rid of the "SELECT *" in the QueryFirstOrDefaultAsync
call inside GetByTokenAsync and replace it with an explicit column list matching
the other queries in this repository for GdprDataExportRequest; update the sql
param passed to QueryFirstOrDefaultAsync<GdprDataExportRequest> to use the same
explicit column names used in the other methods (copy the column list from the
queries at the other locations in this file) so the SELECT statement is
consistent and resilient to schema changes.

In `@Web/Resgrid.Web/Areas/User/Controllers/AccountController.cs`:
- Around line 32-43: AccountController's constructor has grown too many injected
services (_deleteService, _systemAuditsService, etc.); extract the
account-deletion and auditing orchestration into a dedicated service (e.g.,
IAccountDeletionService or IAccountFacade) and move the deletion/audit logic out
of the controller into that service; then replace the two specific injections
(_deleteService, _systemAuditsService) in the AccountController constructor with
a single IAccountDeletionService injection and update the controller actions to
call that service (keep other dependencies unchanged).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f3a91681-9217-42b4-a7b4-c2e5b2bae8a0

📥 Commits

Reviewing files that changed from the base of the PR and between 9b70aa3 and b3105ec.

⛔ Files ignored due to path filters (100)

Core/Resgrid.Localization/Areas/User/Forms/Forms.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Forms/Forms.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Groups/Groups.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Links/Links.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Orders/Orders.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Reports/Reports.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Routes/Routes.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Templates/Templates.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Voice/Voice.uk.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Areas/User/Workflows/Workflows.uk.resx is excluded by !**/*.resx

📒 Files selected for processing (111)

.claude/settings.local.json
CLAUDE.md
Core/Resgrid.Config/PaymentProviderConfig.cs
Core/Resgrid.Config/SystemBehaviorConfig.cs
Core/Resgrid.Localization/Areas/User/Forms/Forms.cs
Core/Resgrid.Localization/Areas/User/Groups/Groups.cs
Core/Resgrid.Localization/Areas/User/Links/Links.cs
Core/Resgrid.Localization/Areas/User/Notifications/Notifications.cs
Core/Resgrid.Localization/Areas/User/Orders/Orders.cs
Core/Resgrid.Localization/Areas/User/Protocols/Protocols.cs
Core/Resgrid.Localization/Areas/User/Reports/Reports.cs
Core/Resgrid.Model/Billing/Api/CreatePaddleCheckoutResult.cs
Core/Resgrid.Model/Billing/Api/GetActivePaddleSubscriptionResult.cs
Core/Resgrid.Model/CqrsEventTypes.cs
Core/Resgrid.Model/DepartmentSettingTypes.cs
Core/Resgrid.Model/GdprDataExportRequest.cs
Core/Resgrid.Model/GdprExportStatus.cs
Core/Resgrid.Model/PaymentMethods.cs
Core/Resgrid.Model/Repositories/IGdprDataExportRequestRepository.cs
Core/Resgrid.Model/Services/IDepartmentSettingsService.cs
Core/Resgrid.Model/Services/IEmailService.cs
Core/Resgrid.Model/Services/IGdprDataExportService.cs
Core/Resgrid.Model/Services/IShiftsService.cs
Core/Resgrid.Model/Services/ISubscriptionsService.cs
Core/Resgrid.Model/Services/ITrainingService.cs
Core/Resgrid.Model/SystemAuditTypes.cs
Core/Resgrid.Services/DepartmentSettingsService.cs
Core/Resgrid.Services/EmailService.cs
Core/Resgrid.Services/GdprDataExportService.cs
Core/Resgrid.Services/ServicesModule.cs
Core/Resgrid.Services/ShiftsService.cs
Core/Resgrid.Services/SubscriptionsService.cs
Core/Resgrid.Services/TrainingService.cs
Providers/Resgrid.Providers.Migrations/Migrations/M0055_AddGdprDataExportRequests.cs
Providers/Resgrid.Providers.MigrationsPg/Migrations/M0055_AddGdprDataExportRequestsPg.cs
Repositories/Resgrid.Repositories.DataRepository/GdprDataExportRequestRepository.cs
Repositories/Resgrid.Repositories.DataRepository/Modules/DataModule.cs
Web/Resgrid.Web/Areas/User/Controllers/AccountController.cs
Web/Resgrid.Web/Areas/User/Controllers/HomeController.cs
Web/Resgrid.Web/Areas/User/Controllers/SubscriptionController.cs
Web/Resgrid.Web/Areas/User/Models/EditProfileModel.cs
Web/Resgrid.Web/Areas/User/Models/Subscription/SelectRegistrationPlanView.cs
Web/Resgrid.Web/Areas/User/Models/Subscription/SubscriptionView.cs
Web/Resgrid.Web/Areas/User/Views/Forms/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Forms/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Forms/View.cshtml
Web/Resgrid.Web/Areas/User/Views/Groups/DeleteGroup.cshtml
Web/Resgrid.Web/Areas/User/Views/Groups/EditGroup.cshtml
Web/Resgrid.Web/Areas/User/Views/Groups/Geofence.cshtml
Web/Resgrid.Web/Areas/User/Views/Groups/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Groups/NewGroup.cshtml
Web/Resgrid.Web/Areas/User/Views/Home/EditUserProfile.cshtml
Web/Resgrid.Web/Areas/User/Views/Links/Enable.cshtml
Web/Resgrid.Web/Areas/User/Views/Links/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Links/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Links/View.cshtml
Web/Resgrid.Web/Areas/User/Views/Notifications/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Notifications/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Orders/Fill.cshtml
Web/Resgrid.Web/Areas/User/Views/Orders/FillItem.cshtml
Web/Resgrid.Web/Areas/User/Views/Orders/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Orders/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Orders/Settings.cshtml
Web/Resgrid.Web/Areas/User/Views/Orders/View.cshtml
Web/Resgrid.Web/Areas/User/Views/Protocols/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Protocols/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Protocols/View.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/ActionLogs.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/ActionLogsParams.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/ActiveCallsResourcesReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/CallSummaryReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/CallSummaryReportParams.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/CertificationsReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/DepartmentActivityReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/LogReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/PersonnelEventsReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/PersonnelHoursDetailReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/PersonnelHoursReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/PersonnelHoursReportParams.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/PersonnelReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/PersonnelStaffingHistoryReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/PersonnelStaffingHistoryReportParams.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/StaffingReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/UnitEventsReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/UnitStateHistoryReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/UnitStateHistoryReportParams.cshtml
Web/Resgrid.Web/Areas/User/Views/Reports/UpcomingShiftReadinessReport.cshtml
Web/Resgrid.Web/Areas/User/Views/Routes/ArchivedView.cshtml
Web/Resgrid.Web/Areas/User/Views/Routes/Directions.cshtml
Web/Resgrid.Web/Areas/User/Views/Routes/Edit.cshtml
Web/Resgrid.Web/Areas/User/Views/Routes/View.cshtml
Web/Resgrid.Web/Areas/User/Views/Subscription/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Subscription/PaddleProcessing.cshtml
Web/Resgrid.Web/Areas/User/Views/Subscription/SelectRegistrationPlan.cshtml
Web/Resgrid.Web/Areas/User/Views/Templates/CallNotes.cshtml
Web/Resgrid.Web/Areas/User/Views/Templates/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Templates/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Templates/NewCallNote.cshtml
Web/Resgrid.Web/Areas/User/Views/Voice/Edit.cshtml
Web/Resgrid.Web/Areas/User/Views/Voice/Index.cshtml
Web/Resgrid.Web/Areas/User/Views/Voice/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Workflows/New.cshtml
Web/Resgrid.Web/Areas/User/Views/Workflows/RunDetail.cshtml
Web/Resgrid.Web/Controllers/AccountController.cs
Web/Resgrid.Web/Filters/RequireActivePlanFilter.cs
Web/Resgrid.Web/Startup.cs
Workers/Resgrid.Workers.Console/Commands/GdprExportCommand.cs
Workers/Resgrid.Workers.Console/Program.cs
Workers/Resgrid.Workers.Console/Tasks/GdprExportTask.cs
Workers/Resgrid.Workers.Framework/Logic/GdprExportLogic.cs

💤 Files with no reviewable changes (1)

CLAUDE.md

coderabbitai · 2026-03-26T19:19:27Z

.claude/settings.local.json

+    "allow": [
+      "mcp__dual-graph__graph_scan",
+      "mcp__dual-graph__graph_continue",
+      "Bash(find G:ResgridResgridCoreResgrid.ModelBilling -type f -name *.cs)",
+      "Bash(python3:*)",
+      "Bash(xargs grep:*)",
+      "Bash(grep -E \"\\\\.cs$|Program\")",
+      "Bash(grep -l \"DepartmentMembers\\\\|DepartmentMember\" \"G:\\\\Resgrid\\\\Resgrid/Repositories/Resgrid.Repositories.DataRepository/\"*.cs)",
+      "Bash(find /g/Resgrid/Resgrid/Repositories/Resgrid.Repositories.DataRepository/Servers -name *.cs)",
+      "Bash(find G:/Resgrid/Resgrid -newer G:/Resgrid/Resgrid/CLAUDE.md -name *.cs -not -path */obj/* -not -path */.git/*)",
+      "Bash(dotnet build:*)"


⚠️ Potential issue | 🟠 Major

Overly broad command allowlist weakens execution safety

Bash(python3:*), Bash(xargs grep:*), and Bash(dotnet build:*) grant near-arbitrary command surfaces. On shared repos, this significantly increases misuse/blast radius if prompts are compromised.

Please narrow these to explicit command templates and constrained paths only.

Suggested tightening

- "Bash(python3:*)", - "Bash(xargs grep:*)", - "Bash(dotnet build:*)" + "Bash(python3 scripts/dual_graph_*.py)", + "Bash(xargs -0 grep -nE \"DepartmentMembers|DepartmentMember\")", + "Bash(dotnet build G:/Resgrid/Resgrid/Resgrid.sln --configuration Release)"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"allow": [

"mcp__dual-graph__graph_scan",

"mcp__dual-graph__graph_continue",

"Bash(find G:ResgridResgridCoreResgrid.ModelBilling -type f -name *.cs)",

"Bash(python3:*)",

"Bash(xargs grep:*)",

"Bash(grep -E \"\\\\.cs$|Program\")",

"Bash(grep -l \"DepartmentMembers\\\\|DepartmentMember\" \"G:\\\\Resgrid\\\\Resgrid/Repositories/Resgrid.Repositories.DataRepository/\"*.cs)",

"Bash(find /g/Resgrid/Resgrid/Repositories/Resgrid.Repositories.DataRepository/Servers -name *.cs)",

"Bash(find G:/Resgrid/Resgrid -newer G:/Resgrid/Resgrid/CLAUDE.md -name *.cs -not -path */obj/* -not -path */.git/*)",

"Bash(dotnet build:*)"

"allow": [

"mcp__dual-graph__graph_scan",

"mcp__dual-graph__graph_continue",

"Bash(find G:ResgridResgridCoreResgrid.ModelBilling -type f -name *.cs)",

"Bash(python3 scripts/dual_graph_*.py)",

"Bash(xargs -0 grep -nE \"DepartmentMembers|DepartmentMember\")",

"Bash(grep -E \"\\\\.cs$|Program\")",

"Bash(grep -l \"DepartmentMembers\\\\|DepartmentMember\" \"G:\\\\Resgrid\\\\Resgrid/Repositories/Resgrid.Repositories.DataRepository/\"*.cs)",

"Bash(find /g/Resgrid/Resgrid/Repositories/Resgrid.Repositories.DataRepository/Servers -name *.cs)",

"Bash(find G:/Resgrid/Resgrid -newer G:/Resgrid/Resgrid/CLAUDE.md -name *.cs -not -path */obj/* -not -path */.git/*)",

"Bash(dotnet build G:/Resgrid/Resgrid/Resgrid.sln --configuration Release)"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.claude/settings.local.json around lines 3 - 13, The allowlist contains overly broad entries (Bash(python3:*), Bash(xargs grep:*), Bash(dotnet build:*)) that permit near-arbitrary command execution; tighten them by replacing wildcard patterns with explicit, constrained command templates and safe path restrictions (e.g. restrict python3 to a specific script path or approved flags, limit xargs/grep invocations to fixed directories or file globs, and constrain dotnet build to exact project/solution files), update the entries for Bash(python3:*), Bash(xargs grep:*), and Bash(dotnet build:*) accordingly, and ensure any new templates document allowed arguments and target paths to minimize blast radius.

coderabbitai · 2026-03-26T19:19:28Z

.claude/settings.local.json

+      "Bash(find G:ResgridResgridCoreResgrid.ModelBilling -type f -name *.cs)",
+      "Bash(python3:*)",
+      "Bash(xargs grep:*)",
+      "Bash(grep -E \"\\\\.cs$|Program\")",
+      "Bash(grep -l \"DepartmentMembers\\\\|DepartmentMember\" \"G:\\\\Resgrid\\\\Resgrid/Repositories/Resgrid.Repositories.DataRepository/\"*.cs)",
+      "Bash(find /g/Resgrid/Resgrid/Repositories/Resgrid.Repositories.DataRepository/Servers -name *.cs)",
+      "Bash(find G:/Resgrid/Resgrid -newer G:/Resgrid/Resgrid/CLAUDE.md -name *.cs -not -path */obj/* -not -path */.git/*)",


⚠️ Potential issue | 🟡 Minor

Command path formats are inconsistent and brittle

Line 6 uses G:ResgridResgridCoreResgrid.ModelBilling (missing separators), while other entries mix slash styles and quoting patterns. This is likely to break matching/execution across shells.

Normalize to one path style and quote arguments consistently.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.claude/settings.local.json around lines 6 - 12, The command entries are inconsistent and brittle (e.g., the malformed path "G:ResgridResgridCoreResgrid.ModelBilling" and mixed slash styles in lines like "G:\\Resgrid\\Resgrid/Repositories/Resgrid.Repositories.DataRepository/"), so normalize all command paths to a single, consistent style (choose either Windows-style with escaped backslashes like "G:\\Resgrid\\..." or POSIX-style with forward slashes like "G:/Resgrid/Resgrid/..."), consistently quote arguments and globs (e.g., "*.cs" and the grep target directory), and ensure any backslashes are properly escaped for JSON; update the Bash(...) entries (grep -l, find, and xargs patterns) to use the chosen path style and consistent quoting so they execute reliably across shells.

coderabbitai · 2026-03-26T19:19:28Z

.claude/settings.local.json

+    "SessionStart": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "powershell -NoProfile -File \"G:/Resgrid/Resgrid/.dual-graph/prime.ps1\""
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "powershell -NoProfile -File \"G:/Resgrid/Resgrid/.dual-graph/stop_hook.ps1\""
+          }
+        ]
+      }
+    ],
+    "PreCompact": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "powershell -NoProfile -File \"G:/Resgrid/Resgrid/.dual-graph/prime.ps1\""
+          }
+        ]
+      }
+    ]


⚠️ Potential issue | 🟠 Major

Hook scripts depend on gitignored local artifacts without guardrails

Lines 23, 34, and 45 invoke scripts under .dual-graph/, but that directory is gitignored in this repo context. Fresh environments will fail hook execution unless users manually provision those files.

Add an existence check wrapper (or no-op fallback) before calling the scripts.

Suggested resilient hook command pattern

- "command": "powershell -NoProfile -File \"G:/Resgrid/Resgrid/.dual-graph/prime.ps1\"" + "command": "powershell -NoProfile -Command \"if (Test-Path 'G:/Resgrid/Resgrid/.dual-graph/prime.ps1') { & 'G:/Resgrid/Resgrid/.dual-graph/prime.ps1' }\""

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.claude/settings.local.json around lines 17 - 49, The hooks call external scripts under ".dual-graph" (seen in the SessionStart, Stop, and PreCompact hook command entries) but those files are gitignored and may be missing; wrap each PowerShell invocation with a pre-check using Test-Path for the target file and only execute the script when it exists, otherwise silently no-op (or emit a clear info message) so fresh environments don’t fail hook execution; update the "command" values for the SessionStart, Stop, and PreCompact hook objects to perform this existence check before calling prime.ps1 or stop_hook.ps1.

coderabbitai · 2026-03-26T19:19:28Z

Core/Resgrid.Model/CqrsEventTypes.cs

+		PaddleTransactionCompleted = 17,
+		PaddleTransactionPaymentFailed = 18,
+		PaddleSubscriptionUpdated = 19,
+		PaddleSubscriptionCanceled = 20,
+		PaddleSubscriptionCreated = 21,


⚠️ Potential issue | 🔴 Critical

Add worker handling before shipping new Paddle CQRS events.

These new enum values are not handled in Workers/Resgrid.Workers.Framework/Logic/PaymentQueueLogic.cs (switch only has Stripe cases and throws in default). Any queued Paddle event will hit default and fail at runtime. Please add explicit switch cases for all new Paddle event types before merge.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@Core/Resgrid.Model/CqrsEventTypes.cs` around lines 22 - 26, The new Paddle enum values (PaddleTransactionCompleted, PaddleTransactionPaymentFailed, PaddleSubscriptionUpdated, PaddleSubscriptionCanceled, PaddleSubscriptionCreated) are not handled in the PaymentQueueLogic switch and will hit the default throw; update the switch in Workers/Resgrid.Workers.Framework/Logic/PaymentQueueLogic.cs to add explicit cases for each of these five CqrsEventTypes and route them to the appropriate Paddle handling logic (mirror the structure used for the Stripe cases—call or delegate to the same worker/service methods responsible for Paddle transaction/subscription processing), ensuring the default no-longer receives these events.

Core/Resgrid.Services/GdprDataExportService.cs

Web/Resgrid.Web/Areas/User/Controllers/SubscriptionController.cs

+
+		[HttpPost]
+		[Authorize(Policy = ResgridResources.Department_Update)]
+		public async Task<IActionResult> ManagePaddlePTTAddon(BuyAddonView model)


In general, the fix is to ensure that all state-changing POST actions are protected by server-side validation of an anti-forgery token, and that the corresponding forms or AJAX calls include that token. In ASP.NET Core MVC, this is typically done by adding [ValidateAntiForgeryToken] (or [AutoValidateAntiforgeryToken] globally) and emitting @Html.AntiForgeryToken() in forms.

For this specific issue, the smallest, most localized fix that doesn’t change existing behavior is to add the [ValidateAntiForgeryToken] attribute to the ManagePaddlePTTAddon POST action. This controller is already an MVC controller (inherits from Controller in ASP.NET Core), and Microsoft.AspNetCore.Mvc is already imported, so no new using directives are required. We do not need to change the GET action or other parts of the file. The change is limited to the attribute list above the POST method at lines 780–783 in Web/Resgrid.Web/Areas/User/Controllers/SubscriptionController.cs.

coderabbitai

🧹 Nitpick comments (4)

Core/Resgrid.Config/TelemetryConfig.cs (1)
5-8: Remove unused global config fields or convert to injected immutable configuration.

These public static string fields are mutable global state that can be reassigned via reflection through ConfigProcessor, making them harder to test and track. Additionally, no direct references to these fields were found in the codebase, suggesting they may be unused. Either remove them if unused, or refactor to an immutable record injected where needed.

If these fields are actively configured externally, prefer an immutable options pattern over global mutable state:
♻️ Proposed refactor
-	public static class TelemetryConfig
-	{
-		public static string Exporter = "";
-
-		public static string CountlyUrl = "";
-		public static string CountlyWebKey = "";
-	}
+	public sealed record TelemetryConfig(
+		string Exporter,
+		string CountlyUrl,
+		string CountlyWebKey);
Per coding guidelines, prefer immutable data, testable design with explicit dependencies, and avoid hidden global state.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Config/TelemetryConfig.cs` around lines 5 - 8, TelemetryConfig
currently exposes mutable global fields (Exporter, CountlyUrl, CountlyWebKey);
remove them if they are unused, otherwise replace them with an immutable options
type and use DI: create a TelemetryOptions record (e.g., record
TelemetryOptions(string Exporter, string CountlyUrl, string CountlyWebKey)),
register it with the configuration system (IOptions<TelemetryOptions> or bind in
startup), and update any consumers that referenced
TelemetryConfig.Exporters/CountlyUrl/CountlyWebKey to accept
IOptions<TelemetryOptions> (or TelemetryOptions) via constructor injection;
finally delete the public static fields from TelemetryConfig to eliminate
mutable global state.
Core/Resgrid.Model/Services/ISubscriptionsService.cs (3)
249-255: Replace long positional signatures with request records and include cancellation support.

These methods now carry many positional arguments (multiple string/int values), which is error-prone at call sites and hard to evolve. Prefer request DTO/record parameters plus optional CancellationToken for provider calls.
♻️ Proposed contract refactor
- Task<CreateStripeSessionForUpdateData> CreateStripeSessionForSub(int departmentId, string stripeCustomerId, string stripePlanId, int planId, string email, string departmentName, int count, string discountCode = null);
+ Task<CreateStripeSessionForUpdateData> CreateStripeSessionForSub(
+     CreateStripeSubscriptionCheckoutRequest request,
+     CancellationToken cancellationToken = default);

- Task<CreatePaddleCheckoutData> CreatePaddleCheckoutForSub(int departmentId, string paddleCustomerId, string paddlePriceId, int planId, string email, string departmentName, int count, string discountCode = null);
+ Task<CreatePaddleCheckoutData> CreatePaddleCheckoutForSub(
+     CreatePaddleSubscriptionCheckoutRequest request,
+     CancellationToken cancellationToken = default);

- Task<CreatePaddleCheckoutData> CreatePaddleCheckoutForUpdate(int departmentId, string paddleCustomerId, string email, string departmentName);
+ Task<CreatePaddleCheckoutData> CreatePaddleCheckoutForUpdate(
+     CreatePaddleCheckoutUpdateRequest request,
+     CancellationToken cancellationToken = default);
As per coding guidelines, "Separate state from behavior (e.g., use records for state and place operations in separate static classes)" and "Design for testability; avoid hidden dependencies inside methods and prefer explicit, pure functions".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Model/Services/ISubscriptionsService.cs` around lines 249 - 255,
Change the long positional parameter signatures on CreateStripeSessionForSub,
ChangeActiveSubscriptionAsync, CreatePaddleCheckoutForSub, and
CreatePaddleCheckoutForUpdate to accept a single request record/DTO (e.g.,
CreateStripeSessionForSubRequest, ChangeActiveSubscriptionRequest,
CreatePaddleCheckoutForSubRequest, CreatePaddleCheckoutForUpdateRequest) that
encapsulates the parameters, and add an optional CancellationToken parameter to
each method signature; update interface declarations to use these request types
and CancellationToken to improve callsite safety and testability.
257-265: Split provider-specific operations into dedicated interfaces instead of expanding a single contract.

Adding full Paddle lifecycle methods into this already broad interface increases coupling and makes the contract harder to maintain/test. Prefer IStripeSubscriptionsService + IPaddleSubscriptionsService and compose them where needed.

As per coding guidelines, "Prefer composition with interfaces to extend behavior" and "Write clear, self-documenting C# code that maximises readability and maintainability while minimizing complexity and coupling".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Model/Services/ISubscriptionsService.cs` around lines 257 - 265,
The ISubscriptionsService interface has provider-specific Paddle methods
(GetActivePaddleSubscriptionAsync, GetActivePTTPaddleSubscriptionAsync,
ChangePaddleSubscriptionAsync, ModifyPaddlePTTAddonSubscriptionAsync,
CancelPaddleSubscriptionAsync) which increases coupling; extract these into a
new IPaddleSubscriptionsService interface and move those method signatures
there, leaving ISubscriptionsService focused on provider-agnostic operations,
then update any consumers to depend on IPaddleSubscriptionsService where
Paddle-specific behavior is required (or compose both ISubscriptionsService and
IPaddleSubscriptionsService in classes that need both); also consider creating
an IStripeSubscriptionsService for Stripe-specific methods if present to follow
the same pattern.
249-255: Align async method names with Async suffix for consistency with interface contract.

These methods are async (implementations use the async keyword) but lack the Async suffix that other async methods in the same interface follow (ChangeActiveSubscriptionAsync, GetActiveStripeSubscriptionAsync, GetActivePaddleSubscriptionAsync). Renaming to CreateStripeSessionForSubAsync, CreateStripeSessionForUpdateAsync, CreatePaddleCheckoutForSubAsync, and CreatePaddleCheckoutForUpdateAsync would improve consistency and clarity across the service contract.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@Core/Resgrid.Model/Services/ISubscriptionsService.cs` around lines 249 - 255,
Rename the four methods in ISubscriptionsService to use the Async suffix for
consistency: change CreateStripeSessionForSub to CreateStripeSessionForSubAsync,
CreatePaddleCheckoutForSub to CreatePaddleCheckoutForSubAsync,
CreateStripeCheckoutForUpdate (or CreatePaddleCheckoutForUpdate in diff) to
CreateStripeSessionForUpdateAsync/CreatePaddleCheckoutForUpdateAsync as
appropriate, and CreatePaddleCheckoutForUpdate to
CreatePaddleCheckoutForUpdateAsync; then update all implementing classes and any
callers to use the new method names (e.g., implementations of
CreateStripeSessionForSub, CreatePaddleCheckoutForSub,
CreateStripeSessionForUpdate, CreatePaddleCheckoutForUpdate and references
should be renamed accordingly) so signatures stay consistent with other async
methods like ChangeActiveSubscriptionAsync and GetActiveStripeSubscriptionAsync.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Core/Resgrid.Config/TelemetryConfig.cs`:
- Around line 5-8: TelemetryConfig currently exposes mutable global fields
(Exporter, CountlyUrl, CountlyWebKey); remove them if they are unused, otherwise
replace them with an immutable options type and use DI: create a
TelemetryOptions record (e.g., record TelemetryOptions(string Exporter, string
CountlyUrl, string CountlyWebKey)), register it with the configuration system
(IOptions<TelemetryOptions> or bind in startup), and update any consumers that
referenced TelemetryConfig.Exporters/CountlyUrl/CountlyWebKey to accept
IOptions<TelemetryOptions> (or TelemetryOptions) via constructor injection;
finally delete the public static fields from TelemetryConfig to eliminate
mutable global state.

In `@Core/Resgrid.Model/Services/ISubscriptionsService.cs`:
- Around line 249-255: Change the long positional parameter signatures on
CreateStripeSessionForSub, ChangeActiveSubscriptionAsync,
CreatePaddleCheckoutForSub, and CreatePaddleCheckoutForUpdate to accept a single
request record/DTO (e.g., CreateStripeSessionForSubRequest,
ChangeActiveSubscriptionRequest, CreatePaddleCheckoutForSubRequest,
CreatePaddleCheckoutForUpdateRequest) that encapsulates the parameters, and add
an optional CancellationToken parameter to each method signature; update
interface declarations to use these request types and CancellationToken to
improve callsite safety and testability.
- Around line 257-265: The ISubscriptionsService interface has provider-specific
Paddle methods (GetActivePaddleSubscriptionAsync,
GetActivePTTPaddleSubscriptionAsync, ChangePaddleSubscriptionAsync,
ModifyPaddlePTTAddonSubscriptionAsync, CancelPaddleSubscriptionAsync) which
increases coupling; extract these into a new IPaddleSubscriptionsService
interface and move those method signatures there, leaving ISubscriptionsService
focused on provider-agnostic operations, then update any consumers to depend on
IPaddleSubscriptionsService where Paddle-specific behavior is required (or
compose both ISubscriptionsService and IPaddleSubscriptionsService in classes
that need both); also consider creating an IStripeSubscriptionsService for
Stripe-specific methods if present to follow the same pattern.
- Around line 249-255: Rename the four methods in ISubscriptionsService to use
the Async suffix for consistency: change CreateStripeSessionForSub to
CreateStripeSessionForSubAsync, CreatePaddleCheckoutForSub to
CreatePaddleCheckoutForSubAsync, CreateStripeCheckoutForUpdate (or
CreatePaddleCheckoutForUpdate in diff) to
CreateStripeSessionForUpdateAsync/CreatePaddleCheckoutForUpdateAsync as
appropriate, and CreatePaddleCheckoutForUpdate to
CreatePaddleCheckoutForUpdateAsync; then update all implementing classes and any
callers to use the new method names (e.g., implementations of
CreateStripeSessionForSub, CreatePaddleCheckoutForSub,
CreateStripeSessionForUpdate, CreatePaddleCheckoutForUpdate and references
should be renamed accordingly) so signatures stay consistent with other async
methods like ChangeActiveSubscriptionAsync and GetActiveStripeSubscriptionAsync.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: aac42b0c-633b-43ad-9ea3-9836dcf3d40d

📥 Commits

Reviewing files that changed from the base of the PR and between b3105ec and 3dfa19c.

⛔ Files ignored due to path filters (9)

Core/Resgrid.Localization/Account/Login.ar.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.de.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.en.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.es.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.fr.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.it.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.pl.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.sv.resx is excluded by !**/*.resx
Core/Resgrid.Localization/Account/Login.uk.resx is excluded by !**/*.resx

📒 Files selected for processing (20)

.gitignore
Core/Resgrid.Config/TelemetryConfig.cs
Core/Resgrid.Model/Repositories/IGdprDataExportRequestRepository.cs
Core/Resgrid.Model/Services/ISubscriptionsService.cs
Core/Resgrid.Services/GdprDataExportService.cs
Core/Resgrid.Services/SubscriptionsService.cs
Repositories/Resgrid.Repositories.DataRepository/GdprDataExportRequestRepository.cs
Web/Resgrid.Web.Services/Controllers/v4/ConfigController.cs
Web/Resgrid.Web/Areas/User/Controllers/SubscriptionController.cs
Web/Resgrid.Web/Areas/User/Models/Subscription/SelectRegistrationPlanView.cs
Web/Resgrid.Web/Areas/User/Views/Subscription/SelectRegistrationPlan.cshtml
Web/Resgrid.Web/Controllers/AccountController.cs
Web/Resgrid.Web/Middleware/FeatureFlagContextProvider.cs
Web/Resgrid.Web/Models/AccountViewModels/RegisterViewModel.cs
Web/Resgrid.Web/Program.cs
Web/Resgrid.Web/Resgrid.Web.csproj
Web/Resgrid.Web/Startup.cs
Web/Resgrid.Web/Views/Account/Register.cshtml
Web/Resgrid.Web/Views/Shared/_Layout.cshtml
Web/Resgrid.Web/wwwroot/js/app/common/analytics/resgrid.common.analytics.js

✅ Files skipped from review due to trivial changes (1)

.gitignore

🚧 Files skipped from review as they are similar to previous changes (3)

Core/Resgrid.Model/Repositories/IGdprDataExportRequestRepository.cs
Core/Resgrid.Services/GdprDataExportService.cs
Core/Resgrid.Services/SubscriptionsService.cs

ucswift · 2026-03-26T23:02:20Z

Approve

github-actions

This PR is approved.

RE1-T105 Added Languages to missing pages, gdpr support for export, e…

b3105ec

…u logic

coderabbitai bot reviewed Mar 26, 2026

View reviewed changes

github-advanced-security bot found potential problems Mar 26, 2026

View reviewed changes

RE1-T105 Analytics fix

3dfa19c

coderabbitai bot reviewed Mar 26, 2026

View reviewed changes

github-actions bot approved these changes Mar 26, 2026

View reviewed changes

ucswift merged commit 1606ee0 into master Mar 26, 2026
18 of 19 checks passed

Uh oh!

Conversation

ucswift commented Mar 26, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Possibly related PRs

❌ Failed checks (2 warnings)

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 26, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 26, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 26, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 26, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Check failure

Copilot Autofix

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

ucswift commented Mar 26, 2026

Uh oh!

github-actions bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

ucswift commented Mar 26, 2026 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Mar 26, 2026 •

edited

Loading