fix(V2): block staged mutations of records with unresolvable owner

TheLastCicada · TheLastCicada · commit 902f4f4ce476 · 2026-06-02T11:44:22.000-07:00
The ownership guard waved through UPDATE/DELETE staging for an existing
record whenever no owner could be resolved, even on tables that carry an
org_uid column (program, methodology, project, unit, stakeholder, label,
aef_t1_submission). A row with a null org_uid could therefore be mutated
despite the home-org-only policy.

Require an owner when the model defines an org_uid column, so an
unresolvable owner is rejected. Home-created records carry org_uid=home
and still pass; tables without an org_uid column keep resolving ownership
through their parent FK chain.
diff --git a/src/models/v2/staging-v2.model.js b/src/models/v2/staging-v2.model.js
@@ -214,6 +214,19 @@ class StagingV2 extends Model {
     return plainRecord?.[fieldName] ?? plainRecord?.[StagingV2.camelToSnake(fieldName)];
   }
 
+  // True when the model itself carries an org_uid column (e.g. program,
+  // methodology, project, unit, stakeholder, label, aef_t1_submission).
+  // Such records are expected to resolve to an owning org, so when none can
+  // be resolved (e.g. a null org_uid) the mutation is blocked rather than
+  // waved through. Tables without an org_uid column resolve ownership via
+  // their parent FK chain instead (see hasOwnershipFields).
+  static modelHasOrgUidColumn(ModelClass) {
+    const attrs = typeof ModelClass?.getAttributes === 'function'
+      ? ModelClass.getAttributes()
+      : ModelClass?.rawAttributes;
+    return Boolean(attrs && (attrs.orgUid || attrs.org_uid));
+  }
+
   static hasOwnershipFields(record, table) {
     const primaryKeyField = getV2PrimaryKeyField(table);
     const primaryKeyApiField = primaryKeyField?.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
@@ -364,11 +377,13 @@ class StagingV2 extends Model {
         const existingOwnerOrgUids = await StagingV2.collectOwnerOrgUids(
           existingRecord, options, new Set(), 0, false, existingUnresolved, tableExcludedFields,
         );
-        const hasOwnershipChain = StagingV2.hasOwnershipFields(existingRecord, values.table);
+        const requireOwner =
+          StagingV2.hasOwnershipFields(existingRecord, values.table) ||
+          StagingV2.modelHasOrgUidColumn(ModelClass);
         await StagingV2.assertOwnerOrgUidsAreHome(
           existingOwnerOrgUids,
           values.table,
-          hasOwnershipChain,
+          requireOwner,
           existingUnresolved,
           homeOrgUid,
         );
