fix(V2): guard project deletes for AEF references

TheLastCicada · TheLastCicada · commit a1b75d81fdc0 · 2026-05-20T14:20:53.000-07:00
diff --git a/src/controllers/v2/project-v2.controller.js b/src/controllers/v2/project-v2.controller.js
@@ -35,9 +35,32 @@ import { loggerV2 } from '../../config/logger.js';
 import { projectV2Schema } from '../../validations/v2/project-v2.validations.js';
 import { formatModelAssociationName } from '../../utils/model-utils.js';
 import { resolveOrgUid } from '../../utils/owner-utils.js';
-import { stageProjectChildDeletes } from '../../utils/v2-cascade-delete.js';
+import { getProjectCascadeUnits, stageProjectChildDeletes } from '../../utils/v2-cascade-delete.js';
 import { checkReferences, buildReferenceConflictBody } from '../../utils/v2-reference-guards.js';
 
+const checkProjectCascadeUnitReferences = async (projectId) => {
+  const units = await getProjectCascadeUnits(projectId);
+  const referencesByTable = new Map();
+
+  for (const unit of units) {
+    const unitRefResult = await checkReferences('unit', unit.cadTrustUnitId);
+    for (const reference of unitRefResult.references) {
+      const existing = referencesByTable.get(reference.table);
+      if (existing) {
+        existing.count += reference.count;
+      } else {
+        referencesByTable.set(reference.table, { ...reference });
+      }
+    }
+  }
+
+  const references = [...referencesByTable.values()];
+  return {
+    hasReferences: references.length > 0,
+    references,
+  };
+};
+
 export const create = async (req, res) => {
   try {
     await assertV2IfReadOnlyMode();
@@ -825,6 +848,11 @@ export const destroy = async (req, res) => {
       return res.status(409).json(buildReferenceConflictBody('project', refResult));
     }
 
+    const cascadeRefResult = await checkProjectCascadeUnitReferences(id);
+    if (cascadeRefResult.hasReferences) {
+      return res.status(409).json(buildReferenceConflictBody('project', cascadeRefResult));
+    }
+
     const releaseTransactionMutex =
       await processingSyncRegistriesTransactionMutexV2.acquire();
     let stagedChildDeletes;
diff --git a/src/utils/v2-cascade-delete.js b/src/utils/v2-cascade-delete.js
@@ -188,6 +188,44 @@ export const stageUnitChildDeletes = async (unitId, options = {}) => {
   return rows.length;
 };
 
+export const getProjectCascadeUnits = async (projectId, options = {}) => {
+  const { transaction } = options;
+
+  const verifications = await VerificationV2.findAll({
+    where: { cadTrustProjectId: projectId },
+    raw: true,
+    transaction,
+  });
+
+  const verificationIds = verifications
+    .map((verification) => verification.cadTrustVerificationId)
+    .filter(Boolean);
+
+  if (verificationIds.length === 0) {
+    return [];
+  }
+
+  const issuances = await IssuanceV2.findAll({
+    where: { cadTrustVerificationId: verificationIds },
+    raw: true,
+    transaction,
+  });
+
+  const issuanceIds = issuances
+    .map((issuance) => issuance.cadTrustIssuanceId)
+    .filter(Boolean);
+
+  if (issuanceIds.length === 0) {
+    return [];
+  }
+
+  return UnitV2.findAll({
+    where: { cadTrustIssuanceId: issuanceIds },
+    raw: true,
+    transaction,
+  });
+};
+
 export const stageProjectChildDeletes = async (projectId, options = {}) => {
   const { transaction } = options;
   const rows = [];
@@ -230,30 +268,20 @@ export const stageProjectChildDeletes = async (projectId, options = {}) => {
     });
     pushRowsForRecords(rows, issuances, 'issuance', 'cad_trust_issuance_id');
 
-    const issuanceIds = issuances
-      .map((issuance) => issuance.cadTrustIssuanceId)
+    const units = await getProjectCascadeUnits(projectId, { transaction });
+    pushRowsForRecords(rows, units, 'unit', 'cad_trust_unit_id');
+
+    const unitIds = units
+      .map((unit) => unit.cadTrustUnitId)
       .filter(Boolean);
 
-    if (issuanceIds.length > 0) {
-      const units = await UnitV2.findAll({
-        where: { cadTrustIssuanceId: issuanceIds },
+    if (unitIds.length > 0) {
+      const unitLabels = await UnitLabelV2.findAll({
+        where: { cadTrustUnitId: unitIds },
         raw: true,
         transaction,
       });
-      pushRowsForRecords(rows, units, 'unit', 'cad_trust_unit_id');
-
-      const unitIds = units
-        .map((unit) => unit.cadTrustUnitId)
-        .filter(Boolean);
-
-      if (unitIds.length > 0) {
-        const unitLabels = await UnitLabelV2.findAll({
-          where: { cadTrustUnitId: unitIds },
-          raw: true,
-          transaction,
-        });
-        pushRowsForRecords(rows, unitLabels, 'unit_label', 'cad_trust_unit_label_id');
-      }
+      pushRowsForRecords(rows, unitLabels, 'unit_label', 'cad_trust_unit_label_id');
     }
   }
 
diff --git a/src/utils/v2-reference-guards.js b/src/utils/v2-reference-guards.js
@@ -112,6 +112,30 @@ const REFERENCE_MAP = {
         && record?.cad_trust_project_id !== recordId
       ),
     },
+    {
+      model: AefT5AuthorizedEntitiesV2,
+      fkField: 'cadTrustProjectId',
+      table: 'aef_t5_authorized_entities',
+      label: 'AEF-T5 authorized entity records',
+    },
+    {
+      model: AefT2AuthorizationsV2,
+      fkField: 'cadTrustProjectId',
+      table: 'aef_t2_authorizations',
+      label: 'AEF-T2 authorization records',
+    },
+    {
+      model: AefT3ActionsV2,
+      fkField: 'cadTrustProjectId',
+      table: 'aef_t3_actions',
+      label: 'AEF-T3 action records',
+    },
+    {
+      model: AefT4HoldingsV2,
+      fkField: 'cadTrustProjectId',
+      table: 'aef_t4_holdings',
+      label: 'AEF-T4 holding records',
+    },
   ],
   unit: [
     {
diff --git a/tests/v2/integration/project-v2.spec.js b/tests/v2/integration/project-v2.spec.js
@@ -2,7 +2,7 @@ import { expect } from 'chai';
 import supertest from 'supertest';
 import app from '../../../src/server.js';
 import { prepareV2Db } from '../../../src/database/v2/index.js';
-import { StagingV2, ProjectV2, ProgramV2, LocationV2, EstimationV2, RatingV2, CoBenefitV2, ValidationV2, VerificationV2, MethodologyV2, ProjectMethodologyV2, StakeholderV2, StakeholderProjectV2, IssuanceV2, UnitV2, LabelV2, UnitLabelV2 } from '../../../src/models/v2/index.js';
+import { StagingV2, ProjectV2, ProgramV2, LocationV2, EstimationV2, RatingV2, CoBenefitV2, ValidationV2, VerificationV2, MethodologyV2, ProjectMethodologyV2, StakeholderV2, StakeholderProjectV2, IssuanceV2, UnitV2, LabelV2, UnitLabelV2, AefT1SubmissionV2, AefT5AuthorizedEntitiesV2 } from '../../../src/models/v2/index.js';
 import { v4 as uuidv4 } from 'uuid';
 
 import {
@@ -1244,6 +1244,103 @@ describe('V2 Project API - Basic CRUD Tests', function () {
       }
     });
 
+    it('should return 409 when AEF records reference this project', async function () {
+      const chain = await createV2TestProgramChain({ testId: `PROJ-AEF-PROJ-${uuidv4().slice(0, 8)}` });
+      const t1 = await AefT1SubmissionV2.create({
+        cadTrustAefT1SubmissionId: uuidv4(),
+        aefT1SubmissionParty: 'Project reference guard party',
+        aefT1SubmissionVersion: '1.0',
+        aefT1SubmissionReportYear: 2024,
+        aefT1SubmissionSubmissionDate: '2024-01-15',
+      });
+      await AefT5AuthorizedEntitiesV2.create({
+        cadTrustAefT5AuthorizedEntitiesId: uuidv4(),
+        aefT5AuthorizedEntitiesAuthorizationDate: '2024-01-15',
+        aefT5AuthorizedEntitiesName: 'Project reference guard entity',
+        aefT5AuthorizedEntitiesId: `PROJ-REF-AE-${uuidv4().slice(0, 6)}`,
+        aefT5AuthorizedEntitiesCooperativeApproachId: `PROJ-REF-CA-${uuidv4().slice(0, 6)}`,
+        cadTrustAefT1SubmissionId: t1.cadTrustAefT1SubmissionId,
+        cadTrustProjectId: chain.project.cadTrustProjectId,
+      });
+
+      const response = await supertest(app)
+        .delete(`/v2/project/${chain.project.cadTrustProjectId}`)
+        .expect(409);
+
+      expect(response.body.success).to.be.false;
+      expect(response.body.error).to.equal('Referenced records must be removed before deletion');
+      expect(response.body.references).to.deep.include({ table: 'aef_t5_authorized_entities', count: 1 });
+
+      const stagingDeletes = await StagingV2.findAll({
+        where: { table: 'project', action: 'DELETE' },
+        raw: true,
+      });
+      const projectDelete = stagingDeletes.find((row) => {
+        const data = JSON.parse(row.data);
+        return data[0]?.cad_trust_project_id === chain.project.cadTrustProjectId;
+      });
+      expect(projectDelete).to.be.undefined;
+    });
+
+    it('should return 409 when cascade unit has AEF references', async function () {
+      const homeOrgId = await getV2HomeOrgId();
+      const chain = await createV2TestProgramChain({ testId: `PROJ-AEF-GUARD-${uuidv4().slice(0, 8)}` });
+      const unit = await UnitV2.create(addUuidIfNeeded('UnitV2', {
+        unitSerialId: `PROJ-AEF-UNIT-${uuidv4().slice(0, 8)}`,
+        unitStartBlock: '1',
+        unitEndBlock: '100',
+        unitCount: 50,
+        unitType: 'Avoidance - nature',
+        unitVintageYear: 2024,
+        unitStatus: 'Issued',
+        unitMetric: 'tCO2e',
+        cadTrustIssuanceId: chain.issuance.cadTrustIssuanceId,
+        orgUid: homeOrgId,
+      }));
+      const t1 = await AefT1SubmissionV2.create({
+        cadTrustAefT1SubmissionId: uuidv4(),
+        aefT1SubmissionParty: 'Project cascade guard party',
+        aefT1SubmissionVersion: '1.0',
+        aefT1SubmissionReportYear: 2024,
+        aefT1SubmissionSubmissionDate: '2024-01-15',
+      });
+      await AefT5AuthorizedEntitiesV2.create({
+        cadTrustAefT5AuthorizedEntitiesId: uuidv4(),
+        aefT5AuthorizedEntitiesAuthorizationDate: '2024-01-15',
+        aefT5AuthorizedEntitiesName: 'Project cascade guard entity',
+        aefT5AuthorizedEntitiesId: `PROJ-AE-${uuidv4().slice(0, 6)}`,
+        aefT5AuthorizedEntitiesCooperativeApproachId: `PROJ-CA-${uuidv4().slice(0, 6)}`,
+        cadTrustAefT1SubmissionId: t1.cadTrustAefT1SubmissionId,
+        cadTrustUnitId: unit.cadTrustUnitId,
+        cadTrustProjectId: null,
+      });
+
+      const response = await supertest(app)
+        .delete(`/v2/project/${chain.project.cadTrustProjectId}`)
+        .expect(409);
+
+      expect(response.body.success).to.be.false;
+      expect(response.body.error).to.equal('Referenced records must be removed before deletion');
+      expect(response.body.references).to.deep.include({ table: 'aef_t5_authorized_entities', count: 1 });
+
+      const stagingDeletes = await StagingV2.findAll({
+        where: { action: 'DELETE' },
+        raw: true,
+      });
+      const projectDelete = stagingDeletes.find((row) => {
+        if (row.table !== 'project') return false;
+        const data = JSON.parse(row.data);
+        return data[0]?.cad_trust_project_id === chain.project.cadTrustProjectId;
+      });
+      const unitDelete = stagingDeletes.find((row) => {
+        if (row.table !== 'unit') return false;
+        const data = JSON.parse(row.data);
+        return data[0]?.cad_trust_unit_id === unit.cadTrustUnitId;
+      });
+      expect(projectDelete).to.be.undefined;
+      expect(unitDelete).to.be.undefined;
+    });
+
     it('should return 409 when another project references this project', async function () {
       const homeOrgId = await getV2HomeOrgId();
       const program = await ProgramV2.create({
