fix: resolve CI pre-commit and auth audit failures

Author: jeremi

scripts/audit-api-auth.py

@@ -80,6 +80,8 @@
     ("spp_encryption_rest_api", "well_known.py", "*"),
     # FastAPI demo router (development only)
     ("fastapi", "demo_router.py", "*"),
+    # OGC OPTIONS endpoint - CORS preflight, public by design
+    ("spp_api_v2_gis", "ogc_features.py", "options_collection_items"),
 }
 
 

spp_api_v2_gis/README.rst

@@ -1,12 +1,8 @@
-.. image:: https://odoo-community.org/readme-banner-image
-   :target: https://odoo-community.org/get-involved?utm_source=readme
-   :alt: Odoo Community Association
-
 ===============
 OpenSPP GIS API
 ===============
 
-.. 
+..
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
@@ -20,67 +16,137 @@ OpenSPP GIS API
 .. |badge2| image:: https://img.shields.io/badge/license-LGPL--3-blue.png
     :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
     :alt: License: LGPL-3
-.. |badge3| image:: https://img.shields.io/badge/github-OpenSPP%2Fopenspp--modules-lightgray.png?logo=github
-    :target: https://github.com/OpenSPP/openspp-modules/tree/19.0/spp_api_v2_gis
-    :alt: OpenSPP/openspp-modules
+.. |badge3| image:: https://img.shields.io/badge/github-OpenSPP%2FOpenSPP2-lightgray.png?logo=github
+    :target: https://github.com/OpenSPP/OpenSPP2/tree/19.0/spp_api_v2_gis
+    :alt: OpenSPP/OpenSPP2
 
 |badge1| |badge2| |badge3|
 
-REST API for QGIS plugin integration, providing GeoJSON endpoints,
-spatial queries, and geofence management.
+REST API for QGIS plugin integration, providing OGC API - Features
+endpoints, spatial queries, and geofence management.
 
 Key Features
 ------------
 
--  **Layer Catalog**: List available GIS layers and reports
--  **GeoJSON Export**: Get pre-aggregated layer data for QGIS
--  **QML Styling**: Fetch QGIS style files for consistent visualization
--  **Spatial Queries**: Query registrant statistics within arbitrary
-   polygons using PostGIS
--  **Geofence Management**: Save and manage areas of interest
+- **OGC API - Features**: Standards-compliant feature collections
+  (GovStack GIS BB)
+- **GeoJSON Export**: Get pre-aggregated layer data for QGIS
+- **QML Styling**: Fetch QGIS style files for consistent visualization
+- **Spatial Queries**: Query registrant statistics within arbitrary
+  polygons using PostGIS
+- **Geofence Management**: Save and manage areas of interest
 
 Architecture
 ------------
 
 Follows thin client architecture where QGIS displays data and OpenSPP
 performs all computation:
 
--  All spatial queries executed in PostGIS for performance
--  Pre-aggregated data returned to minimize data transfer
--  Configuration-driven styling using QML templates
--  OAuth 2.0 authentication with scope-based access control
+- All spatial queries executed in PostGIS for performance (including
+  bbox via ST_Intersects)
+- Pre-aggregated data returned to minimize data transfer
+- Configuration-driven styling using QML templates
+- JWT authentication with scope-based access control
 
 API Endpoints
 -------------
 
--  ``GET /gis/catalog`` - List available layers and reports
--  ``GET /gis/layers/{id}`` - Get layer as GeoJSON FeatureCollection
--  ``GET /gis/layers/{id}/qml`` - Get QGIS style file
--  ``POST /gis/query/statistics`` - Query statistics for polygon
--  ``POST /gis/geofences`` - Create geofence
--  ``GET /gis/geofences`` - List geofences
--  ``GET /gis/geofences/{id}`` - Get single geofence as GeoJSON
--  ``DELETE /gis/geofences/{id}`` - Archive geofence
--  ``GET /gis/export/geopackage`` - Export layers for offline use
-
-Required Scopes
----------------
-
--  ``gis:read`` - View layers and statistics
--  ``gis:geofence`` - Create and manage geofences
+**OGC API - Features (primary interface)**
+
++-------------------------------------------+--------+------------------------------+
+| Endpoint                                  | Method | Description                  |
++===========================================+========+==============================+
+| ``/gis/ogc/``                             | GET    | OGC API landing page         |
++-------------------------------------------+--------+------------------------------+
+| ``/gis/ogc/conformance``                  | GET    | OGC conformance classes      |
++-------------------------------------------+--------+------------------------------+
+| ``/gis/ogc/collections``                  | GET    | List feature collections     |
++-------------------------------------------+--------+------------------------------+
+| ``/gis/ogc/collections/{id}``             | GET    | Collection metadata          |
++-------------------------------------------+--------+------------------------------+
+| ``/gis/ogc/collections/{id}/items``       | GET    | Feature items (GeoJSON)      |
++-------------------------------------------+--------+------------------------------+
+| ``/gis/ogc/collections/{id}/items/{fid}`` | GET    | Single feature               |
++-------------------------------------------+--------+------------------------------+
+| ``/gis/ogc/collections/{id}/qml``         | GET    | QGIS style file (extension)  |
++-------------------------------------------+--------+------------------------------+
+
+**Additional endpoints**
+
+========================== ========== =======================
+Endpoint                   Method     Description
+========================== ========== =======================
+``/gis/query/statistics``  POST       Query stats for polygon
+``/gis/geofences``         POST/GET   Geofence management
+``/gis/geofences/{id}``    GET/DELETE Single geofence
+``/gis/export/geopackage`` GET        Export for offline use
+========================== ========== =======================
+
+Scopes and Data Privacy
+-----------------------
+
+**OAuth Scopes**
+
++------------------+--------------+------------------------------------+
+| Scope            | Access       | Description                        |
++==================+==============+====================================+
+| ``gis:read``     | Read-only    | View collections, layers,          |
+|                  |              | statistics, export data            |
++------------------+--------------+------------------------------------+
+| ``gis:geofence`` | Read + Write | Create and archive geofences (also |
+|                  |              | requires ``gis:read`` for listing) |
++------------------+--------------+------------------------------------+
+
+**What data is exposed**
+
+**Aggregated statistics only.** No endpoint in this module returns
+individual registrant records.
+
+- **OGC collections/items**: Return GeoJSON features organized by
+  administrative area, with pre-computed aggregate values (counts,
+  percentages). Each feature represents an *area*, not a person.
+- **Spatial query statistics** (``POST /gis/query/statistics``): Accepts
+  a GeoJSON polygon and returns configured aggregate statistics computed
+  by ``spp.aggregation.service``. Individual registrant IDs are computed
+  internally for aggregation but are **explicitly stripped** from the
+  response before it is sent (see ``spatial_query.py``).
+- **Exports** (GeoPackage/GeoJSON): Contain the same area-level
+  aggregated layer data, not registrant-level records.
+- **Geofences**: Store only geometry and metadata — no registrant data.
+
+**Privacy controls**
+
+- **K-anonymity suppression**: Statistics backed by CEL variables can
+  apply k-anonymity thresholds. When a cell count falls below the
+  configured minimum, the value is replaced with a suppression marker
+  and flagged as ``"suppressed": true`` in the response. This prevents
+  re-identification in small populations.
+- **CEL variable configuration**: Administrators control which
+  statistics are published and their suppression thresholds via
+  ``spp.statistic`` records.
+- **Scope separation**: ``gis:read`` and ``gis:geofence`` are separate
+  scopes, allowing clients to be granted read-only access without write
+  capability.
+
+**Design rationale**
+
+This module follows a **thin client** architecture: QGIS (or any
+OGC-compatible client) displays pre-aggregated data, while OpenSPP
+retains all individual-level data server-side. This ensures that GIS API
+clients — including the QGIS plugin — never need access to personally
+identifiable information.
 
 Dependencies
 ------------
 
--  ``spp_api_v2`` - FastAPI infrastructure
--  ``spp_gis`` - PostGIS integration
--  ``spp_gis_report`` - Report configuration
--  ``spp_area`` - Administrative area data
+- ``spp_api_v2`` - FastAPI infrastructure
+- ``spp_gis`` - PostGIS integration
+- ``spp_gis_report`` - Report configuration
+- ``spp_area`` - Administrative area data
 
 .. IMPORTANT::
    This is an alpha version, the data model and design can change at any time without warning.
    Only for development or testing purpose, do not use in production.
-   `More details on development status <https://odoo-community.org/page/development-status>`_
 
 **Table of contents**
 
@@ -90,10 +156,10 @@ Dependencies
 Bug Tracker
 ===========
 
-Bugs are tracked on `GitHub Issues <https://github.com/OpenSPP/openspp-modules/issues>`_.
+Bugs are tracked on `GitHub Issues <https://github.com/OpenSPP/OpenSPP2/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
-`feedback <https://github.com/OpenSPP/openspp-modules/issues/new?body=module:%20spp_api_v2_gis%0Aversion:%2019.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+`feedback <https://github.com/OpenSPP/OpenSPP2/issues/new?body=module:%20spp_api_v2_gis%0Aversion:%2019.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.
 
@@ -122,6 +188,6 @@ Current maintainers:
 
 |maintainer-jeremi| |maintainer-gonzalesedwin1123| |maintainer-reichie020212| 
 
-This module is part of the `OpenSPP/openspp-modules <https://github.com/OpenSPP/openspp-modules/tree/19.0/spp_api_v2_gis>`_ project on GitHub.
+This module is part of the `OpenSPP/OpenSPP2 <https://github.com/OpenSPP/OpenSPP2/tree/19.0/spp_api_v2_gis>`_ project on GitHub.
 
-You are welcome to contribute.
+You are welcome to contribute.

spp_api_v2_gis/__manifest__.py

@@ -31,36 +31,4 @@
     "summary": """
         OGC API - Features compliant GIS endpoints for QGIS and GovStack GIS BB.
     """,
-    "description": """
-OpenSPP GIS API
-===============
-
-Extends OpenSPP API V2 with OGC API - Features compliant endpoints,
-enabling GovStack GIS Building Block compliance and interoperability
-with any OGC client (QGIS, ArcGIS, Leaflet, ogr2ogr, etc.).
-
-OGC API - Features Endpoints
------------------------------
-- ``GET /gis/ogc/`` - Landing page
-- ``GET /gis/ogc/conformance`` - Conformance declaration
-- ``GET /gis/ogc/collections`` - List feature collections
-- ``GET /gis/ogc/collections/{id}`` - Collection metadata
-- ``GET /gis/ogc/collections/{id}/items`` - Feature items (GeoJSON)
-- ``GET /gis/ogc/collections/{id}/items/{fid}`` - Single feature
-- ``GET /gis/ogc/collections/{id}/qml`` - QGIS style file (extension)
-
-Proprietary Endpoints
----------------------
-- ``POST /gis/query/statistics`` - Spatial statistics query
-- ``CRUD /gis/geofences`` - Manage saved areas of interest
-- ``GET /gis/export/geopackage`` - Export layers for offline use
-
-Design Principles
------------------
-- OGC API - Features Core + GeoJSON conformance
-- Thin client architecture (QGIS displays, OpenSPP computes)
-- Pre-aggregated data for performance
-- PostGIS spatial queries
-- Requires authentication via OAuth 2.0
-    """,
 }

spp_api_v2_gis/models/geofence.py

@@ -136,7 +136,7 @@ def _compute_area_sqkm(self):
                 result = self.env.cr.fetchone()
                 rec.area_sqkm = result[0] if result else 0.0
             except Exception as e:
-                _logger.warning("Failed to compute area for geofence %s: %s", rec.name, str(e))
+                _logger.warning("Failed to compute area for geofence %s: %s", rec.id, str(e))
                 rec.area_sqkm = 0.0
 
     @api.constrains("name", "active")
@@ -186,7 +186,7 @@ def to_geojson(self):
         try:
             geometry_dict = mapping(self.geometry)
         except Exception as e:
-            _logger.warning("Failed to convert geometry to GeoJSON for geofence %s: %s", self.name, str(e))
+            _logger.warning("Failed to convert geometry to GeoJSON for geofence %s: %s", self.id, str(e))
             geometry_dict = None
 
         return {

spp_api_v2_gis/readme/DESCRIPTION.md

@@ -19,7 +19,7 @@ Follows thin client architecture where QGIS displays data and OpenSPP performs a
 
 ## API Endpoints
 
-### OGC API - Features (primary interface)
+**OGC API - Features (primary interface)**
 
 | Endpoint | Method | Description |
 |----------|--------|-------------|
@@ -31,7 +31,7 @@ Follows thin client architecture where QGIS displays data and OpenSPP performs a
 | `/gis/ogc/collections/{id}/items/{fid}` | GET | Single feature |
 | `/gis/ogc/collections/{id}/qml` | GET | QGIS style file (extension) |
 
-### Additional endpoints
+**Additional endpoints**
 
 | Endpoint | Method | Description |
 |----------|--------|-------------|
@@ -42,14 +42,14 @@ Follows thin client architecture where QGIS displays data and OpenSPP performs a
 
 ## Scopes and Data Privacy
 
-### OAuth Scopes
+**OAuth Scopes**
 
 | Scope | Access | Description |
 |-------|--------|-------------|
 | `gis:read` | Read-only | View collections, layers, statistics, export data |
 | `gis:geofence` | Read + Write | Create and archive geofences (also requires `gis:read` for listing) |
 
-### What data is exposed
+**What data is exposed**
 
 **Aggregated statistics only.** No endpoint in this module returns individual registrant records.
 
@@ -58,13 +58,13 @@ Follows thin client architecture where QGIS displays data and OpenSPP performs a
 - **Exports** (GeoPackage/GeoJSON): Contain the same area-level aggregated layer data, not registrant-level records.
 - **Geofences**: Store only geometry and metadata — no registrant data.
 
-### Privacy controls
+**Privacy controls**
 
 - **K-anonymity suppression**: Statistics backed by CEL variables can apply k-anonymity thresholds. When a cell count falls below the configured minimum, the value is replaced with a suppression marker and flagged as `"suppressed": true` in the response. This prevents re-identification in small populations.
 - **CEL variable configuration**: Administrators control which statistics are published and their suppression thresholds via `spp.statistic` records.
 - **Scope separation**: `gis:read` and `gis:geofence` are separate scopes, allowing clients to be granted read-only access without write capability.
 
-### Design rationale
+**Design rationale**
 
 This module follows a **thin client** architecture: QGIS (or any OGC-compatible client) displays pre-aggregated data, while OpenSPP retains all individual-level data server-side. This ensures that GIS API clients — including the QGIS plugin — never need access to personally identifiable information.
 

spp_api_v2_gis/services/layers_service.py

@@ -300,7 +300,7 @@ def _get_data_layer_geojson(self, layer_id, include_geometry=True, limit=None, o
             "styling": styling,
         }
 
-        _logger.info("Generated GeoJSON for layer: %s with %d features", layer.name, len(features))
+        _logger.info("Generated GeoJSON for layer: %s with %d features", layer.id, len(features))
 
         return geojson
 
@@ -318,7 +318,7 @@ def _fetch_layer_features(self, layer, include_geometry, limit=None, offset=0, b
             list: List of GeoJSON features
         """
         if not layer.model_name or not layer.geo_field_id:
-            _logger.warning("Layer %s has no model or geo field configured", layer.name)
+            _logger.warning("Layer %s has no model or geo field configured", layer.id)
             return []
 
         Model = self.env[layer.model_name].sudo()
@@ -331,7 +331,7 @@ def _fetch_layer_features(self, layer, include_geometry, limit=None, offset=0, b
 
                 domain = literal_eval(layer.domain)
             except (ValueError, SyntaxError) as e:
-                _logger.warning("Invalid domain on layer %s: %s", layer.name, e)
+                _logger.warning("Invalid domain on layer %s: %s", layer.id, e)
 
         # Apply bbox spatial filter via PostGIS ST_Intersects
         if bbox:

spp_api_v2_gis/services/qml_template_service.py

@@ -122,7 +122,7 @@ def _generate_graduated_polygon(
         # Get thresholds
         thresholds = report.threshold_ids.sorted("sequence")
         if not thresholds:
-            _logger.warning("No thresholds defined for report: %s", report.name)
+            _logger.warning("No thresholds defined for report: %s", report.id)
             # Generate default single-class QML
             return self._generate_default_polygon(template, field_name, opacity)