fix(tasks): require JWT + org scope on stats endpoint

[PierreBrisorgueil]

Summary

• Add JWT authentication, organization resolution, and CASL policy check to GET /api/tasks/stats — previously public with no auth
• Scope the stats count query to organizationId using countDocuments(filter) instead of global estimatedDocumentCount()
• Align stats controller error handling with the standard try/catch pattern used by other task endpoints

Migration

See MIGRATIONS.md — downstream projects calling /api/tasks/stats without a JWT will now receive 401.

Test plan

• Authenticated stats returns 200 with org-scoped count (new test in Logged section)
• Unauthenticated stats returns 401 (updated test in Logout section)
• Stats error path returns 422 (updated mock in Errors section)
• All 31 tasks tests pass (unit + integration + org-scoped)
• CI green

Closes #3430

[coderabbitai]

Warning

Rate limit exceeded

@PierreBrisorgueil has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 18 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 29 minutes and 18 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5c6f9097-9ff0-4c2c-9f2c-79d4cc30107b

📥 Commits

Reviewing files that changed from the base of the PR and between b7388c3 and f06dfc6.

📒 Files selected for processing (7)

• MIGRATIONS.md
• modules/auth/tests/auth.authorization.integration.tests.js
• modules/tasks/controllers/tasks.controller.js
• modules/tasks/repositories/tasks.repository.js
• modules/tasks/routes/tasks.routes.js
• modules/tasks/services/tasks.service.js
• modules/tasks/tests/tasks.integration.tests.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/tasks-stats-auth-org-scope

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR secures the tasks stats endpoint by requiring JWT authentication, resolving organization context, enforcing CASL authorization, and returning an organization-scoped task count instead of a global estimate.

Changes:

• Protect GET /api/tasks/stats with passport.authenticate('jwt'), resolveOrganization, and policy.isAllowed.
• Scope stats counting to organizationId via countDocuments(filter) and plumb org context through controller → service → repository.
• Update integration tests for authenticated/unauthenticated behavior and controller error handling.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
modules/tasks/routes/tasks.routes.js	Adds auth + org resolution + CASL policy middleware to /api/tasks/stats.
modules/tasks/controllers/tasks.controller.js	Switches stats handler to try/catch and passes req.organization to service.
modules/tasks/services/tasks.service.js	Updates stats() to accept an optional organization and build a filter.
modules/tasks/repositories/tasks.repository.js	Replaces estimatedDocumentCount() with countDocuments(filter) for scoping support.
modules/tasks/tests/tasks.integration.tests.js	Adds/updates tests for stats auth requirement and error path behavior.
MIGRATIONS.md	Documents the breaking change for downstream consumers of /api/tasks/stats.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.58%. Comparing base (b7388c3) to head (f06dfc6).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3436   +/-   ##
=======================================
  Coverage   85.58%   85.58%           
=======================================
  Files         113      113           
  Lines        2879     2879           
  Branches      796      796           
=======================================
  Hits         2464     2464           
  Misses        329      329           
  Partials       86       86           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.