feat: geofence-based geographic targeting for programs

[jeremi]

Summary

• Add spp_program_geofence module for geofence-based program targeting and eligibility management.
• Extend spp_gis spatial operators to support MultiPolygon and GeometryCollection.
• Make MapTiler API key optional in GIS UI, with OSM fallback when key is not configured.
• Stabilize GIS edit/map widgets (re-render lifecycle, draw interaction behavior).

Follow-up Fixes From Review

• Fixed complex-geometry distance behavior in GIS domain operators:
  • For MultiPolygon / GeometryCollection, (geojson, distance) now applies ST_Buffer(...) correctly instead of ignoring the distance operand.
  • Keeps existing SRID handling parity by transforming to EPSG:3857 when SRID is 4326.
• Added regression tests for distance-buffer behavior on both complex geometry types.
• Aligned access-rights and menu visibility:
  • Added explicit read ACLs in spp_program_geofence for spp.gis.geofence and spp.gis.geofence.tag for Programs Viewer/Validator roles.
  • Added groups restriction on the Geofences menu to avoid exposing menu items to users lacking read access.

Notable Functional Additions

spp_program_geofence

• Program-level geofence_ids and geofence_count.
• Geofence eligibility manager (spp.program.membership.manager.geofence) with:
  • Tier 1: coordinate intersection.
  • Tier 2: area intersection fallback (optional, with area type filter).
• Program configuration UI integration and program creation wizard support.
• Geofence management views/action/menu.

spp_gis

• Operator support for complex geometry types via ST_GeomFromGeoJSON.
• OSM style fallback in renderer/edit widgets when MapTiler key is missing.
• Placeholder-key handling in controller (YOUR_MAPTILER_API_KEY_HERE treated as unconfigured).

Test Plan

• Added unit tests for:
  • MultiPolygon/GeometryCollection SQL generation.
  • Complex geometry distance-buffer SQL path.
• Local validation in this environment:
  • python3 -m py_compile spp_gis/operators.py spp_gis/tests/test_geo_fields.py
• Full module test execution via ./spp t ... is environment-blocked here (tomllib missing in local Python, and fallback script depends on shuf).

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a robust geofence-based geographic targeting system for programs, allowing for precise and flexible definition of eligibility zones. It significantly enhances the underlying GIS infrastructure by adding support for complex geometric types and improving the reliability and user experience of map widgets. These changes collectively empower programs with more advanced spatial management tools and ensure a more secure and resilient mapping environment.

Highlights

• New Geofence-Based Targeting Module: Introduced a new spp_program_geofence module that enables programs to define geographic boundaries (geofences) for registrant eligibility.
• Hybrid Two-Tier Spatial Targeting: Implemented a sophisticated eligibility manager that uses a two-tier approach: precise GPS coordinates and an administrative area fallback for registrants without GPS data.
• Enhanced GIS Capabilities: Upgraded spp_gis to support MultiPolygon and GeometryCollection GeoJSON types, significantly expanding the flexibility of spatial queries.
• Map Widget Improvements and Fixes: Made MapTiler API key optional with an OpenStreetMap (OSM) raster tile fallback, and resolved several map widget bugs including WebGL context leaks, draw control stacking, and layer removal issues.
• SQL Injection Prevention: Addressed potential SQL injection vulnerabilities in GeoJSON operators by implementing parameterized queries for geometry creation.

Changelog

• spp_gis/operators.py
  • Added support for 'MultiPolygon' and 'GeometryCollection' types in ALLOWED_LAYER_TYPE.
  • Introduced create_from_geojson method to safely construct geometry from GeoJSON using parameterized SQL queries.
  • Updated validate_geojson to accept 'MultiPolygon' and 'GeometryCollection' types.
  • Modified domain_query to utilize create_from_geojson for complex geometry types.
• spp_gis/static/src/js/views/gis/gis_renderer/gis_renderer.esm.js
  • Made MapTiler API key configuration conditional, allowing map rendering without it.
  • Implemented OpenStreetMap (OSM) raster tile fallback when a MapTiler API key is not provided.
  • Made GeocodingControl conditional on the presence of a MapTiler API key.
  • Changed API key fetching error logging from error to warn.
• spp_gis/static/src/js/widgets/gis_edit_map/field_gis_edit_map.esm.js
  • Made MapTiler API key configuration conditional.
  • Introduced _getMapStyle method to provide OSM raster tile fallback when a MapTiler API key is not available.
  • Added this.map.remove() before creating a new map instance to prevent WebGL context leaks.
  • Updated removeSourceAndLayer to correctly remove specific polygon, point, and linestring layers.
  • Added this.map.removeControl(this.draw) to prevent draw control stacking.
  • Removed debug console.log statements and a placeholder image popup on map click.
  • Changed API key fetching error logging from error to warn.
• spp_gis/tests/test_geo_fields.py
  • Added TestOperatorMultiPolygon class to test MultiPolygon and GeometryCollection types.
  • Verified domain_query correctly handles MultiPolygon and GeometryCollection GeoJSON, including parameterized SQL and table-qualified column names.
  • Confirmed domain_query accepts GeoJSON strings and Shapely objects for complex types.
  • Ensured validate_geojson accepts new geometry types and rejects invalid ones.
  • Verified that Polygon queries continue to use coordinate-based construction.
• spp_program_geofence/DESCRIPTION.md
  • Added a detailed description of the new module's features and limitations.
• spp_program_geofence/init.py
  • Initialized the Python package for the new module.
• spp_program_geofence/manifest.py
  • Defined the module's metadata, dependencies, and data files.
• spp_program_geofence/models/init.py
  • Imported eligibility_manager and program models.
• spp_program_geofence/models/eligibility_manager.py
  • Registered 'Geofence Eligibility' as a new manager type.
  • Implemented GeofenceMembershipManager with include_area_fallback and fallback_area_type_id fields.
  • Added _get_combined_geometry to union geofence geometries using shapely.ops.unary_union.
  • Implemented _find_eligible_registrants for two-tier spatial eligibility (GPS coordinates and administrative area fallback).
  • Provided methods for enroll_eligible_registrants, verify_cycle_eligibility, and import_eligible_registrants (including asynchronous import for large datasets).
  • Added action_preview_eligible for UI preview of eligible registrants.
• spp_program_geofence/models/program.py
  • Extended spp.program model with geofence_ids (Many2many) and geofence_count fields.
  • Added _compute_geofence_count and action_open_geofences methods.
• spp_program_geofence/security/ir.model.access.csv
  • Defined access control rules for the spp.program.membership.manager.geofence model for different user roles.
• spp_program_geofence/static/description/index.html
  • Added a brief HTML description for the module.
• spp_program_geofence/tests/init.py
  • Initialized the test suite for the module.
• spp_program_geofence/tests/test_geofence_eligibility.py
  • Added TestGeofenceEligibility class with comprehensive tests for the geofence eligibility manager's logic.
  • Tested Tier 1 (coordinates) and Tier 2 (area fallback) eligibility, including various scenarios like multiple geofences, no geofences, disabled registrants, and target types.
  • Included tests for MultiPolygon geofences and the geofence_count field.
  • Added TestGeofenceEligibilityOfficer to verify access rights for program officers.
• spp_program_geofence/views/eligibility_manager_view.xml
  • Defined the form view for the geofence eligibility manager, including settings for area fallback, program geofence display, and a preview section.
• spp_program_geofence/views/geofence_view.xml
  • Defined list, form, and search views for spp.gis.geofence and added a menu item under 'Area'.
• spp_program_geofence/views/program_view.xml
  • Extended the program form view to include a stat button for geofence count and a section on the 'Overview' tab for managing geofence_ids.

Activity

• All 86 tests for spp_gis passed successfully.
• All 23 tests for spp_program_geofence passed successfully.
• Code quality checks (linters: ruff, ruff-format, prettier) passed.
• Manual UI testing was performed to verify geofence creation, configuration of the geofence eligibility manager, previewing, and importing registrants.
• Map display functionality was verified with and without the MapTiler API key.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a major new feature for geofence-based geographic targeting, including a new spp_program_geofence module and extensive tests. It also enhances the spp_gis module by adding support for MultiPolygon and GeometryCollection, and crucially fixes a potential SQL injection vulnerability by using parameterized queries. The map widgets are improved by making the MapTiler API key optional with an OpenStreetMap fallback, and several pre-existing bugs related to WebGL context leaks and control stacking are fixed. The changes are well-structured and of high quality. I have a few suggestions to improve maintainability and robustness.

[codecov]

Codecov Report

❌ Patch coverage is 80.84042% with 383 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.13%. Comparing base (7c329cf) to head (3c22e09).

Files with missing lines	Patch %	Lines
spp_gis_report/models/gis_report.py	53.43%	95 Missing ⚠️
spp_api_v2_gis/routers/ogc_features.py	40.90%	52 Missing ⚠️
spp_cel_domain/models/cel_translator.py	65.71%	48 Missing ⚠️
spp_api_v2_gis/services/ogc_service.py	85.96%	40 Missing ⚠️
spp_api_v2_gis/routers/processes.py	77.27%	25 Missing ⚠️
spp_api_v2_gis/services/layers_service.py	13.04%	20 Missing ⚠️
spp_metric_service/models/demographic_dimension.py	84.87%	18 Missing ⚠️
spp_api_v2_gis/services/spatial_query_service.py	84.15%	16 Missing ⚠️
spp_gis_report/__init__.py	40.74%	16 Missing ⚠️
spp_demo_phl_luzon/models/area_loader.py	84.04%	15 Missing ⚠️
... and 11 more

Additional details and impacted files

@@            Coverage Diff             @@
##             19.0      #76      +/-   ##
==========================================
+ Coverage   71.68%   72.13%   +0.44%     
==========================================
  Files        1010     1010              
  Lines       60072    61250    +1178     
==========================================
+ Hits        43062    44181    +1119     
- Misses      17010    17069      +59     

Flag	Coverage Δ
spp_analytics	93.13% <ø> (ø)
spp_api_v2	79.92% <91.17%> (+0.13%)	⬆️
spp_api_v2_change_request	66.85% <ø> (ø)
spp_api_v2_gis	84.27% <84.40%> (+12.74%)	⬆️
spp_api_v2_programs	?
spp_audit_programs	?
spp_base_common	90.26% <ø> (ø)
spp_cel_domain	61.80% <67.78%> (+0.65%)	⬆️
spp_demo	73.63% <ø> (+2.24%)	⬆️
spp_demo_phl_luzon	87.59% <87.59%> (?)
spp_drims	81.01% <100.00%> (+1.46%)	⬆️
spp_drims_sl_demo	68.65% <85.71%> (-0.26%)	⬇️
spp_gis	75.30% <92.00%> (+1.20%)	⬆️
spp_gis_report	78.20% <53.16%> (-4.41%)	⬇️
spp_hazard	97.60% <94.02%> (-1.99%)	⬇️
spp_hazard_programs	97.14% <ø> (ø)
spp_metric_service	88.91% <86.86%> (-0.67%)	⬇️
spp_mis_demo_v2	68.08% <82.14%> (-5.53%)	⬇️
spp_program_geofence	80.23% <ø> (?)
spp_programs	65.12% <ø> (ø)
spp_registry	86.83% <ø> (?)
spp_security	66.66% <ø> (ø)
spp_source_tracking	?
spp_source_tracking_programs	?
spp_studio_change_requests_programs	?
spp_studio_events	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
spp_api_v2/middleware/auth.py	76.11% <100.00%> (+0.36%)	⬆️
spp_api_v2/models/fastapi_endpoint_registry.py	94.28% <100.00%> (+0.34%)	⬆️
spp_api_v2/schemas/__init__.py	100.00% <100.00%> (ø)
spp_api_v2/schemas/bundle.py	100.00% <100.00%> (ø)
spp_api_v2_gis/__manifest__.py	0.00% <ø> (ø)
spp_api_v2_gis/models/__init__.py	100.00% <100.00%> (ø)
spp_api_v2_gis/models/api_client_scope.py	100.00% <100.00%> (ø)
spp_api_v2_gis/models/fastapi_endpoint.py	100.00% <100.00%> (ø)
spp_api_v2_gis/routers/__init__.py	100.00% <100.00%> (ø)
spp_api_v2_gis/schemas/__init__.py	100.00% <100.00%> (ø)
... and 55 more

... and 77 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jeremi]

Addressed Gemini review feedback in commit 46c90b6:

• Fixed draw handler robustness in GIS edit widget by using event features first and guarding geometry access (with fallback to draw state).
• Replaced import magic numbers with named constants in geofence eligibility manager (ASYNC_IMPORT_THRESHOLD, IMPORT_CHUNK_SIZE).

Kept one medium suggestion as follow-up (optional): deduplicate identical OSM fallback style object between gis_renderer and field_gis_edit_map via shared utility. No functional risk from current duplication.

[gonzalesedwin1123]

CI green-up + coverage pass (ACN)

Worked through the failing checks, brought the branch current with 19.0, reviewed the security findings, and added tests for the lowest-covered new code. Branch is now MERGEABLE / all required checks green. Summary for reviewers:

CI fixes

• spp_drims severity migration — the severity → severity_id / severity_override_id (CAP-vocabulary Many2one) migration missed the spp_drims extension of spp.hazard.incident.area, crashing registry load on the full spp_drims_sl stack (its own-module tests stayed green). Reworked effective_severity → effective_severity_id + the severity_numeric choropleth mapping, and updated the DRIMS demo wizard to write vocab codes.
• Semgrep (8 errors → 0) — SQL-injection (psycopg2.sql.Identifier), XXE (hardened lxml parser), and sudo-on-sensitive findings (justified # nosemgrep with the correct rule id; these are read-only/system-context calls authorized at the router layer).
• eslint — fixed unused-vars + reduced _matchesDomain / renderChoroplethLegends complexity via extract-method; moved inline comments.
• oca-checks — declared the programmatically-loaded spp_demo_phl_luzon data files under an oca_data_manual manifest key.
• pylint (mandatory) — SQL-injection + dropped the deprecated manifest description key.
• formatting — ruff-format / prettier / eol across PR-touched files.

Caught up with 19.0

Merged 19.0 in (clean, no conflicts, no overlap with the changes above). This resolved the README pre-commit drift at its source — CI tests the PR merge ref, and 19.0's README-regen commit had left the branch's generated READMEs stale. Also pinned the README-gen deps (docutils/markdown-it-py) for reproducible output.

GitHub Advanced Security

Reviewed all 91 open Semgrep alerts: none introduced by this work, all warning/note severity, concentrated in demo/vendored/pre-existing code that the repo's own semgrep config already excludes. Nothing actionable in this PR. One area worth a separate, repo-level look: the credential-logging alerts in spp_api_v2/routers/oauth.py + middleware/auth.py (pre-existing on 19.0).

Test coverage

Added tests for the lowest-covered new code (all module suites green):

• spp_api_v2_gis/services/layers_service.py (was 0% on the data-layer paths) — also fixed a setup bug (polygon → geo_polygon, plus the required view_id) that had silently skipped 8 data-layer tests.
• spp_gis_report/models/gis_report.py, spp_api_v2_gis/routers/ogc_features.py (OGC Part 4 write endpoints over HTTP), spp_demo_phl_luzon/models/area_loader.py, spp_api_v2_gis spatial-query helpers + process-job callback, and the spp_cel_domain translation cache.

Happy to adjust any of the suppressions or split anything out if you'd prefer it handled differently.