refactor(api): scope controllers through current_resource_owner (#2414)

Follow-up to #2405. Replace remaining API controller reads of
Current.user, Current.family, and Current.session with
current_resource_owner. Add an architecture guard test to prevent
regression.

Scope is limited to the Current sweep only:
- Revert balance_sheet user-scoping (moves to account-auth PR B).
- Revert provider_connections DebugLogEntry logging (separate PR).
- Remove UsersController#destroy attempt to destroy unsaved API session.
This commit is contained in:
Orange🍊
2026-06-29 03:59:44 +08:00
committed by GitHub
parent 1fdec91451
commit 30780a5961
8 changed files with 58 additions and 10 deletions

View File

@@ -45,7 +45,6 @@ class Api::V1::UsersController < Api::V1::BaseController
user = current_resource_owner
if user.deactivate
Current.session&.destroy
render json: { message: "Account has been deleted" }
else
render json: { error: "Failed to delete account", details: user.errors.full_messages }, status: :unprocessable_entity