fix(api): Use authorize_scope! for merchants and tags controllers (#643)

* Add files via upload Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * Add merchants and tags resources to routes Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * update * update spaces * fix: Apply CodeRabbit suggestions and add YARD documentation * docs: Add API documentation for merchants and tags endpoints * fix: Address CodeRabbit feedback on documentation * fix: Use authorize_scope! instead of ensure_read_scope --------- Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com>
2026-04-19 12:04:08 +00:00 · 2026-01-14 05:22:19 -05:00
parent a780b34421
commit 8f164b20ef
2 changed files with 3 additions and 3 deletions
--- a/app/controllers/api/v1/merchants_controller.rb
+++ b/app/controllers/api/v1/merchants_controller.rb
@@ -12,7 +12,7 @@ module Api
    #   GET /api/v1/merchants/:id
    #
    class MerchantsController < BaseController
-      before_action :ensure_read_scope
+      before_action -> { authorize_scope!(:read) }

      # List all merchants available to the family
      #
--- a/app/controllers/api/v1/tags_controller.rb
+++ b/app/controllers/api/v1/tags_controller.rb
@@ -13,8 +13,8 @@ module Api
    #   { "tag": { "name": "WhiteHouse", "color": "#3b82f6" } }
    #
    class TagsController < BaseController
-      before_action :ensure_read_scope, only: %i[index show]
-      before_action :ensure_write_scope, only: %i[create update destroy]
+      before_action -> { authorize_scope!(:read) }, only: %i[index show]
+      before_action -> { authorize_scope!(:read_write) }, only: %i[create update destroy]
      before_action :set_tag, only: %i[show update destroy]

      # List all tags belonging to the family