feat(api): expose complete account export state (#1597)

* feat(api): expose complete account export state * fix(api): handle malformed account identifiers * fix(api): tighten account export contracts * fix(api): correct account id OpenAPI format * fix(api): tighten account docs auth contracts * docs(api): document balance sheet auth errors * docs(api): clarify account scope fixture
2026-05-10 14:15:01 +00:00 · 2026-05-01 07:22:28 -06:00
parent cfa4dfd035
commit cc043b5caf
10 changed files with 808 additions and 265 deletions
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -7,53 +7,86 @@ class Api::V1::AccountsController < Api::V1::BaseController
  before_action :ensure_read_scope

  def index
-    # Test with Pagy pagination
-    family = current_resource_owner.family
-    accounts_query = family.accounts.accessible_by(current_resource_owner).visible.alphabetically
-
-    # Handle pagination with Pagy
-    @pagy, @accounts = pagy(
-      accounts_query,
-      page: safe_page_param,
-      limit: safe_per_page_param
-    )
-
    @per_page = safe_per_page_param

-    # Rails will automatically use app/views/api/v1/accounts/index.json.jbuilder
+    @pagy, @accounts = pagy(
+      accounts_scope.alphabetically,
+      page: safe_page_param,
+      limit: @per_page
+    )
+
    render :index
  rescue => e
-    Rails.logger.error "AccountsController error: #{e.message}"
+    Rails.logger.error "AccountsController#index error: #{e.message}"
    Rails.logger.error e.backtrace.join("\n")

    render json: {
      error: "internal_server_error",
      message: "An unexpected error occurred"
    }, status: :internal_server_error
-end
-
-    private
-
-      def ensure_read_scope
-        authorize_scope!(:read)
-      end
-
-
-
-      def safe_page_param
-        page = params[:page].to_i
-        page > 0 ? page : 1
-      end
-
-      def safe_per_page_param
-        per_page = params[:per_page].to_i
-
-        # Default to 25, max 100
-        case per_page
-        when 1..100
-          per_page
-        else
-          25
-        end
-      end
+  end
+
+  def show
+    unless valid_uuid?(params[:id])
+      render json: {
+        error: "not_found",
+        message: "Account not found"
+      }, status: :not_found
+      return
+    end
+
+    @account = accounts_scope.find(params[:id])
+
+    render :show
+  rescue ActiveRecord::RecordNotFound
+    render json: {
+      error: "not_found",
+      message: "Account not found"
+    }, status: :not_found
+  rescue => e
+    Rails.logger.error "AccountsController#show error: #{e.message}"
+    Rails.logger.error e.backtrace.join("\n")
+
+    render json: {
+      error: "internal_server_error",
+      message: "An unexpected error occurred"
+    }, status: :internal_server_error
+  end
+
+  private
+
+    def ensure_read_scope
+      authorize_scope!(:read)
+    end
+
+    def accounts_scope
+      scope = current_resource_owner.family.accounts
+                                    .accessible_by(current_resource_owner)
+                                    .includes(:accountable, account_providers: :provider)
+      include_disabled_accounts? ? scope : scope.visible
+    end
+
+    def include_disabled_accounts?
+      ActiveModel::Type::Boolean.new.cast(params[:include_disabled])
+    end
+
+    def valid_uuid?(value)
+      value.to_s.match?(/\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/i)
+    end
+
+    def safe_page_param
+      page = params[:page].to_i
+      page > 0 ? page : 1
+    end
+
+    def safe_per_page_param
+      per_page = params[:per_page].to_i
+
+      case per_page
+      when 1..100
+        per_page
+      else
+        25
+      end
+    end
 end