Files
sure/app/controllers/api/v1/provider_connections_controller.rb
Orange🍊 30780a5961 refactor(api): scope controllers through current_resource_owner (#2414)
Follow-up to #2405. Replace remaining API controller reads of
Current.user, Current.family, and Current.session with
current_resource_owner. Add an architecture guard test to prevent
regression.

Scope is limited to the Current sweep only:
- Revert balance_sheet user-scoping (moves to account-auth PR B).
- Revert provider_connections DebugLogEntry logging (separate PR).
- Remove UsersController#destroy attempt to destroy unsaved API session.
2026-06-28 21:59:44 +02:00

25 lines
657 B
Ruby

# frozen_string_literal: true
class Api::V1::ProviderConnectionsController < Api::V1::BaseController
before_action :ensure_read_scope
def index
@provider_connections = ProviderConnectionStatus.for_family(current_resource_owner.family)
render :index
rescue StandardError => e
Rails.logger.error "ProviderConnectionsController#index error: #{e.message}"
e.backtrace&.each { |line| Rails.logger.error line }
render_json({
error: "internal_server_error",
message: "An unexpected error occurred"
}, status: :internal_server_error)
end
private
def ensure_read_scope
authorize_scope!(:read)
end
end