QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-05-08 13:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
41339b04941dcecc3f24af411d4c834687f18cdf
sure/app/controllers/api/v1/accounts_controller.rb
ghost cc043b5caf feat(api): expose complete account export state (#1597) 
* feat(api): expose complete account export state

* fix(api): handle malformed account identifiers

* fix(api): tighten account export contracts

* fix(api): correct account id OpenAPI format

* fix(api): tighten account docs auth contracts

* docs(api): document balance sheet auth errors

* docs(api): clarify account scope fixture
2026-05-01 15:22:28 +02:00

93 lines
2.2 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class Api::V1::AccountsController < Api::V1::BaseController
include Pagy::Backend
# Ensure proper scope authorization for read access
before_action :ensure_read_scope
def index
@per_page = safe_per_page_param
@pagy, @accounts = pagy(
accounts_scope.alphabetically,
page: safe_page_param,
limit: @per_page
)
render :index
rescue => e
Rails.logger.error "AccountsController#index error: #{e.message}"
Rails.logger.error e.backtrace.join("\n")
render json: {
error: "internal_server_error",
message: "An unexpected error occurred"
}, status: :internal_server_error
end
def show
unless valid_uuid?(params[:id])
render json: {
error: "not_found",
message: "Account not found"
}, status: :not_found
return
end
@account = accounts_scope.find(params[:id])
render :show
rescue ActiveRecord::RecordNotFound
render json: {
error: "not_found",
message: "Account not found"
}, status: :not_found
rescue => e
Rails.logger.error "AccountsController#show error: #{e.message}"
Rails.logger.error e.backtrace.join("\n")
render json: {
error: "internal_server_error",
message: "An unexpected error occurred"
}, status: :internal_server_error
end
private
def ensure_read_scope
authorize_scope!(:read)
end
def accounts_scope
scope = current_resource_owner.family.accounts
.accessible_by(current_resource_owner)
.includes(:accountable, account_providers: :provider)
include_disabled_accounts? ? scope : scope.visible
end
def include_disabled_accounts?
ActiveModel::Type::Boolean.new.cast(params[:include_disabled])
end
def valid_uuid?(value)
value.to_s.match?(/\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/i)
end
def safe_page_param
page = params[:page].to_i
page > 0 ? page : 1
end
def safe_per_page_param
per_page = params[:per_page].to_i
case per_page
when 1..100
per_page
else
25
end
end
end
Reference in New Issue View Git Blame Copy Permalink