mirror of
https://github.com/we-promise/sure.git
synced 2026-07-12 21:05:20 +00:00
Follow-up to #2405. Replace remaining API controller reads of Current.user, Current.family, and Current.session with current_resource_owner. Add an architecture guard test to prevent regression. Scope is limited to the Current sweep only: - Revert balance_sheet user-scoping (moves to account-auth PR B). - Revert provider_connections DebugLogEntry logging (separate PR). - Remove UsersController#destroy attempt to destroy unsaved API session.
47 lines
1002 B
Ruby
47 lines
1002 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::SyncsController < Api::V1::BaseController
|
|
include Pagy::Backend
|
|
|
|
before_action :ensure_read_scope
|
|
before_action :set_sync, only: [ :show ]
|
|
|
|
def index
|
|
@per_page = safe_per_page_param
|
|
@pagy, @syncs = pagy(
|
|
family_syncs_query.preload(:syncable, :children).ordered,
|
|
page: safe_page_param,
|
|
limit: @per_page
|
|
)
|
|
|
|
render :index
|
|
end
|
|
|
|
def latest
|
|
@sync = family_syncs_query.preload(:syncable, :children).ordered.first
|
|
return render json: { data: nil } unless @sync
|
|
|
|
render :show
|
|
end
|
|
|
|
def show
|
|
render :show
|
|
end
|
|
|
|
private
|
|
|
|
def set_sync
|
|
raise ActiveRecord::RecordNotFound unless valid_uuid?(params[:id])
|
|
|
|
@sync = family_syncs_query.preload(:syncable, :children).find(params[:id])
|
|
end
|
|
|
|
def ensure_read_scope
|
|
authorize_scope!(:read)
|
|
end
|
|
|
|
def family_syncs_query
|
|
Sync.for_family(current_resource_owner.family, resource_owner: current_resource_owner)
|
|
end
|
|
end
|