diff --git a/app/controllers/api/v1/ecf_participants_controller.rb b/app/controllers/api/v1/ecf_participants_controller.rb index aa3cfa81128..a71135deb47 100644 --- a/app/controllers/api/v1/ecf_participants_controller.rb +++ b/app/controllers/api/v1/ecf_participants_controller.rb @@ -56,11 +56,6 @@ def ecf_participant_params params.permit(:id, filter: %i[cohort updated_since]) end - def access_scope - LeadProviderApiToken - .joins(cpd_lead_provider: [:lead_provider]) - end - def lead_provider current_user.lead_provider end diff --git a/app/controllers/api/v1/participants_controller.rb b/app/controllers/api/v1/participants_controller.rb index 6c45aab0bba..636e646c50d 100644 --- a/app/controllers/api/v1/participants_controller.rb +++ b/app/controllers/api/v1/participants_controller.rb @@ -7,12 +7,6 @@ module V1 class ParticipantsController < Api::ApiController include ApiTokenAuthenticatable include ParticipantActions - - private - - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end end end end diff --git a/app/controllers/api/v3/delivery_partners_controller.rb b/app/controllers/api/v3/delivery_partners_controller.rb index d7067c53cd4..de90b6785f9 100644 --- a/app/controllers/api/v3/delivery_partners_controller.rb +++ b/app/controllers/api/v3/delivery_partners_controller.rb @@ -52,10 +52,6 @@ def delivery_partner_params .permit(:id, :sort, filter: %i[cohort]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::DeliveryPartnerSerializer end diff --git a/app/controllers/api/v3/ecf/partnerships_controller.rb b/app/controllers/api/v3/ecf/partnerships_controller.rb index 9b67eb649d9..df6d2ce8da7 100644 --- a/app/controllers/api/v3/ecf/partnerships_controller.rb +++ b/app/controllers/api/v3/ecf/partnerships_controller.rb @@ -78,10 +78,6 @@ def ecf_partnership_params .permit(:id, :sort, filter: %i[cohort updated_since delivery_partner_id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::PartnershipSerializer end diff --git a/app/controllers/api/v3/ecf/schools_controller.rb b/app/controllers/api/v3/ecf/schools_controller.rb index 6b2e01be726..e86e5cb2e2a 100644 --- a/app/controllers/api/v3/ecf/schools_controller.rb +++ b/app/controllers/api/v3/ecf/schools_controller.rb @@ -42,10 +42,6 @@ def ecf_schools_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::SchoolSerializer end diff --git a/app/controllers/api/v3/ecf/transfers_controller.rb b/app/controllers/api/v3/ecf/transfers_controller.rb index b4349781aef..8bebdb515c8 100644 --- a/app/controllers/api/v3/ecf/transfers_controller.rb +++ b/app/controllers/api/v3/ecf/transfers_controller.rb @@ -53,10 +53,6 @@ def ecf_transfer_params .permit(:participant_id, filter: %i[updated_since]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class TransferSerializer end diff --git a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb index 182b66d0116..649af378da8 100644 --- a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb +++ b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb @@ -46,10 +46,6 @@ def ecf_unfunded_mentors_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::UnfundedMentorSerializer end diff --git a/app/controllers/api/v3/participant_declarations_controller.rb b/app/controllers/api/v3/participant_declarations_controller.rb index 2412404a0f9..7a32a01b745 100644 --- a/app/controllers/api/v3/participant_declarations_controller.rb +++ b/app/controllers/api/v3/participant_declarations_controller.rb @@ -102,10 +102,6 @@ def participant_declaration_for_lead_provider @participant_declaration_for_lead_provider ||= ParticipantDeclaration.for_lead_provider(cpd_lead_provider).find(params[:id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + LeadProviderApiToken.joins(cpd_lead_provider: [:npq_lead_provider]) - end - def serializer_class ParticipantDeclarationSerializer end diff --git a/app/controllers/concerns/api_token_authenticatable.rb b/app/controllers/concerns/api_token_authenticatable.rb index a7090ff6884..fd52136b5e3 100644 --- a/app/controllers/concerns/api_token_authenticatable.rb +++ b/app/controllers/concerns/api_token_authenticatable.rb @@ -50,6 +50,6 @@ def check_access_scope end def access_scope - ApiToken.all + LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) end end diff --git a/spec/requests/api/v3/statements_spec.rb b/spec/requests/api/v3/statements_spec.rb index 5a30c069e84..dea8431f0aa 100644 --- a/spec/requests/api/v3/statements_spec.rb +++ b/spec/requests/api/v3/statements_spec.rb @@ -3,7 +3,7 @@ require "rails_helper" RSpec.describe "statements endpoint spec", type: :request do - let(:cpd_lead_provider) { create(:cpd_lead_provider) } + let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } let(:bearer_token) { "Bearer #{token}" }