From 431ef8d682da260fe0338cd654b1f2d6f514a9aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leandro=20Alem=C3=A3o?= Date: Wed, 18 Dec 2024 10:06:08 +0000 Subject: [PATCH] [CPDLP-3843] Remove token access for NPQ (NPQ Post Separation Cleanup) --- app/controllers/api/v1/ecf_participants_controller.rb | 5 ----- app/controllers/api/v1/participants_controller.rb | 6 ------ app/controllers/api/v3/delivery_partners_controller.rb | 4 ---- app/controllers/api/v3/ecf/partnerships_controller.rb | 4 ---- app/controllers/api/v3/ecf/schools_controller.rb | 4 ---- app/controllers/api/v3/ecf/transfers_controller.rb | 4 ---- app/controllers/api/v3/ecf/unfunded_mentors_controller.rb | 4 ---- .../api/v3/participant_declarations_controller.rb | 4 ---- app/controllers/concerns/api_token_authenticatable.rb | 2 +- spec/requests/api/v3/statements_spec.rb | 2 +- 10 files changed, 2 insertions(+), 37 deletions(-) diff --git a/app/controllers/api/v1/ecf_participants_controller.rb b/app/controllers/api/v1/ecf_participants_controller.rb index aa3cfa8112..a71135deb4 100644 --- a/app/controllers/api/v1/ecf_participants_controller.rb +++ b/app/controllers/api/v1/ecf_participants_controller.rb @@ -56,11 +56,6 @@ def ecf_participant_params params.permit(:id, filter: %i[cohort updated_since]) end - def access_scope - LeadProviderApiToken - .joins(cpd_lead_provider: [:lead_provider]) - end - def lead_provider current_user.lead_provider end diff --git a/app/controllers/api/v1/participants_controller.rb b/app/controllers/api/v1/participants_controller.rb index 6c45aab0bb..636e646c50 100644 --- a/app/controllers/api/v1/participants_controller.rb +++ b/app/controllers/api/v1/participants_controller.rb @@ -7,12 +7,6 @@ module V1 class ParticipantsController < Api::ApiController include ApiTokenAuthenticatable include ParticipantActions - - private - - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end end end end diff --git a/app/controllers/api/v3/delivery_partners_controller.rb b/app/controllers/api/v3/delivery_partners_controller.rb index d7067c53cd..de90b6785f 100644 --- a/app/controllers/api/v3/delivery_partners_controller.rb +++ b/app/controllers/api/v3/delivery_partners_controller.rb @@ -52,10 +52,6 @@ def delivery_partner_params .permit(:id, :sort, filter: %i[cohort]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::DeliveryPartnerSerializer end diff --git a/app/controllers/api/v3/ecf/partnerships_controller.rb b/app/controllers/api/v3/ecf/partnerships_controller.rb index 9b67eb649d..df6d2ce8da 100644 --- a/app/controllers/api/v3/ecf/partnerships_controller.rb +++ b/app/controllers/api/v3/ecf/partnerships_controller.rb @@ -78,10 +78,6 @@ def ecf_partnership_params .permit(:id, :sort, filter: %i[cohort updated_since delivery_partner_id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::PartnershipSerializer end diff --git a/app/controllers/api/v3/ecf/schools_controller.rb b/app/controllers/api/v3/ecf/schools_controller.rb index 6b2e01be72..e86e5cb2e2 100644 --- a/app/controllers/api/v3/ecf/schools_controller.rb +++ b/app/controllers/api/v3/ecf/schools_controller.rb @@ -42,10 +42,6 @@ def ecf_schools_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::SchoolSerializer end diff --git a/app/controllers/api/v3/ecf/transfers_controller.rb b/app/controllers/api/v3/ecf/transfers_controller.rb index b4349781ae..8bebdb515c 100644 --- a/app/controllers/api/v3/ecf/transfers_controller.rb +++ b/app/controllers/api/v3/ecf/transfers_controller.rb @@ -53,10 +53,6 @@ def ecf_transfer_params .permit(:participant_id, filter: %i[updated_since]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class TransferSerializer end diff --git a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb index 182b66d011..649af378da 100644 --- a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb +++ b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb @@ -46,10 +46,6 @@ def ecf_unfunded_mentors_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::UnfundedMentorSerializer end diff --git a/app/controllers/api/v3/participant_declarations_controller.rb b/app/controllers/api/v3/participant_declarations_controller.rb index 2412404a0f..7a32a01b74 100644 --- a/app/controllers/api/v3/participant_declarations_controller.rb +++ b/app/controllers/api/v3/participant_declarations_controller.rb @@ -102,10 +102,6 @@ def participant_declaration_for_lead_provider @participant_declaration_for_lead_provider ||= ParticipantDeclaration.for_lead_provider(cpd_lead_provider).find(params[:id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + LeadProviderApiToken.joins(cpd_lead_provider: [:npq_lead_provider]) - end - def serializer_class ParticipantDeclarationSerializer end diff --git a/app/controllers/concerns/api_token_authenticatable.rb b/app/controllers/concerns/api_token_authenticatable.rb index a7090ff688..fd52136b5e 100644 --- a/app/controllers/concerns/api_token_authenticatable.rb +++ b/app/controllers/concerns/api_token_authenticatable.rb @@ -50,6 +50,6 @@ def check_access_scope end def access_scope - ApiToken.all + LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) end end diff --git a/spec/requests/api/v3/statements_spec.rb b/spec/requests/api/v3/statements_spec.rb index 5a30c069e8..dea8431f0a 100644 --- a/spec/requests/api/v3/statements_spec.rb +++ b/spec/requests/api/v3/statements_spec.rb @@ -3,7 +3,7 @@ require "rails_helper" RSpec.describe "statements endpoint spec", type: :request do - let(:cpd_lead_provider) { create(:cpd_lead_provider) } + let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } let(:bearer_token) { "Bearer #{token}" }