diff --git a/app/controllers/api/v1/ecf_participants_controller.rb b/app/controllers/api/v1/ecf_participants_controller.rb index aa3cfa8112..172863d451 100644 --- a/app/controllers/api/v1/ecf_participants_controller.rb +++ b/app/controllers/api/v1/ecf_participants_controller.rb @@ -5,7 +5,7 @@ module Api module V1 class ECFParticipantsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiCsv include ApiFilter @@ -56,11 +56,6 @@ def ecf_participant_params params.permit(:id, filter: %i[cohort updated_since]) end - def access_scope - LeadProviderApiToken - .joins(cpd_lead_provider: [:lead_provider]) - end - def lead_provider current_user.lead_provider end diff --git a/app/controllers/api/v1/participant_declarations_controller.rb b/app/controllers/api/v1/participant_declarations_controller.rb index bf79fc5d6d..93817b4eff 100644 --- a/app/controllers/api/v1/participant_declarations_controller.rb +++ b/app/controllers/api/v1/participant_declarations_controller.rb @@ -4,7 +4,7 @@ module Api module V1 class ParticipantDeclarationsController < Api::ApiController include ApiAuditable - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiCsv include ApiFilter diff --git a/app/controllers/api/v1/participants_controller.rb b/app/controllers/api/v1/participants_controller.rb index 6c45aab0bb..c3b72bd0bf 100644 --- a/app/controllers/api/v1/participants_controller.rb +++ b/app/controllers/api/v1/participants_controller.rb @@ -5,14 +5,8 @@ module Api module V1 class ParticipantsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ParticipantActions - - private - - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end end end end diff --git a/app/controllers/api/v3/delivery_partners_controller.rb b/app/controllers/api/v3/delivery_partners_controller.rb index d7067c53cd..60de6b2534 100644 --- a/app/controllers/api/v3/delivery_partners_controller.rb +++ b/app/controllers/api/v3/delivery_partners_controller.rb @@ -3,7 +3,7 @@ module Api module V3 class DeliveryPartnersController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation @@ -52,10 +52,6 @@ def delivery_partner_params .permit(:id, :sort, filter: %i[cohort]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::DeliveryPartnerSerializer end diff --git a/app/controllers/api/v3/ecf/partnerships_controller.rb b/app/controllers/api/v3/ecf/partnerships_controller.rb index 9b67eb649d..c188092212 100644 --- a/app/controllers/api/v3/ecf/partnerships_controller.rb +++ b/app/controllers/api/v3/ecf/partnerships_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class PartnershipsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation @@ -78,10 +78,6 @@ def ecf_partnership_params .permit(:id, :sort, filter: %i[cohort updated_since delivery_partner_id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::PartnershipSerializer end diff --git a/app/controllers/api/v3/ecf/schools_controller.rb b/app/controllers/api/v3/ecf/schools_controller.rb index 6b2e01be72..841e4a9b7c 100644 --- a/app/controllers/api/v3/ecf/schools_controller.rb +++ b/app/controllers/api/v3/ecf/schools_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class SchoolsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation @@ -42,10 +42,6 @@ def ecf_schools_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::SchoolSerializer end diff --git a/app/controllers/api/v3/ecf/transfers_controller.rb b/app/controllers/api/v3/ecf/transfers_controller.rb index b4349781ae..cd75e4bc21 100644 --- a/app/controllers/api/v3/ecf/transfers_controller.rb +++ b/app/controllers/api/v3/ecf/transfers_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class TransfersController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation @@ -53,10 +53,6 @@ def ecf_transfer_params .permit(:participant_id, filter: %i[updated_since]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class TransferSerializer end diff --git a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb index 182b66d011..ed99a2d89a 100644 --- a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb +++ b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class UnfundedMentorsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation @@ -46,10 +46,6 @@ def ecf_unfunded_mentors_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::UnfundedMentorSerializer end diff --git a/app/controllers/api/v3/finance/statements_controller.rb b/app/controllers/api/v3/finance/statements_controller.rb index 46975ccab9..9c0966a7f0 100644 --- a/app/controllers/api/v3/finance/statements_controller.rb +++ b/app/controllers/api/v3/finance/statements_controller.rb @@ -3,7 +3,7 @@ module Api module V3 class Finance::StatementsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/api/v3/participant_declarations_controller.rb b/app/controllers/api/v3/participant_declarations_controller.rb index 2412404a0f..f9a6f5f2d7 100644 --- a/app/controllers/api/v3/participant_declarations_controller.rb +++ b/app/controllers/api/v3/participant_declarations_controller.rb @@ -4,7 +4,7 @@ module Api module V3 class ParticipantDeclarationsController < Api::ApiController include ApiAuditable - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation @@ -102,10 +102,6 @@ def participant_declaration_for_lead_provider @participant_declaration_for_lead_provider ||= ParticipantDeclaration.for_lead_provider(cpd_lead_provider).find(params[:id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + LeadProviderApiToken.joins(cpd_lead_provider: [:npq_lead_provider]) - end - def serializer_class ParticipantDeclarationSerializer end diff --git a/app/controllers/concerns/lead_provider_api_token_authenticatable.rb b/app/controllers/concerns/lead_provider_api_token_authenticatable.rb new file mode 100644 index 0000000000..6ef8da544f --- /dev/null +++ b/app/controllers/concerns/lead_provider_api_token_authenticatable.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +module LeadProviderApiTokenAuthenticatable + extend ActiveSupport::Concern + include ApiTokenAuthenticatable + +private + + def access_scope + LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + end +end diff --git a/app/models/npq_registration_api_token.rb b/app/models/npq_registration_api_token.rb deleted file mode 100644 index a6bd5cb043..0000000000 --- a/app/models/npq_registration_api_token.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -class NPQRegistrationApiToken < ApiToken - attribute :private_api_access, default: true - - def owner - "npq_registration_application" - end - - def owner_description - "NPQ registration application" - end -end diff --git a/db/legacy_seeds/dummy_structures.rb b/db/legacy_seeds/dummy_structures.rb index c7432d1fa7..a756b7d76c 100644 --- a/db/legacy_seeds/dummy_structures.rb +++ b/db/legacy_seeds/dummy_structures.rb @@ -238,15 +238,11 @@ # The tokens below have different unhashed version to avoid worrying about clever cryptographic attacks if Rails.env.review? EngageAndLearnApiToken.find_or_create_by!(hashed_token: "dfce9a34c6f982e8adb4b903f8b6064682e6ad1f7858c41ed8a0a7468abc8896") - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "1dae3836ed90df4b796eff1f4a4713247ac5bc8a00352ea46eee621d74cd4fcf") DataStudioApiToken.find_or_create_by!(hashed_token: "c7123fb0e2aecb17e1089e01849d71665983e200e891fe726341a08f176c1d64") elsif Rails.env.development? EngageAndLearnApiToken.find_or_create_by!(hashed_token: "f4a16cd7fc10918fbc7d869d7a83df36059bb98fac7c82502d797b1f1dd73e86") end end -if Rails.env.sandbox? - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "166eaa39950ad15f2f36041cb9062cc8fa9f109945fe9b8378bf904fe35369bc") -end unless Rails.env.sandbox? [ diff --git a/db/new_seeds/base/add_api_tokens.rb b/db/new_seeds/base/add_api_tokens.rb index 588072de7a..e2f246ecf0 100644 --- a/db/new_seeds/base/add_api_tokens.rb +++ b/db/new_seeds/base/add_api_tokens.rb @@ -4,15 +4,12 @@ if Rails.env.in?(%w[review staging]) EngageAndLearnApiToken.find_or_create_by!(hashed_token: "dfce9a34c6f982e8adb4b903f8b6064682e6ad1f7858c41ed8a0a7468abc8896") - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "1dae3836ed90df4b796eff1f4a4713247ac5bc8a00352ea46eee621d74cd4fcf") DataStudioApiToken.find_or_create_by!(hashed_token: "c7123fb0e2aecb17e1089e01849d71665983e200e891fe726341a08f176c1d64") elsif Rails.env.development? EngageAndLearnApiToken.find_or_create_by!(hashed_token: "f4a16cd7fc10918fbc7d869d7a83df36059bb98fac7c82502d797b1f1dd73e86") end -if Rails.env.sandbox? - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "166eaa39950ad15f2f36041cb9062cc8fa9f109945fe9b8378bf904fe35369bc") -else +unless Rails.env.sandbox? { "Ambition Institute" => "ambition-token", "Best Practice Network" => "best-practice-token", diff --git a/spec/docs/v3/statements_spec.rb b/spec/docs/v3/statements_spec.rb index b547f2c1a6..c59b32a59d 100644 --- a/spec/docs/v3/statements_spec.rb +++ b/spec/docs/v3/statements_spec.rb @@ -3,7 +3,7 @@ require "swagger_helper" RSpec.describe "API", type: :request, swagger_doc: "v3/api_spec.json" do - let(:cpd_lead_provider) { create(:cpd_lead_provider) } + let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } let(:bearer_token) { "Bearer #{token}" } let(:Authorization) { bearer_token } diff --git a/spec/requests/api/v1/data_studio/school_rollout_spec.rb b/spec/requests/api/v1/data_studio/school_rollout_spec.rb index 2c25996442..901a0465c0 100644 --- a/spec/requests/api/v1/data_studio/school_rollout_spec.rb +++ b/spec/requests/api/v1/data_studio/school_rollout_spec.rb @@ -57,7 +57,7 @@ end context "using a private token from different scope" do - let(:other_private_token) { NPQRegistrationApiToken.create_with_random_token! } + let(:other_private_token) { DataStudioApiToken.create_with_random_token! } it "returns data successfully" do default_headers[:Authorization] = "Bearer #{other_private_token}" diff --git a/spec/requests/api/v3/statements_spec.rb b/spec/requests/api/v3/statements_spec.rb index 5a30c069e8..dea8431f0a 100644 --- a/spec/requests/api/v3/statements_spec.rb +++ b/spec/requests/api/v3/statements_spec.rb @@ -3,7 +3,7 @@ require "rails_helper" RSpec.describe "statements endpoint spec", type: :request do - let(:cpd_lead_provider) { create(:cpd_lead_provider) } + let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } let(:bearer_token) { "Bearer #{token}" }