fix(auth): permission updates for public routes (#86)

Progeser · Dec 10, 2024 · 7761f63 · 7761f63
1 parent ab98f1c
commit 7761f63
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 11 deletions.
diff --git a/app/controllers/api/v1/plants_controller.rb b/app/controllers/api/v1/plants_controller.rb
@@ -2,6 +2,8 @@
 
 class Api::V1::PlantsController < ApiController
   before_action :set_plant, except: %i[index create]
+  skip_before_action :doorkeeper_authorize!, only: :index
+  skip_after_action :verify_authorized, only: :index
 
   def index
     plants = policy_scope(Plant)

diff --git a/app/controllers/api/v1/requests_controller.rb b/app/controllers/api/v1/requests_controller.rb
@@ -2,6 +2,8 @@
 
 class Api::V1::RequestsController < ApiController
   skip_after_action :verify_policy_scoped, only: :requests_to_handle_count
+  skip_before_action :doorkeeper_authorize!, only: :create
+  skip_after_action :verify_authorized, only: :create
 
   before_action :set_request, except: %i[index requests_to_handle_count create]
 
@@ -36,7 +38,6 @@ def show
   end
 
   def create
-    authorize Request
     request = Request.new(request_params)
 
     plant_attributes_from_params(request)

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -40,12 +40,6 @@ class User < ApplicationRecord
            foreign_key: :resource_owner_id,
            dependent: :destroy
 
-  has_many :authored_requests,
-           class_name: 'Request',
-           foreign_key: 'author_id',
-           inverse_of: :author,
-           dependent: :destroy
-
   # Callbacks
   after_discard :anonymize
 

diff --git a/app/policies/request_policy.rb b/app/policies/request_policy.rb
@@ -13,10 +13,6 @@ def show?
     grower?
   end
 
-  def create?
-    true
-  end
-
   def accept?
     grower?
   end
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,10 +13,6 @@ def show? @@
         grower?
       end
-      def create?
-        true
-      end
       def accept?
         grower?
       end
@@ Expand Down @@