Simplify people ciontroller by leaning on resource controller authorization

rsmithlal · rsmithlal · commit f2db055adc85 · 2024-11-27T16:13:51.000-03:30
diff --git a/app/controllers/better_together/people_controller.rb b/app/controllers/better_together/people_controller.rb
@@ -3,13 +3,10 @@
 module BetterTogether
   class PeopleController < FriendlyResourceController # rubocop:todo Style/Documentation
     before_action :set_person, only: %i[show edit update destroy]
-    before_action :authorize_person, only: %i[show edit update destroy]
-    after_action :verify_authorized, except: :index
 
     # GET /people
     def index
-      authorize resource_class
-      @people = policy_scope(resource_class.with_translations)
+      @people = resource_collection
     end
 
     # GET /people/1
@@ -57,12 +54,7 @@ def destroy
       redirect_to people_url, notice: 'Person was successfully deleted.', status: :see_other
     end
 
-    private
-
-    # Adds a policy check for the person
-    def authorize_person
-      authorize @person
-    end
+    protected
 
     def id_param
       params[:id] || params[:person_id]
@@ -97,7 +89,7 @@ def resource_class
     end
 
     def resource_collection # rubocop:todo Metrics/MethodLength
-      resource_class.with_translations.with_attached_profile_image.with_attached_cover_image.includes(
+      policy_scope(resource_class.with_translations.with_attached_profile_image.with_attached_cover_image.includes(
         contact_detail: %i[phone_numbers email_addresses website_links addresses social_media_accounts],
         person_platform_memberships: {
           joinable: [:string_translations, { profile_image_attachment: :blob }],
@@ -107,7 +99,7 @@ def resource_collection # rubocop:todo Metrics/MethodLength
           joinable: [:string_translations, { profile_image_attachment: :blob }],
           role: [:string_translations]
         }
-      )
+      ))
     end
   end
 end
diff --git a/app/controllers/better_together/resource_controller.rb b/app/controllers/better_together/resource_controller.rb
@@ -6,6 +6,7 @@ class ResourceController < ApplicationController
     before_action :set_resource_instance, only: %i[show edit update destroy]
     before_action :authorize_resource, only: %i[show edit update destroy]
     before_action :authorize_resource_class, only: %i[index]
+    after_action :verify_authorized, except: :index
 
     helper_method :resource_class
     helper_method :resource_collection
