Chore: Code Cleanup in API controllers (chatwoot#932)

* Chore: Code Cleanup in API controllers

* Remove unnecessary scoping for accounts controller

app/controllers/api/base_controller.rb

@@ -11,10 +11,6 @@ def authenticate_by_access_token?
     request.headers[:api_access_token].present? || request.headers[:HTTP_API_ACCESS_TOKEN].present?
   end
 
-  def set_conversation
-    @conversation ||= current_account.conversations.find_by(display_id: params[:conversation_id])
-  end
-
   def check_billing_enabled
     raise ActionController::RoutingError, 'Not Found' unless ENV['BILLING_ENABLED']
   end

app/controllers/api/v1/accounts/actions/contact_merges_controller.rb

@@ -1,10 +1,10 @@
-class Api::V1::Accounts::Actions::ContactMergesController < Api::BaseController
+class Api::V1::Accounts::Actions::ContactMergesController < Api::V1::Accounts::BaseController
   before_action :set_base_contact, only: [:create]
   before_action :set_mergee_contact, only: [:create]
 
   def create
     contact_merge_action = ContactMergeAction.new(
-      account: current_account,
+      account: Current.account,
       base_contact: @base_contact,
       mergee_contact: @mergee_contact
     )
@@ -23,6 +23,6 @@ def set_mergee_contact
   end
 
   def contacts
-    @contacts ||= current_account.contacts
+    @contacts ||= Current.account.contacts
   end
 end

app/controllers/api/v1/accounts/agents_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Accounts::AgentsController < Api::BaseController
+class Api::V1::Accounts::AgentsController < Api::V1::Accounts::BaseController
   before_action :fetch_agent, except: [:create, :index]
   before_action :check_authorization
   before_action :find_user, only: [:create]
@@ -46,7 +46,7 @@ def create_user
 
   def save_account_user
     AccountUser.create!(
-      account_id: current_account.id,
+      account_id: Current.account.id,
       user_id: @user.id,
       role: new_agent_params[:role],
       inviter_id: current_user.id
@@ -64,6 +64,6 @@ def new_agent_params
   end
 
   def agents
-    @agents ||= current_account.users
+    @agents ||= Current.account.users
   end
 end

app/controllers/api/v1/accounts/base_controller.rb

@@ -0,0 +1,31 @@
+class Api::V1::Accounts::BaseController < Api::BaseController
+  before_action :current_account
+
+  private
+
+  def current_account
+    @current_account ||= ensure_current_account
+    Current.account = @current_account
+  end
+
+  def ensure_current_account
+    account = Account.find(params[:account_id])
+    if current_user
+      account_accessible_for_user?(account)
+    elsif @resource&.is_a?(AgentBot)
+      account_accessible_for_bot?(account)
+    end
+    switch_locale account
+    account
+  end
+
+  def account_accessible_for_user?(account)
+    @current_account_user = account.account_users.find_by(user_id: current_user.id)
+    Current.account_user = @current_account_user
+    render_unauthorized('You are not authorized to access this account') unless @current_account_user
+  end
+
+  def account_accessible_for_bot?(account)
+    render_unauthorized('You are not authorized to access this account') unless @resource.agent_bot_inboxes.find_by(account_id: account.id)
+  end
+end

app/controllers/api/v1/accounts/callbacks_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Accounts::CallbacksController < Api::BaseController
+class Api::V1::Accounts::CallbacksController < Api::V1::Accounts::BaseController
   before_action :inbox, only: [:reauthorize_page]
 
   def register_facebook_page
@@ -7,11 +7,11 @@ def register_facebook_page
     page_id = params[:page_id]
     inbox_name = params[:inbox_name]
     ActiveRecord::Base.transaction do
-      facebook_channel = current_account.facebook_pages.create!(
+      facebook_channel = Current.account.facebook_pages.create!(
         page_id: page_id, user_access_token: user_access_token,
         page_access_token: page_access_token
       )
-      @facebook_inbox = current_account.inboxes.create!(name: inbox_name, channel: facebook_channel)
+      @facebook_inbox = Current.account.inboxes.create!(name: inbox_name, channel: facebook_channel)
       set_avatar(@facebook_inbox, page_id)
     rescue StandardError => e
       Rails.logger.info e
@@ -22,7 +22,7 @@ def facebook_pages
     @page_details = mark_already_existing_facebook_pages(fb_object.get_connections('me', 'accounts'))
   end
 
-  # get params[:inbox_id], current_account, params[:omniauth_token]
+  # get params[:inbox_id], current_account. params[:omniauth_token]
   def reauthorize_page
     if @inbox&.facebook?
       fb_page_id = @inbox.channel.page_id
@@ -40,7 +40,7 @@ def reauthorize_page
   private
 
   def inbox
-    @inbox = current_account.inboxes.find_by(id: params[:inbox_id])
+    @inbox = Current.account.inboxes.find_by(id: params[:inbox_id])
   end
 
   def update_fb_page(fb_page_id, access_token)
@@ -50,7 +50,7 @@ def update_fb_page(fb_page_id, access_token)
   end
 
   def get_fb_page(fb_page_id)
-    current_account.facebook_pages.find_by(page_id: fb_page_id)
+    Current.account.facebook_pages.find_by(page_id: fb_page_id)
   end
 
   def fb_object
@@ -69,7 +69,7 @@ def mark_already_existing_facebook_pages(data)
     return [] if data.empty?
 
     data.inject([]) do |result, page_detail|
-      page_detail[:exists] = current_account.facebook_pages.exists?(page_id: page_detail['id']) ? true : false
+      page_detail[:exists] = Current.account.facebook_pages.exists?(page_id: page_detail['id']) ? true : false
       result << page_detail
     end
   end

app/controllers/api/v1/accounts/canned_responses_controller.rb

@@ -1,12 +1,12 @@
-class Api::V1::Accounts::CannedResponsesController < Api::BaseController
+class Api::V1::Accounts::CannedResponsesController < Api::V1::Accounts::BaseController
   before_action :fetch_canned_response, only: [:update, :destroy]
 
   def index
     render json: canned_responses
   end
 
   def create
-    @canned_response = current_account.canned_responses.new(canned_response_params)
+    @canned_response = Current.account.canned_responses.new(canned_response_params)
     @canned_response.save!
     render json: @canned_response
   end
@@ -24,7 +24,7 @@ def destroy
   private
 
   def fetch_canned_response
-    @canned_response = current_account.canned_responses.find(params[:id])
+    @canned_response = Current.account.canned_responses.find(params[:id])
   end
 
   def canned_response_params
@@ -33,9 +33,9 @@ def canned_response_params
 
   def canned_responses
     if params[:search]
-      current_account.canned_responses.where('short_code ILIKE ?', "#{params[:search]}%")
+      Current.account.canned_responses.where('short_code ILIKE ?', "#{params[:search]}%")
     else
-      current_account.canned_responses
+      Current.account.canned_responses
     end
   end
 end

app/controllers/api/v1/accounts/channels/twilio_channels_controller.rb

@@ -1,5 +1,4 @@
-class Api::V1::Accounts::Channels::TwilioChannelsController < Api::BaseController
-  before_action :current_account
+class Api::V1::Accounts::Channels::TwilioChannelsController < Api::V1::Accounts::BaseController
   before_action :authorize_request
 
   def create
@@ -38,13 +37,13 @@ def medium
   end
 
   def build_inbox
-    @twilio_channel = current_account.twilio_sms.create!(
+    @twilio_channel = Current.account.twilio_sms.create!(
       account_sid: permitted_params[:account_sid],
       auth_token: permitted_params[:auth_token],
       phone_number: phone_number,
       medium: medium
     )
-    @inbox = current_account.inboxes.create(
+    @inbox = Current.account.inboxes.create(
       name: permitted_params[:name],
       channel: @twilio_channel
     )

app/controllers/api/v1/accounts/contacts/conversations_controller.rb

@@ -1,6 +1,6 @@
-class Api::V1::Accounts::Contacts::ConversationsController < Api::BaseController
+class Api::V1::Accounts::Contacts::ConversationsController < Api::V1::Accounts::BaseController
   def index
-    @conversations = current_account.conversations.includes(
+    @conversations = Current.account.conversations.includes(
       :assignee, :contact, :inbox
     ).where(inbox_id: inbox_ids, contact_id: permitted_params[:contact_id])
   end
@@ -9,7 +9,7 @@ def index
 
   def inbox_ids
     if current_user.administrator?
-      current_account.inboxes.pluck(:id)
+      Current.account.inboxes.pluck(:id)
     elsif current_user.agent?
       current_user.assigned_inboxes.pluck(:id)
     else

app/controllers/api/v1/accounts/contacts_controller.rb

@@ -1,17 +1,17 @@
-class Api::V1::Accounts::ContactsController < Api::BaseController
+class Api::V1::Accounts::ContactsController < Api::V1::Accounts::BaseController
   protect_from_forgery with: :null_session
 
   before_action :check_authorization
   before_action :fetch_contact, only: [:show, :update]
 
   def index
-    @contacts = current_account.contacts
+    @contacts = Current.account.contacts
   end
 
   def show; end
 
   def create
-    @contact = Contact.new(contact_create_params)
+    @contact = Current.account.contacts.new(contact_create_params)
     @contact.save!
     render json: @contact
   end
@@ -31,10 +31,10 @@ def contact_params
   end
 
   def fetch_contact
-    @contact = current_account.contacts.find(params[:id])
+    @contact = Current.account.contacts.find(params[:id])
   end
 
   def contact_create_params
-    params.require(:contact).permit(:account_id, :inbox_id).merge!(name: SecureRandom.hex)
+    params.require(:contact).permit(:name, :email, :phone_number)
   end
 end

app/controllers/api/v1/accounts/conversations/assignments_controller.rb

@@ -1,10 +1,8 @@
-class Api::V1::Accounts::Conversations::AssignmentsController < Api::BaseController
-  before_action :set_conversation, only: [:create]
-
+class Api::V1::Accounts::Conversations::AssignmentsController < Api::V1::Accounts::Conversations::BaseController
   # assign agent to a conversation
   def create
     # if params[:assignee_id] is not a valid id, it will set to nil, hence unassigning the conversation
-    assignee = current_account.users.find_by(id: params[:assignee_id])
+    assignee = Current.account.users.find_by(id: params[:assignee_id])
     @conversation.update_assignee(assignee)
     render json: assignee
   end

app/controllers/api/v1/accounts/conversations/base_controller.rb

@@ -0,0 +1,9 @@
+class Api::V1::Accounts::Conversations::BaseController < Api::V1::Accounts::BaseController
+  before_action :conversation
+
+  private
+
+  def conversation
+    @conversation ||= Current.account.conversations.find_by(display_id: params[:conversation_id])
+  end
+end

app/controllers/api/v1/accounts/conversations/labels_controller.rb

@@ -1,6 +1,4 @@
-class Api::V1::Accounts::Conversations::LabelsController < Api::BaseController
-  before_action :set_conversation, only: [:create, :index]
-
+class Api::V1::Accounts::Conversations::LabelsController < Api::V1::Accounts::Conversations::BaseController
   def create
     @conversation.update_labels(params[:labels])
     @labels = @conversation.label_list

app/controllers/api/v1/accounts/conversations/messages_controller.rb

@@ -1,6 +1,4 @@
-class Api::V1::Accounts::Conversations::MessagesController < Api::BaseController
-  before_action :set_conversation, only: [:index, :create]
-
+class Api::V1::Accounts::Conversations::MessagesController < Api::V1::Accounts::Conversations::BaseController
   def index
     @messages = message_finder.perform
   end

app/controllers/api/v1/accounts/conversations_controller.rb

@@ -1,6 +1,5 @@
-class Api::V1::Accounts::ConversationsController < Api::BaseController
+class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseController
   include Events::Types
-  before_action :current_account
   before_action :conversation, except: [:index]
   before_action :contact_inbox, only: [:create]
 
@@ -62,7 +61,7 @@ def parsed_last_seen_at
   end
 
   def conversation
-    @conversation ||= current_account.conversations.find_by(display_id: params[:id])
+    @conversation ||= Current.account.conversations.find_by(display_id: params[:id])
   end
 
   def contact_inbox
@@ -71,7 +70,7 @@ def contact_inbox
 
   def conversation_params
     {
-      account_id: current_account.id,
+      account_id: Current.account.id,
       inbox_id: @contact_inbox.inbox_id,
       contact_id: @contact_inbox.contact_id,
       contact_inbox_id: @contact_inbox.id

app/controllers/api/v1/accounts/facebook_indicators_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Accounts::FacebookIndicatorsController < Api::BaseController
+class Api::V1::Accounts::FacebookIndicatorsController < Api::V1::Accounts::BaseController
   before_action :set_access_token
   around_action :handle_with_exception
 
@@ -38,7 +38,7 @@ def payload(action)
   end
 
   def inbox
-    @inbox ||= current_account.inboxes.find(permitted_params[:inbox_id])
+    @inbox ||= Current.account.inboxes.find(permitted_params[:inbox_id])
   end
 
   def set_access_token

app/controllers/api/v1/accounts/inbox_members_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Accounts::InboxMembersController < Api::BaseController
+class Api::V1::Accounts::InboxMembersController < Api::V1::Accounts::BaseController
   before_action :fetch_inbox, only: [:create, :show]
   before_action :current_agents_ids, only: [:create]
 
@@ -12,7 +12,7 @@ def create
   end
 
   def show
-    @agents = current_account.users.where(id: @inbox.members.pluck(:user_id))
+    @agents = Current.account.users.where(id: @inbox.members.pluck(:user_id))
   end
 
   private
@@ -40,6 +40,6 @@ def current_agents_ids
   end
 
   def fetch_inbox
-    @inbox = current_account.inboxes.find(params[:inbox_id])
+    @inbox = Current.account.inboxes.find(params[:inbox_id])
   end
 end

app/controllers/api/v1/accounts/inboxes_controller.rb

@@ -1,17 +1,16 @@
-class Api::V1::Accounts::InboxesController < Api::BaseController
-  before_action :current_account
+class Api::V1::Accounts::InboxesController < Api::V1::Accounts::BaseController
   before_action :fetch_inbox, except: [:index, :create]
   before_action :fetch_agent_bot, only: [:set_agent_bot]
   before_action :check_authorization
 
   def index
-    @inboxes = policy_scope(current_account.inboxes)
+    @inboxes = policy_scope(Current.account.inboxes)
   end
 
   def create
     ActiveRecord::Base.transaction do
       channel = web_widgets.create!(permitted_params[:channel].except(:type)) if permitted_params[:channel][:type] == 'web_widget'
-      @inbox = current_account.inboxes.build(name: permitted_params[:name], channel: channel)
+      @inbox = Current.account.inboxes.build(name: permitted_params[:name], channel: channel)
       @inbox.avatar.attach(permitted_params[:avatar])
       @inbox.save!
     end
@@ -41,15 +40,15 @@ def destroy
   private
 
   def fetch_inbox
-    @inbox = current_account.inboxes.find(params[:id])
+    @inbox = Current.account.inboxes.find(params[:id])
   end
 
   def fetch_agent_bot
     @agent_bot = AgentBot.find(params[:agent_bot]) if params[:agent_bot]
   end
 
   def web_widgets
-    current_account.web_widgets
+    Current.account.web_widgets
   end
 
   def check_authorization