Feature: Access tokens for API access (#604)

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>

app/controllers/application_controller.rb

@@ -14,7 +14,25 @@ class ApplicationController < ActionController::Base
   private
 
   def current_account
-    @_ ||= current_user.account
+    @_ ||= find_current_account
+  end
+
+  def find_current_account
+    account = Account.find(params[:account_id])
+    if current_user
+      account_accessible_for_user?(account)
+    elsif @resource&.is_a?(AgentBot)
+      account_accessible_for_bot?(account)
+    end
+    account
+  end
+
+  def account_accessible_for_user?(account)
+    render_unauthorized('You are not authorized to access this account') unless account.account_users.find_by(user_id: current_user.id)
+  end
+
+  def account_accessible_for_bot?(account)
+    render_unauthorized('You are not authorized to access this account') unless @resource.agent_bot_inboxes.find_by(account_id: account.id)
   end
 
   def handle_with_exception