9898ccee9e
## Summary - ensure conversation lookup uses the permission filter before fetching records - add request specs covering custom role access to unassigned conversations ## Testing - bundle exec rspec spec/enterprise/controllers/api/v1/accounts/conversations_controller_spec.rb ------ https://chatgpt.com/codex/tasks/task_e_68de1f62b9b883268a54882e608a8bb8
11 lines
297 B
Ruby
11 lines
297 B
Ruby
class Api::V1::Accounts::Conversations::BaseController < Api::V1::Accounts::BaseController
|
|
before_action :conversation
|
|
|
|
private
|
|
|
|
def conversation
|
|
@conversation ||= Current.account.conversations.find_by!(display_id: params[:conversation_id])
|
|
authorize @conversation, :show?
|
|
end
|
|
end
|