feat: Add route to list accounts that belongs to a platform_app (#12140)

This PR creates a new route to list all accounts that a platform_app has access to. Fixes: #12109
2025-10-29 18:22:53 +00:00 · 2025-08-11 16:23:05 -03:00
parent c31325e982
commit 81d8d3862d
4 changed files with 47 additions and 1 deletions
--- a/app/controllers/platform/api/v1/accounts_controller.rb
+++ b/app/controllers/platform/api/v1/accounts_controller.rb
@@ -1,4 +1,11 @@
 class Platform::Api::V1::AccountsController < PlatformController
+  def index
+    @resources = @platform_app.platform_app_permissibles
+                              .where(permissible_type: 'Account')
+                              .includes(:permissible)
+                              .map(&:permissible)
+  end
+
  def show; end

  def create
--- a/app/views/platform/api/v1/accounts/index.json.jbuilder
+++ b/app/views/platform/api/v1/accounts/index.json.jbuilder
@@ -0,0 +1,3 @@
+json.array! @resources do |account|
+  json.partial! 'platform/api/v1/models/account', formats: [:json], resource: account
+end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -425,7 +425,7 @@ Rails.application.routes.draw do
        resources :agent_bots, only: [:index, :create, :show, :update, :destroy] do
          delete :avatar, on: :member
        end
-        resources :accounts, only: [:create, :show, :update, :destroy] do
+        resources :accounts, only: [:index, :create, :show, :update, :destroy] do
          resources :account_users, only: [:index, :create] do
            collection do
              delete :destroy
--- a/spec/controllers/platform/api/v1/accounts_controller_spec.rb
+++ b/spec/controllers/platform/api/v1/accounts_controller_spec.rb
@@ -78,6 +78,42 @@ RSpec.describe 'Platform Accounts API', type: :request do
    end
  end

+  describe 'GET /platform/api/v1/accounts' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        get '/platform/api/v1/accounts'
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        get '/platform/api/v1/accounts', headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+      let!(:account1) { create(:account, name: 'Account A') }
+      let!(:account2) { create(:account, name: 'Account B') }
+
+      before do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account1)
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account2)
+      end
+
+      it 'returns all permissible accounts' do
+        get '/platform/api/v1/accounts', headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        json_response = response.parsed_body
+        expect(json_response.size).to eq(2)
+        expect(json_response.map { |acc| acc['name'] }).to include('Account A', 'Account B')
+      end
+    end
+  end
+
  describe 'GET /platform/api/v1/accounts/{account_id}' do
    context 'when it is an unauthenticated platform app' do
      it 'returns unauthorized' do