Use .for_api_v2 scope for GET /api/v2/plans/:id

aaronskiba · aaronskiba · commit 829281847b90 · 2026-03-12T15:55:39.000-06:00
This change updates `Api::V2::PlansController#show` to use the `.for_api_v2` scope, and applies eager loading of answers (`.includes(answers: { question: :section })`) based on the `complete` param--making the `show` action consistent with `index`.

A new `plans_scope` helper DRYs up the controller by centralizing the shared scope and eager loading logic. Since `.for_api_v2` already filters by `.where(roles: { user_id: user_id, active: true })`, only a presence check is now required in the policy.
diff --git a/app/controllers/api/v2/plans_controller.rb b/app/controllers/api/v2/plans_controller.rb
@@ -8,9 +8,7 @@ class PlansController < BaseApiController # rubocop:todo Style/Documentation
 
       # GET /api/v2/plans/:id
       def show
-        @plan = Plan.includes(roles: :user).find_by(id: params[:id])
-
-        raise Pundit::NotAuthorizedError unless @plan.present?
+        @plan = plans_scope.find_by(id: params[:id])
 
         plans_policy = PlansPolicy.new(@resource_owner, @plan)
         raise Pundit::NotAuthorizedError unless plans_policy.show?
@@ -21,8 +19,7 @@ def show
 
       # GET /api/v2/plans
       def index
-        @plans = PlansPolicy::Scope.new(@resource_owner).resolve
-        @plans = @plans.includes(answers: { question: :section }) if @complete
+        @plans = plans_scope
         @items = paginate_response(results: @plans)
         render '/api/v2/plans/index', status: :ok
       end
@@ -33,6 +30,11 @@ def index
       def set_complete_param
         @complete = params[:complete].to_s.downcase == 'true'
       end
+
+      def plans_scope
+        scope = PlansPolicy::Scope.new(@resource_owner).resolve
+        @complete ? scope.includes(answers: { question: :section }) : scope
+      end
     end
   end
 end
diff --git a/app/policies/api/v2/plans_policy.rb b/app/policies/api/v2/plans_policy.rb
@@ -12,14 +12,19 @@ def initialize(resource_owner, plan = nil) # rubocop:todo Lint/MissingSuper
       end
 
       def show?
-        @plan.roles.where(user_id: @resource_owner.id, active: true).exists?
+        # The show action uses the resolve method, so only a presence check
+        # is needed here (see the resolve method comment for more).
+        @plan.present?
       end
 
       class Scope < Scope # rubocop:todo Style/Documentation
         def initialize(resource_owner) # rubocop:todo Lint/MissingSuper
           @resource_owner = resource_owner
         end
 
+        # Eager loads all associations needed for API v2 serialization,
+        # and restricts to plans where the user_id has an active role.
+        # - (i.e. .where(roles: { user_id: @resource_owner.id, active: true }))
         def resolve
           Plan.for_api_v2(@resource_owner.id)
         end
