Revert PermissionsController nil-version guard

dadachi · claude · dadachi · commit b90febb78ec6 · 2026-04-29T18:00:48.000+09:00
Per review: a missing current PrivacyVersion/TermsVersion is a
server-side data integrity problem (no row published as current).
Crashing loud is preferable to silently telling the client "you're up
to date" — the latter would mask the data issue and mislead clients.

Keeps the SessionsController fix.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/app/controllers/api/v1/shopkeeper/permissions_controller.rb b/app/controllers/api/v1/shopkeeper/permissions_controller.rb
@@ -8,8 +8,8 @@ def index
     current_privacy_version = PrivacyVersion.current_version
     current_terms_version = TermsVersion.current_version
 
-    should_update_privacy = version_outdated?(current_shopkeeper.confirmed_privacy_version, current_privacy_version)
-    should_update_terms = version_outdated?(current_shopkeeper.confirmed_terms_version, current_terms_version)
+    should_update_privacy = current_shopkeeper.confirmed_privacy_version < current_privacy_version
+    should_update_terms = current_shopkeeper.confirmed_terms_version < current_terms_version
 
     options = {}
     options[:meta] = {
@@ -25,13 +25,4 @@ def index
     permissions = current_accounts_shopkeeper.permissions
     render json: PermissionSerializer.new(permissions, options).serializable_hash
   end
-
-  private
-
-  # nil current → nothing published yet, nothing to update.
-  def version_outdated?(confirmed, current)
-    return false if current.nil?
-
-    confirmed < current
-  end
 end
diff --git a/test/controllers/api/v1/shopkeeper/permissions_controller_test.rb b/test/controllers/api/v1/shopkeeper/permissions_controller_test.rb
@@ -64,15 +64,4 @@ class Api::V1::Shopkeeper::PermissionsControllerTest < ActionDispatch::Integrati
 
     assert_response :unauthorized
   end
-
-  test "index does not crash when there is no current published privacy or terms version" do
-    PrivacyVersion.update_all(current_type: PrivacyVersion.current_types[:uncurrent])
-    TermsVersion.update_all(current_type: TermsVersion.current_types[:uncurrent])
-
-    get api_v1_shopkeeper_permissions_url, headers: @shopkeeper.create_new_auth_token
-
-    assert_response :success
-    assert_equal false, response.parsed_body["meta"]["should_update_privacy"]
-    assert_equal false, response.parsed_body["meta"]["should_update_terms"]
-  end
 end
