Merge pull request #5772 from nhsuk/index-policy-school-moves-consent-forms

Don't skip `verify_authorized` on `index`

Author: thomasleese

app/controllers/consent_forms_controller.rb

@@ -8,10 +8,11 @@ class ConsentFormsController < ApplicationController
   before_action :set_patient, only: %i[edit_match update_match]
   before_action :set_search_params_present, only: :search
 
-  skip_after_action :verify_authorized, only: :index
   skip_after_action :verify_policy_scoped, only: :search
 
   def index
+    authorize ConsentForm
+
     consent_forms = policy_scope(ConsentForm).unmatched.order(:recorded_at)
 
     if (session_slug = params[:session_slug]).present?

app/controllers/school_moves_controller.rb

@@ -7,11 +7,11 @@ class SchoolMovesController < ApplicationController
   before_action :set_school_move, except: :index
   before_action :set_patient, except: :index
 
-  skip_after_action :verify_authorized, only: :index
-
   layout "full"
 
   def index
+    authorize SchoolMove
+
     school_moves =
       policy_scope(SchoolMove).includes(
         :team,