Decouple Authorization Logic from ReviewBidsController

[d1chiqua]

As a developer, I want to decouple authorization logic from the controller so that the code adheres to the Single Responsibility Principle.

Tasks

• [x] Refactor action_allowed? method in ReviewBidsController.
• [ ] Test authorization across different user roles.

Acceptance Criteria

• [x] The action_allowed? method in ReviewBidsController is removed or simplified to delegate authorization checks.
• [ ] All existing features and behaviors of the ReviewBidsController remain unchanged after refactoring.
• [ ] Automated tests are written to cover authorization scenarios for all relevant user roles
• [ ] Tests confirm that authorized users can access appropriate actions and unauthorized users are properly restricted.
• [ ] The refactored code passes peer review focusing on code quality, readability, and compliance with the Single Responsibility Principle.
• [ ] Any feedback from the code review is addressed and resolved.
• [ ] Design documentation is updated to reflect changes in authorization handling

[d1chiqua]

https://staging.rubyvideo.dev/talks/access-denied-the-missing-guide-to-authorization-in-rails

[d1chiqua]

https://guides.rubyonrails.org/layouts_and_rendering.html

[d1chiqua]

https://guides.rubyonrails.org/action_controller_overview.html