From 245da39143fcdc0604b9a059ab05d29ab84d77e6 Mon Sep 17 00:00:00 2001
From: Alex Kotov <kotovalexarian@gmail.com>
Date: Wed, 11 Sep 2019 14:29:47 +0500
Subject: [PATCH] Add action Staffs::X509CertificatesController#show

---
 .../staffs/x509_certificates_controller.rb    | 13 +++++++++
 app/policies/staff/x509_certificate_policy.rb |  6 ++++
 .../staffs/x509_certificates/_table.html.erb  |  6 ++++
 .../staffs/x509_certificates/show.html.erb    | 22 +++++++++++++++
 config/routes.rb                              |  2 +-
 .../staff/x509_certificates/show_spec.rb      | 28 +++++++++++++++++++
 6 files changed, 76 insertions(+), 1 deletion(-)
 create mode 100644 app/views/staffs/x509_certificates/show.html.erb
 create mode 100644 spec/requests/staff/x509_certificates/show_spec.rb

diff --git a/app/controllers/staffs/x509_certificates_controller.rb b/app/controllers/staffs/x509_certificates_controller.rb
index 2a398c6..7c29f76 100644
--- a/app/controllers/staffs/x509_certificates_controller.rb
+++ b/app/controllers/staffs/x509_certificates_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Staffs::X509CertificatesController < ApplicationController
+  before_action :set_x509_certificate, except: :index
+
   # GET /staff/x509_certificates
   def index
     authorize %i[staff x509_certificate]
@@ -9,4 +11,15 @@ class Staffs::X509CertificatesController < ApplicationController
       policy_scope_class: Staff::X509CertificatePolicy::Scope,
     ).page(params[:page])
   end
+
+  # GET /staff/x509_certificates/id
+  def show
+    authorize [:staff, @x509_certificate]
+  end
+
+private
+
+  def set_x509_certificate
+    @x509_certificate = X509Certificate.find params[:id]
+  end
 end
diff --git a/app/policies/staff/x509_certificate_policy.rb b/app/policies/staff/x509_certificate_policy.rb
index 20dff8f..426bdfc 100644
--- a/app/policies/staff/x509_certificate_policy.rb
+++ b/app/policies/staff/x509_certificate_policy.rb
@@ -7,6 +7,12 @@ class Staff::X509CertificatePolicy < ApplicationPolicy
     account&.superuser?
   end
 
+  def show?
+    return false if restricted?
+
+    account&.superuser?
+  end
+
   class Scope < Scope
     def resolve
       return scope.none if restricted?
diff --git a/app/views/staffs/x509_certificates/_table.html.erb b/app/views/staffs/x509_certificates/_table.html.erb
index 42f3dbd..03b2ea3 100644
--- a/app/views/staffs/x509_certificates/_table.html.erb
+++ b/app/views/staffs/x509_certificates/_table.html.erb
@@ -10,6 +10,7 @@
       <th scope="col">
         <%= X509Certificate.human_attribute_name :not_after %>
       </th>
+      <th scope="col"></th>
     </tr>
   </thead>
 
@@ -19,6 +20,11 @@
         <td scope="row"><%= x509_certificate.id %></td>
         <td><%= localize x509_certificate.not_before, format: :long %></td>
         <td><%= localize x509_certificate.not_after, format: :long %></td>
+        <td>
+          <% if policy([:staff, x509_certificate]).show? %>
+            <%= open_action [:staff, x509_certificate] %>
+          <% end %>
+        </td>
       </tr>
     <% end %>
   </tbody>
diff --git a/app/views/staffs/x509_certificates/show.html.erb b/app/views/staffs/x509_certificates/show.html.erb
new file mode 100644
index 0000000..6299172
--- /dev/null
+++ b/app/views/staffs/x509_certificates/show.html.erb
@@ -0,0 +1,22 @@
+<div class="container">
+  <%= nav_breadcrumb(
+    [translate(:staff_services), staff_root_path],
+    [X509Certificate.model_name.human(count: 0), staff_x509_certificates_path],
+    X509Certificate.model_name.human(count: 1),
+  ) %>
+
+  <dl>
+    <dt><%= X509Certificate.human_attribute_name :id %></dt>
+    <dd><%= @x509_certificate.id %></dd>
+
+    <dt><%= X509Certificate.human_attribute_name :not_before %></dt>
+    <dd><%= localize @x509_certificate.not_before, format: :long %></dd>
+
+    <dt><%= X509Certificate.human_attribute_name :not_after %></dt>
+    <dd><%= localize @x509_certificate.not_after, format: :long %></dd>
+  </dl>
+
+  <hr/>
+
+  <pre class="pre-scrollable"><code><%= OpenSSL::X509::Certificate.new(@x509_certificate.pem).to_text %></code></pre>
+</div>
diff --git a/config/routes.rb b/config/routes.rb
index 4546e3c..61efd3e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -61,7 +61,7 @@ Rails.application.routes.draw do
 
     resources :accounts, param: :nickname, only: %i[index show]
 
-    resources :x509_certificates, only: :index
+    resources :x509_certificates, only: %i[index show]
 
     resources :people, only: %i[index show new create] do
       resources :person_comments,
diff --git a/spec/requests/staff/x509_certificates/show_spec.rb b/spec/requests/staff/x509_certificates/show_spec.rb
new file mode 100644
index 0000000..2d83924
--- /dev/null
+++ b/spec/requests/staff/x509_certificates/show_spec.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'GET /staff/x509_certificates/:id' do
+  let(:x509_certificate) { create :self_signed_x509_certificate }
+
+  def make_request
+    get "/staff/x509_certificates/#{x509_certificate.id}"
+  end
+
+  before do
+    sign_in current_account.user if current_account&.user
+    make_request
+  end
+
+  for_account_types nil, :usual do
+    specify do
+      expect(response).to have_http_status :forbidden
+    end
+  end
+
+  for_account_types :superuser do
+    specify do
+      expect(response).to have_http_status :ok
+    end
+  end
+end