Add action Staffs::X509CertificatesController#show

app/controllers/staffs/x509_certificates_controller.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Staffs::X509CertificatesController < ApplicationController
+  before_action :set_x509_certificate, except: :index
+
   # GET /staff/x509_certificates
   def index
     authorize %i[staff x509_certificate]
@@ -9,4 +11,15 @@ class Staffs::X509CertificatesController < ApplicationController
       policy_scope_class: Staff::X509CertificatePolicy::Scope,
     ).page(params[:page])
   end
+
+  # GET /staff/x509_certificates/id
+  def show
+    authorize [:staff, @x509_certificate]
+  end
+
+private
+
+  def set_x509_certificate
+    @x509_certificate = X509Certificate.find params[:id]
+  end
 end

app/policies/staff/x509_certificate_policy.rb

@@ -7,6 +7,12 @@ class Staff::X509CertificatePolicy < ApplicationPolicy
     account&.superuser?
   end
 
+  def show?
+    return false if restricted?
+
+    account&.superuser?
+  end
+
   class Scope < Scope
     def resolve
       return scope.none if restricted?

app/views/staffs/x509_certificates/_table.html.erb

@@ -10,6 +10,7 @@
       <th scope="col">
         <%= X509Certificate.human_attribute_name :not_after %>
       </th>
+      <th scope="col"></th>
     </tr>
   </thead>
 
@@ -19,6 +20,11 @@
         <td scope="row"><%= x509_certificate.id %></td>
         <td><%= localize x509_certificate.not_before, format: :long %></td>
         <td><%= localize x509_certificate.not_after, format: :long %></td>
+        <td>
+          <% if policy([:staff, x509_certificate]).show? %>
+            <%= open_action [:staff, x509_certificate] %>
+          <% end %>
+        </td>
       </tr>
     <% end %>
   </tbody>

app/views/staffs/x509_certificates/show.html.erb

@@ -0,0 +1,22 @@
+<div class="container">
+  <%= nav_breadcrumb(
+    [translate(:staff_services), staff_root_path],
+    [X509Certificate.model_name.human(count: 0), staff_x509_certificates_path],
+    X509Certificate.model_name.human(count: 1),
+  ) %>
+
+  <dl>
+    <dt><%= X509Certificate.human_attribute_name :id %></dt>
+    <dd><%= @x509_certificate.id %></dd>
+
+    <dt><%= X509Certificate.human_attribute_name :not_before %></dt>
+    <dd><%= localize @x509_certificate.not_before, format: :long %></dd>
+
+    <dt><%= X509Certificate.human_attribute_name :not_after %></dt>
+    <dd><%= localize @x509_certificate.not_after, format: :long %></dd>
+  </dl>
+
+  <hr/>
+
+  <pre class="pre-scrollable"><code><%= OpenSSL::X509::Certificate.new(@x509_certificate.pem).to_text %></code></pre>
+</div>

config/routes.rb

@@ -61,7 +61,7 @@ Rails.application.routes.draw do
 
     resources :accounts, param: :nickname, only: %i[index show]
 
-    resources :x509_certificates, only: :index
+    resources :x509_certificates, only: %i[index show]
 
     resources :people, only: %i[index show new create] do
       resources :person_comments,

spec/requests/staff/x509_certificates/show_spec.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'GET /staff/x509_certificates/:id' do
+  let(:x509_certificate) { create :self_signed_x509_certificate }
+
+  def make_request
+    get "/staff/x509_certificates/#{x509_certificate.id}"
+  end
+
+  before do
+    sign_in current_account.user if current_account&.user
+    make_request
+  end
+
+  for_account_types nil, :usual do
+    specify do
+      expect(response).to have_http_status :forbidden
+    end
+  end
+
+  for_account_types :superuser do
+    specify do
+      expect(response).to have_http_status :ok
+    end
+  end
+end