diff --git a/app/controllers/staffs/accounts_controller.rb b/app/controllers/staffs/accounts_controller.rb index bf17179..e601920 100644 --- a/app/controllers/staffs/accounts_controller.rb +++ b/app/controllers/staffs/accounts_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Staffs::AccountsController < ApplicationController + before_action :set_account, except: :index + # GET /staff/accounts def index authorize %i[staff account] @@ -9,4 +11,15 @@ class Staffs::AccountsController < ApplicationController policy_scope_class: Staff::AccountPolicy::Scope, ) end + + # GET /staff/accounts/:nickname + def show + authorize [:staff, @account] + end + +private + + def set_account + @account = Account.find_by! nickname: params[:nickname] + end end diff --git a/app/policies/staff/account_policy.rb b/app/policies/staff/account_policy.rb index c3ba386..d22c6cf 100644 --- a/app/policies/staff/account_policy.rb +++ b/app/policies/staff/account_policy.rb @@ -5,6 +5,10 @@ class Staff::AccountPolicy < ApplicationPolicy account&.superuser? end + def show? + account&.superuser? + end + class Scope < Scope def resolve return scope.all if account&.superuser? diff --git a/app/views/staffs/accounts/index.html.erb b/app/views/staffs/accounts/index.html.erb index ebc8a06..bcd0153 100644 --- a/app/views/staffs/accounts/index.html.erb +++ b/app/views/staffs/accounts/index.html.erb @@ -41,7 +41,14 @@ <% end %> - + + <% if policy([:staff, account]).show? %> + <%= link_to [:staff, account], + role: :button, class: 'btn btn-light btn-sm' do %> + + <% end %> + <% end %> + <% end %> diff --git a/app/views/staffs/accounts/show.html.erb b/app/views/staffs/accounts/show.html.erb new file mode 100644 index 0000000..2017d89 --- /dev/null +++ b/app/views/staffs/accounts/show.html.erb @@ -0,0 +1,36 @@ +
+ + + <% if @account.superuser? %> +
+ + <%= translate :superuser %> + +
+ <% end %> + +
+
<%= Account.human_attribute_name :id %>
+
<%= @account.id %>
+ +
<%= Account.human_attribute_name :nickname %>
+
<%= @account.nickname %>
+ +
<%= Account.human_attribute_name :public_name %>
+
<%= @account.public_name %>
+
+
diff --git a/config/routes.rb b/config/routes.rb index 6bc6813..4b9fda6 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -48,7 +48,7 @@ Rails.application.routes.draw do get '/sidekiq', to: redirect('/', status: 307), as: :forbidden_sidekiq - resources :accounts, only: :index + resources :accounts, param: :nickname, only: %i[index show] resources :people, only: %i[index show] do resources :person_comments, diff --git a/spec/requests/staff/accounts/show_spec.rb b/spec/requests/staff/accounts/show_spec.rb new file mode 100644 index 0000000..a60bf22 --- /dev/null +++ b/spec/requests/staff/accounts/show_spec.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'GET /staff/accounts/:nickname' do + let!(:some_account) { create :usual_account } + let(:current_account) { create :usual_account } + + def make_request + get "/staff/accounts/#{some_account.nickname}" + end + + before do + sign_in current_account.user if current_account&.user + make_request + end + + for_account_types nil, :guest, :usual do + specify do + expect(response).to have_http_status :forbidden + end + end + + for_account_types :superuser do + specify do + expect(response).to have_http_status :ok + end + end +end