diff --git a/app/controllers/telegram_bots_controller.rb b/app/controllers/telegram_bots_controller.rb index 4fa4c25..9366488 100644 --- a/app/controllers/telegram_bots_controller.rb +++ b/app/controllers/telegram_bots_controller.rb @@ -1,9 +1,22 @@ # frozen_string_literal: true class TelegramBotsController < ApplicationController + before_action :set_telegram_bot, except: :index + # GET /telegram_bots def index authorize :telegram_bot @telegram_bots = policy_scope(TelegramBot) end + + # GET /telegram_bots/:id + def show + authorize @telegram_bot + end + +private + + def set_telegram_bot + @telegram_bot = TelegramBot.find params[:id] + end end diff --git a/app/policies/telegram_bot_policy.rb b/app/policies/telegram_bot_policy.rb index ee3c204..84e5ad6 100644 --- a/app/policies/telegram_bot_policy.rb +++ b/app/policies/telegram_bot_policy.rb @@ -5,6 +5,10 @@ class TelegramBotPolicy < ApplicationPolicy context.account&.is_superuser? end + def show? + context.account&.is_superuser? + end + class Scope < Scope def resolve return scope.all if context.account&.is_superuser? diff --git a/app/views/telegram_bots/index.html.erb b/app/views/telegram_bots/index.html.erb index bb207e9..f883f3c 100644 --- a/app/views/telegram_bots/index.html.erb +++ b/app/views/telegram_bots/index.html.erb @@ -25,7 +25,14 @@ <%= telegram_bot.secret %> <%= telegram_bot.api_token %> <%= truncate telegram_bot.username, length: 20 %> - + + <% if policy(telegram_bot).show? %> + <%= link_to telegram_bot_path(telegram_bot), + role: :button, class: 'btn btn-light btn-sm' do %> + + <% end %> + <% end %> + <% end %> diff --git a/app/views/telegram_bots/show.html.erb b/app/views/telegram_bots/show.html.erb new file mode 100644 index 0000000..d50a9c2 --- /dev/null +++ b/app/views/telegram_bots/show.html.erb @@ -0,0 +1,12 @@ +
+
+
<%= TelegramBot.human_attribute_name :secret %>
+
<%= @telegram_bot.secret %>
+ +
<%= TelegramBot.human_attribute_name :api_token %>
+
<%= @telegram_bot.api_token %>
+ +
<%= TelegramBot.human_attribute_name :username %>
+
<%= truncate @telegram_bot.username %>
+
+
diff --git a/config/routes.rb b/config/routes.rb index 7749ae5..cb8c70e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -20,7 +20,7 @@ Rails.application.routes.draw do only: %i[index create] end - resources :telegram_bots, only: :index + resources :telegram_bots, only: %i[index show] resources :telegram_bot_updates, only: :create end diff --git a/spec/requests/telegram_bots/show_spec.rb b/spec/requests/telegram_bots/show_spec.rb new file mode 100644 index 0000000..7a72435 --- /dev/null +++ b/spec/requests/telegram_bots/show_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'GET /telegram_bots/:id' do + let!(:telegram_bot) { create :telegram_bot } + + before do + sign_in current_account.user if current_account&.user + get "/telegram_bots/#{telegram_bot.id}" + end + + context 'when no account is authenticated' do + let(:current_account) { nil } + + specify do + expect(response).to have_http_status :unauthorized + end + end + + context 'when guest account is authenticated' do + let(:current_account) { create :guest_account } + + specify do + expect(response).to have_http_status :unauthorized + end + end + + context 'when usual account is authenticated' do + let(:current_account) { create :account_with_user } + + specify do + expect(response).to have_http_status :unauthorized + end + end + + context 'when superuser account is authenticated' do + let(:current_account) { create :superuser_account } + + specify do + expect(response).to have_http_status :ok + end + end +end