From c33b9c97fe803377bd4ec97d94907187214d5797 Mon Sep 17 00:00:00 2001
From: Matthew Landauer <mlandauer@gmail.com>
Date: Tue, 10 Sep 2024 05:12:35 +0000
Subject: [PATCH] Add api_editor role ability to see and update api keys

---
 app/controllers/admin/application_controller.rb |  2 +-
 app/policies/admin/api_key_policy.rb            | 10 +++++-----
 app/policies/admin/api_usages_policy.rb         |  2 +-
 app/policies/admin/user_policy.rb               |  6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb
index 16bd5bf88..4236b3c68 100644
--- a/app/controllers/admin/application_controller.rb
+++ b/app/controllers/admin/application_controller.rb
@@ -17,7 +17,7 @@ class ApplicationController < Administrate::ApplicationController
     sig { void }
     def authenticate_admin
       authenticate_user!
-      render plain: "Not authorised", status: :forbidden unless T.must(current_user).has_role?(:admin)
+      render plain: "Not authorised", status: :forbidden unless T.must(current_user).has_role?(:admin) || T.must(current_user).has_role?(:api_editor)
     end
 
     sig { returns(T::Array[Symbol]) }
diff --git a/app/policies/admin/api_key_policy.rb b/app/policies/admin/api_key_policy.rb
index 698f58e0f..8543f1d00 100644
--- a/app/policies/admin/api_key_policy.rb
+++ b/app/policies/admin/api_key_policy.rb
@@ -7,28 +7,28 @@ class ApiKeyPolicy < ApplicationPolicy
 
     sig { returns(T::Boolean) }
     def index?
-      user.has_role?(:admin)
+      user.has_role?(:admin) || user.has_role?(:api_editor)
     end
 
     sig { returns(T::Boolean) }
     def show?
-      user.has_role?(:admin)
+      user.has_role?(:admin) || user.has_role?(:api_editor)
     end
 
     sig { returns(T::Boolean) }
     def update?
-      user.has_role?(:admin)
+      user.has_role?(:admin) || user.has_role?(:api_editor)
     end
 
     sig { returns(T::Boolean) }
     def create?
-      user.has_role?(:admin)
+      user.has_role?(:admin) || user.has_role?(:api_editor)
     end
 
     class Scope < ApplicationPolicy::Scope
       sig { returns(ActiveRecord::Relation) }
       def resolve
-        user.has_role?(:admin) ? scope.all : scope.none
+        user.has_role?(:admin) || user.has_role?(:api_editor) ? scope.all : scope.none
       end
     end
   end
diff --git a/app/policies/admin/api_usages_policy.rb b/app/policies/admin/api_usages_policy.rb
index e8751a3e5..388c0cda2 100644
--- a/app/policies/admin/api_usages_policy.rb
+++ b/app/policies/admin/api_usages_policy.rb
@@ -7,7 +7,7 @@ class ApiUsagesPolicy < ApplicationPolicy
 
     sig { returns(T::Boolean) }
     def index?
-      user.has_role?(:admin)
+      user.has_role?(:admin) || user.has_role?(:api_editor)
     end
   end
 end
diff --git a/app/policies/admin/user_policy.rb b/app/policies/admin/user_policy.rb
index 5c69a3308..346fca93d 100644
--- a/app/policies/admin/user_policy.rb
+++ b/app/policies/admin/user_policy.rb
@@ -8,12 +8,12 @@ class UserPolicy < ApplicationPolicy
     # TODO: Extract this into a DefaultAdminPolicy
     sig { returns(T::Boolean) }
     def index?
-      user.has_role?(:admin)
+      user.has_role?(:admin) || user.has_role?(:api_editor)
     end
 
     sig { returns(T::Boolean) }
     def show?
-      user.has_role?(:admin)
+      user.has_role?(:admin) || user.has_role?(:api_editor)
     end
 
     sig { returns(T::Boolean) }
@@ -29,7 +29,7 @@ def destroy?
     class Scope < ApplicationPolicy::Scope
       sig { returns(ActiveRecord::Relation) }
       def resolve
-        user.has_role?(:admin) ? scope.all : scope.none
+        user.has_role?(:admin) || user.has_role?(:api_editor) ? scope.all : scope.none
       end
     end
   end