rate limits: add /rate_limits endpoint.

Allow users to view their own rate limits with /rate_limits.json.

Note that rate limits are only updated after every API call, so this
page only shows the state of the limits after the last call, not the
current state.

app/controllers/rate_limits_controller.rb

@@ -0,0 +1,8 @@
+class RateLimitsController < ApplicationController
+  respond_to :html, :json, :xml
+
+  def index
+    @rate_limits = authorize RateLimit.visible(CurrentUser.user).paginated_search(params, count_pages: true)
+    respond_with(@rate_limits)
+  end
+end

app/models/rate_limit.rb

@@ -5,6 +5,22 @@ class RateLimit < ApplicationRecord
     expired.delete_all
   end
 
+  def self.visible(user)
+    if user.is_owner?
+      all
+    elsif user.is_anonymous?
+      none
+    else
+      where(key: [user.cache_key])
+    end
+  end
+
+  def self.search(params)
+    q = search_attributes(params, :id, :created_at, :updated_at, :limited, :points, :action, :key)
+    q = q.apply_default_order(params)
+    q
+  end
+
   # `action` is the action being limited. Usually a controller endpoint.
   # `keys` is who is being limited. Usually a [user, ip] pair, meaning the action is limited both by the user's ID and their IP.
   # `cost` is the number of points the action costs.

app/policies/rate_limit_policy.rb

@@ -0,0 +1,5 @@
+class RateLimitPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+end

app/views/rate_limits/index.html.erb

@@ -0,0 +1,21 @@
+<div id="c-rate-limits">
+  <div id="a-index">
+    <%= table_for @rate_limits, class: "striped autofit" do |t| %>
+      <% t.column :action %>
+
+      <% t.column :key %>
+
+      <% t.column :points do |rate_limit| %>
+        <%= rate_limit.points.round(2) %>
+      <% end %>
+
+      <% t.column :limited? %>
+
+      <% t.column :updated_at do |rate_limit| %>
+        <%= time_ago_in_words_tagged rate_limit.updated_at %>
+      <% end %>
+    <% end %>
+
+    <%= numbered_paginator(@rate_limits) %>
+  </div>
+</div>