Adds index and show defs, and relatives unit tests

app/controllers/api/v1/tasks_controller.rb

@@ -0,0 +1,22 @@
+class Api::V1::TasksController < ApplicationController
+  before_action :set_task, only: %i[show update destroy]
+  before_action :check_login
+
+  def index
+    render json: TaskSerializer.new(Task.all).serializable_hash.to_json
+  end
+
+  def show
+    render json: TaskSerializer.new(@task).serializable_hash.to_json
+  end
+
+  private
+
+  def task_params
+    params.require(:task).permit(:name, :description, :user_id, :activity_id)
+  end
+
+  def set_task
+    @task = Task.find(params[:id])
+  end
+end

app/serializers/task_serializer.rb

@@ -0,0 +1,6 @@
+class TaskSerializer
+  include JSONAPI::Serializer
+  attributes :name, :description, :user_id, :activity_id
+
+  cache_options store: Rails.cache, namespace: 'jsonapi-serializer', expires_in: 1.hour
+end

test/controllers/api/v1/tasks_controller_test.rb

@@ -0,0 +1,37 @@
+require "test_helper"
+
+class Api::V1::TasksControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @task = tasks(:one)
+    @activity = activities(:one)
+    @user = users(:one)
+  end
+
+  # INDEX
+  test "should access index" do
+    get api_v1_activity_tasks_url(@activity),
+    headers: { Authorization: JsonWebToken.encode(user_id: @user.id) },
+    as: :json
+    assert_response :success
+  end
+
+  test "should not access index" do
+    get api_v1_activity_tasks_url(@activity),
+    as: :json
+    assert_response :forbidden
+  end
+
+  # SHOW
+  test "should access show" do
+    get api_v1_activity_task_url(@activity, @task),
+    headers: { Authorization: JsonWebToken.encode(user_id: @user.id) },
+    as: :json
+    assert_response :success
+  end
+
+  test "should not access show" do
+    get api_v1_activity_task_url(@activity, @task),
+    as: :json
+    assert_response :forbidden
+  end
+end