Merge pull request #1846 from internetee/1818-block-bulk-changes-on-update-prohibited

Add check if UpdateProhibited to nameserver bulk update
2025-06-08 13:44:47 +02:00 · 2021-02-23 17:01:56 +02:00 · 2021-02-23 17:01:56 +02:00 · 02ec43a1dc
commit 02ec43a1dc
parent 9fddb47310 44add87fe2
5 changed files with 71 additions and 2 deletions
--- a/app/models/concerns/domain/transferable.rb
+++ b/app/models/concerns/domain/transferable.rb
@ -31,7 +31,9 @@ module Concerns::Domain::Transferable
      DomainStatus::PENDING_TRANSFER,
      DomainStatus::FORCE_DELETE,
      DomainStatus::SERVER_TRANSFER_PROHIBITED,
-      DomainStatus::CLIENT_TRANSFER_PROHIBITED
+      DomainStatus::CLIENT_TRANSFER_PROHIBITED,
+      DomainStatus::SERVER_UPDATE_PROHIBITED,
+      DomainStatus::CLIENT_UPDATE_PROHIBITED,
    ]).empty?
  end

--- a/app/models/registrar.rb
+++ b/app/models/registrar.rb
@ -153,7 +153,7 @@ class Registrar < ApplicationRecord
        puny = origin.domain.name_puny
        next unless domains.include?(idn) || domains.include?(puny) || domains.empty?

-        if origin.domain.nameservers.where(hostname: new_attributes[:hostname]).any?
+        if domain_not_updatable?(hostname: new_attributes[:hostname], domain: origin.domain)
          failed_list << idn
          next
        end
@ -202,6 +202,10 @@ class Registrar < ApplicationRecord

  private

+  def domain_not_updatable?(hostname:, domain:)
+    domain.nameservers.where(hostname: hostname).any? || domain.bulk_update_prohibited?
+  end
+
  def set_defaults
    self.language = Setting.default_language unless language
  end
--- a/test/integration/api/domain_transfers_test.rb
+++ b/test/integration/api/domain_transfers_test.rb
@ -63,6 +63,23 @@ class APIDomainTransfersTest < ApplicationIntegrationTest
    assert_equal 1, @new_registrar.contacts.where(name: 'William').size
  end

+  def test_bulk_transfer_if_domain_has_update_prohibited_status
+    domains(:shop).update!(statuses: [DomainStatus::SERVER_UPDATE_PROHIBITED])
+
+    post '/repp/v1/domains/transfer', params: request_params, as: :json,
+         headers: { 'HTTP_AUTHORIZATION' => http_auth_key }
+
+    assert_response :ok
+    assert_equal ({ code: 1000,
+                    message: 'Command completed successfully',
+                    data: { success: [],
+                    failed: [{ type: "domain_transfer",
+                               domain_name: "shop.test",
+                               errors: [{:code=>"2304", :msg=>"Object status prohibits operation"}] }],
+                    }}),
+                JSON.parse(response.body, symbolize_names: true)
+  end
+
  private

  def request_params
--- a/test/integration/api/nameservers/put_test.rb
+++ b/test/integration/api/nameservers/put_test.rb
@ -104,6 +104,25 @@ class APINameserversPutTest < ApplicationIntegrationTest
                 JSON.parse(response.body, symbolize_names: true)
  end

+  def test_bulk_namesaervers_if_domain_update_prohibited
+    domains(:shop).update!(statuses: [DomainStatus::SERVER_UPDATE_PROHIBITED])
+
+    params = { data: { type: 'nameserver', id: domains(:shop).nameservers.hostnames[0],
+                       attributes: { hostname: 'ns55.bestnames.test' } } }
+    put '/repp/v1/registrar/nameservers', params: params, as: :json,
+        headers: { 'HTTP_AUTHORIZATION' => http_auth_key }
+
+        assert_response :ok
+        assert_equal ({ code: 1000,
+                    message: 'Command completed successfully',
+                    data: { type: "nameserver",
+                            id: "ns55.bestnames.test",
+                            attributes: {hostname: "ns55.bestnames.test"},
+                            affected_domains: ["airport.test"],
+                            skipped_domains: ["shop.test"]}}),
+            JSON.parse(response.body, symbolize_names: true)
+  end
+
  def test_unauthenticated
    put '/repp/v1/registrar/nameservers'
    assert_response 401
--- a/test/integration/repp/v1/registrar/nameservers_test.rb
+++ b/test/integration/repp/v1/registrar/nameservers_test.rb
@ -34,6 +34,33 @@ class ReppV1RegistrarNameserversTest < ActionDispatch::IntegrationTest
    assert json[:data][:affected_domains].include? 'shop.test'
  end

+  def test_fails_to_update_if_prohibited
+    domain = domains(:shop)
+    domain.update(statuses: [DomainStatus::CLIENT_UPDATE_PROHIBITED])
+    nameserver = nameservers(:shop_ns1)
+    payload = {
+      "data": {
+        "id": nameserver.hostname,
+        "type": "nameserver",
+        "attributes": {
+          "hostname": "#{nameserver.hostname}.test",
+          "ipv4": ["1.1.1.1"]
+        }
+      }
+    }
+
+    put '/repp/v1/registrar/nameservers', headers: @auth_headers, params: payload
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+    assert_equal({ hostname: "#{nameserver.hostname}.test", ipv4: ["1.1.1.1"] }, json[:data][:attributes])
+    assert_equal({ hostname: "#{nameserver.hostname}.test", ipv4: ["1.1.1.1"] }, json[:data][:attributes])
+    assert json[:data][:affected_domains].include? 'airport.test'
+    assert json[:data][:skipped_domains].include? 'shop.test'
+  end
+
  def test_nameserver_with_hostname_must_exist
    payload = {
      "data": {