Story #105846070 - do not allow user to see other user's domains if their ident values have the same code

2025-07-04 18:23:35 +02:00 · 2015-12-14 16:55:22 +02:00 · 2015-12-14 16:55:22 +02:00 · 05c4aaf3f1
commit 05c4aaf3f1
parent 13f50dec8c
1 changed files with 7 additions and 2 deletions
--- a/app/models/registrant_user.rb
+++ b/app/models/registrant_user.rb
@ -12,10 +12,15 @@ class RegistrantUser < User
  end

  def domains
-    Domain.includes(:registrar, :registrant).where(contacts: {ident: ident})
+    # TODO: move data to normal columns and drop registrant_ident
+    ident_cc, ident = @current_user.registrant_ident.split '-'
+    Domain.includes(:registrar, :registrant).where(contacts: {
+                                                       ident_type: 'priv',
+                                                       ident: ident, #identity_code,
+                                                       ident_country_code: ident_cc #country_code
+                                                   })
  end

-
  def to_s
    username
  end