zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-26 04:28:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Allow registrar to see other registrars domains

Browse source
This commit is contained in:
Martin Lensment 2015-04-02 12:23:05 +03:00
parent daa4fd16c9
commit 1333a4ffe4
3 changed files with 32 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/models/ability.rb
View file

@ -22,12 +22,13 @@ class Ability
# rubocop: disable Metrics/LineLength # rubocop: disable Metrics/LineLength
def epp def epp
# Epp::Domain # Epp::Domain
can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
can(:check, Epp::Domain) can(:check, Epp::Domain)
can(:create, Epp::Domain) can(:create, Epp::Domain)
can(:renew, Epp::Domain) can(:renew, Epp::Domain)
can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }
can(:transfer, Epp::Domain) { |d, pw| d.auth_info == pw } can(:transfer, Epp::Domain) { |d, pw| d.auth_info == pw }
can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }
# Epp::Contact # Epp::Contact
can(:info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || pw.blank? ? true : c.auth_info == pw } can(:info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || pw.blank? ? true : c.auth_info == pw }

6
app/views/epp/domains/info.xml.builder
View file

@ -52,8 +52,10 @@ xml.epp_head do
# TODO Make domain transferrable # TODO Make domain transferrable
#xml.tag!('domain:trDate', @domain.transferred_at) if @domain.transferred_at #xml.tag!('domain:trDate', @domain.transferred_at) if @domain.transferred_at
xml.tag!('domain:authInfo') do if can? :view_password, @domain, @password
xml.tag!('domain:pw', @domain.auth_info) xml.tag!('domain:authInfo') do
xml.tag!('domain:pw', @domain.auth_info)
end
end end
end end
end end

27
spec/epp/domain_spec.rb
View file

@ -1857,7 +1857,7 @@ describe 'EPP Domain', epp: true do
inf_data.css('status').first[:s].should == 'ok' inf_data.css('status').first[:s].should == 'ok'
end end
it 'can not see other registrar domains' do it 'can not see other registrar domains with invalid password' do
login_as :registrar2 do login_as :registrar2 do
response = epp_plain_request(domain_info_xml(name: { value: domain.name }), :xml) response = epp_plain_request(domain_info_xml(name: { value: domain.name }), :xml)
response[:result_code].should == '2201' response[:result_code].should == '2201'
@ -1865,6 +1865,31 @@ describe 'EPP Domain', epp: true do
end end
end end
it 'can see other registrar domains without password' do
login_as :registrar2 do
response = epp_plain_request(domain_info_xml(
name: { value: domain.name },
authInfo: nil
), :xml)
response[:result_code].should == '1000'
response[:parsed].css('authInfo pw').first.should == nil
end
end
it 'can see other registrar domains with correct password' do
login_as :registrar2 do
pw = domain.auth_info
response = epp_plain_request(domain_info_xml(
name: { value: domain.name },
authInfo: { pw: { value: pw } }
), :xml)
response[:result_code].should == '1000'
response[:parsed].css('authInfo pw').text.should == pw
end
end
### DELETE ### ### DELETE ###
it 'deletes domain' do it 'deletes domain' do
response = epp_plain_request(@epp_xml.domain.delete({ response = epp_plain_request(@epp_xml.domain.delete({