zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-01 16:53:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

Do not allow foreign domain renew #2629

Browse source
This commit is contained in:
Martin Lensment 2015-06-03 15:14:52 +03:00
parent c1b5fc8265
commit 1db3486e65
3 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/epp/domains_controller.rb
View file

@ -77,7 +77,7 @@ class Epp::DomainsController < EppController
end
def renew
authorize! :renew, Epp::Domain
authorize! :renew, @domain
handle_errors(@domain) and return unless @domain.renew(
params[:parsed_frame].css('curExpDate').text,

2
app/models/ability.rb
View file

@ -28,7 +28,7 @@ class Ability
can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
can(:check, Epp::Domain)
can(:create, Epp::Domain)
can(:renew, Epp::Domain)
can(:renew, Epp::Domain) { |d| d.registrar_id == @user.registrar_id }
can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }
can(:transfer, Epp::Domain) { |d, pw| d.auth_info == pw }
can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }

15
spec/epp/domain_spec.rb
View file

@ -1993,6 +1993,21 @@ describe 'EPP Domain', epp: true do
response[:results][0][:value].should == '4'
end
it 'does not renew foreign domain' do
login_as :registrar2 do
exp_date = 1.year.since.to_date
xml = @epp_xml.domain.renew(
name: { value: domain.name },
curExpDate: { value: exp_date.to_s },
period: { value: '1', attrs: { unit: 'y' } }
)
response = epp_plain_request(xml)
response[:results][0][:msg].should == 'Authorization error'
response[:results][0][:result_code].should == '2201'
end
end
### INFO ###
it 'returns domain info' do
domain.domain_statuses.build(value: DomainStatus::CLIENT_HOLD, description: 'Payment overdue.')