Separated epp login and epp request abilities #2742

2025-07-24 19:48:28 +02:00 · 2015-08-19 01:21:16 +03:00 · 2015-08-19 01:21:16 +03:00 · 34f1d7d254
commit 34f1d7d254
parent 598ab7ba63
5 changed files with 83 additions and 61 deletions
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -56,6 +56,15 @@ class Epp::SessionsController < EppController
      success = false
    end

+    if success && @api_user.cannot?(:create, :epp_login)
+      epp_errors << {
+        msg: 'Authentication error; server closing connection (API user does not have epp role)',
+        code: '2501'
+      }
+
+      success = false
+    end
+
    if success && !ip_white?
      epp_errors << {
        msg: 'Authentication error; server closing connection (IP is not whitelisted)',
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -71,7 +71,7 @@ class Registrar::SessionsController < Devise::SessionsController
        redirect_to :back and return
      end

-      if @api_user.can_make_api_calls?
+      if @api_user.can(:create, :epp_login)
        unless @api_user.registrar.api_ip_white?(request.ip)
          flash[:alert] = I18n.t(:ip_is_not_whitelisted)
          redirect_to :back and return
--- a/app/controllers/registrar_controller.rb
+++ b/app/controllers/registrar_controller.rb
@ -21,7 +21,7 @@ class RegistrarController < ApplicationController
    riw = current_user.registrar.registrar_ip_white?(request.ip)

    aiw = true
-    if current_user.can_make_api_calls?
+    if current_user.can?(:create, :epp_request)
      aiw = current_user.registrar.api_ip_white?(request.ip)
    end