zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-18 02:09:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Separated epp login and epp request abilities #2742

Browse source
This commit is contained in:
Priit Tark 2015-08-19 01:21:16 +03:00
parent 598ab7ba63
commit 34f1d7d254
5 changed files with 83 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/epp/sessions_controller.rb
View file

@ -56,6 +56,15 @@ class Epp::SessionsController < EppController
success = false success = false
end end
if success && @api_user.cannot?(:create, :epp_login)
epp_errors << {
msg: 'Authentication error; server closing connection (API user does not have epp role)',
code: '2501'
}
success = false
end
if success && !ip_white? if success && !ip_white?
epp_errors << { epp_errors << {
msg: 'Authentication error; server closing connection (IP is not whitelisted)', msg: 'Authentication error; server closing connection (IP is not whitelisted)',

2
app/controllers/registrar/sessions_controller.rb
View file

@ -71,7 +71,7 @@ class Registrar::SessionsController < Devise::SessionsController
redirect_to :back and return redirect_to :back and return
end end
if @api_user.can_make_api_calls? if @api_user.can(:create, :epp_login)
unless @api_user.registrar.api_ip_white?(request.ip) unless @api_user.registrar.api_ip_white?(request.ip)
flash[:alert] = I18n.t(:ip_is_not_whitelisted) flash[:alert] = I18n.t(:ip_is_not_whitelisted)
redirect_to :back and return redirect_to :back and return

2
app/controllers/registrar_controller.rb
View file

@ -21,7 +21,7 @@ class RegistrarController < ApplicationController
riw = current_user.registrar.registrar_ip_white?(request.ip) riw = current_user.registrar.registrar_ip_white?(request.ip)
aiw = true aiw = true
if current_user.can_make_api_calls? if current_user.can?(:create, :epp_request)
aiw = current_user.registrar.api_ip_white?(request.ip) aiw = current_user.registrar.api_ip_white?(request.ip)
end end

127
app/models/ability.rb
View file

@ -24,7 +24,77 @@ class Ability
can :create, :registrant_domain_update_confirm can :create, :registrant_domain_update_confirm
end end
#
# User roles
#
def super # Registrar/api_user dynamic role
static_registrar
static_epp
billing
end
def epp # Registrar/api_user dynamic role
static_registrar
static_epp
end
def billing # Registrar/api_user dynamic role
can :view, :registrar_dashboard
can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
can :manage, :deposit
can :read, AccountActivity
static_epp_login # billing can establis epp connection in order to login
end
def customer_service # Admin/admin_user dynamic role
user
can :manage, Domain
can :manage, Contact
can :manage, Registrar
end
def admin # Admin/admin_user dynamic role
customer_service
can :manage, Setting
can :manage, BlockedDomain
can :manage, ReservedDomain
can :manage, ZonefileSetting
can :manage, DomainVersion
can :manage, Pricelist
can :manage, User
can :manage, ApiUser
can :manage, AdminUser
can :manage, Certificate
can :manage, Keyrelay
can :manage, LegalDocument
can :manage, BankStatement
can :manage, BankTransaction
can :manage, Invoice
can :manage, WhiteIp
can :read, ApiLog::EppLog
can :read, ApiLog::ReppLog
can :update, :pending
can :destroy, :pending
can :create, :zonefile
can :access, :settings_menu
end
#
# Static roles, linked from dynamic roles
#
def static_epp_login
can(:create, :epp_login)
end
def static_epp def static_epp
# REPP
can(:manage, :repp)
# EPP
static_epp_login
can(:create, :epp_requests)
# Epp::Domain # Epp::Domain
can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw } can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
can(:check, Epp::Domain) can(:check, Epp::Domain)
@ -45,8 +115,6 @@ class Ability
can(:renew, Epp::Contact) can(:renew, Epp::Contact)
can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
# REPP
can(:manage, :repp)
end end
def static_registrar def static_registrar
@ -73,62 +141,11 @@ class Ability
can :show, :dashboard can :show, :dashboard
end end
# Registrar/api_user dynamic role
def super
static_registrar
billing
epp
end
# Registrar/api_user dynamic role
def epp
static_registrar
static_epp
end
# Registrar/api_user dynamic role
def billing
can :view, :registrar_dashboard
can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
can :manage, :deposit
can :read, AccountActivity
end
# Admin/admin_user dynamic role
def customer_service
user
can :manage, Domain
can :manage, Contact
can :manage, Registrar
end
# Admin/admin_user dynamic role
def admin
customer_service
can :manage, Setting
can :manage, BlockedDomain
can :manage, ReservedDomain
can :manage, ZonefileSetting
can :manage, DomainVersion
can :manage, Pricelist
can :manage, User
can :manage, ApiUser
can :manage, AdminUser
can :manage, Certificate
can :manage, Keyrelay
can :manage, LegalDocument
can :manage, BankStatement
can :manage, BankTransaction
can :manage, Invoice
can :manage, WhiteIp
can :read, ApiLog::EppLog
can :read, ApiLog::ReppLog
can :update, :pending
can :destroy, :pending
can :create, :zonefile
can :access, :settings_menu
end
# rubocop: enable Metrics/LineLength # rubocop: enable Metrics/LineLength
# rubocop: enable Metrics/CyclomaticComplexity # rubocop: enable Metrics/CyclomaticComplexity
# rubocop: enable Metrics/PerceivedComplexity # rubocop: enable Metrics/PerceivedComplexity
end end

4
app/models/api_user.rb
View file

@ -58,10 +58,6 @@ class ApiUser < User
@registrar_typeahead || registrar || nil @registrar_typeahead || registrar || nil
end end
def can_make_api_calls?
([SUPER, EPP] & roles).any?
end
def to_s def to_s
username username
end end