Merge branch 'master' into improve-registrant-area

# Conflicts: # test/fixtures/contacts.yml
2025-07-22 10:45:58 +02:00 · 2018-09-01 19:37:44 +03:00 · 2018-09-01 19:37:44 +03:00 · 3ca95364ef
commit 3ca95364ef
parent c1e60f663e fea8333215
51 changed files with 1021 additions and 235 deletions
--- a/app/controllers/admin/domains/registry_lock_controller.rb
+++ b/app/controllers/admin/domains/registry_lock_controller.rb
@ -0,0 +1,21 @@
+module Admin
+  module Domains
+    class RegistryLockController < BaseController
+      def destroy
+        set_domain
+        authorize! :manage, @domain
+        if @domain.remove_registry_lock
+          redirect_to edit_admin_domain_url(@domain), notice: t('.success')
+        else
+          redirect_to edit_admin_domain_url(@domain), alert: t('.error')
+        end
+      end
+
+      private
+
+      def set_domain
+        @domain = Domain.find(params[:domain_id])
+      end
+    end
+  end
+end
--- a/app/controllers/admin/domains_controller.rb
+++ b/app/controllers/admin/domains_controller.rb
@ -1,7 +1,7 @@
 module Admin
  class DomainsController < BaseController
-    load_and_authorize_resource
-    before_action :set_domain, only: [:show, :edit, :update, :zonefile]
+    before_action :set_domain, only: %i[show edit update keep]
+    authorize_resource
    helper_method :force_delete_templates

    def index
@ -33,7 +33,8 @@ module Admin
    end

    def show
-      @domain.valid?
+      # Validation is needed to warn users
+      @domain.validate
    end

    def edit
@ -60,6 +61,11 @@ module Admin
      @versions = @domain.versions
    end

+    def keep
+      @domain.keep
+      redirect_to edit_admin_domain_url(@domain), notice: t('.kept')
+    end
+
    private

    def set_domain
--- a/app/controllers/admin/mail_templates_controller.rb
+++ b/app/controllers/admin/mail_templates_controller.rb
@ -47,7 +47,7 @@ module Admin
    def destroy
      @mail_template = MailTemplate.find(params[:id])
      if @mail_template.destroy
-        redirect_to admin_mail_templates_path, notise: t(:deleted)
+        redirect_to admin_mail_templates_path, notice: t(:deleted)
      else
        flash.now[:alert] = I18n.t(:failure)
        render 'show'
--- a/app/controllers/api/v1/registrant/base_controller.rb
+++ b/app/controllers/api/v1/registrant/base_controller.rb
@ -6,6 +6,7 @@ module Api
    module Registrant
      class BaseController < ActionController::API
        before_action :authenticate
+        before_action :set_paper_trail_whodunnit

        rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
          error = {}
@ -22,16 +23,32 @@ module Api
          header.gsub(pattern, '') if header&.match(pattern)
        end

+        def associated_domains(user)
+          country_code, ident = user.registrant_ident.split('-')
+
+          BusinessRegistryCache.fetch_associated_domains(ident, country_code)
+        rescue Soap::Arireg::NotAvailableError => error
+          Rails.logger.fatal("[EXCEPTION] #{error}")
+          user.domains
+        end
+
        def authenticate
          decryptor = AuthTokenDecryptor.create_with_defaults(bearer_token)
          decryptor.decrypt_token

          if decryptor.valid?
-            sign_in decryptor.user
+            sign_in(:registrant_user, decryptor.user)
          else
-            render json: { errors: [{base: ['Not authorized']}] }, status: :unauthorized
+            render json: { errors: [{ base: ['Not authorized'] }] },
+                   status: :unauthorized
          end
        end
+
+        # This controller does not inherit from ApplicationController,
+        # so user_for_paper_trail method is not usable.
+        def set_paper_trail_whodunnit
+          ::PaperTrail.whodunnit = current_registrant_user.id_role_username
+        end
      end
    end
  end
--- a/app/controllers/api/v1/registrant/domains_controller.rb
+++ b/app/controllers/api/v1/registrant/domains_controller.rb
@ -30,17 +30,6 @@ module Api
            render json: { errors: [{ base: ['Domain not found'] }] }, status: :not_found
          end
        end
-
-        private
-
-        def associated_domains(user)
-          country_code, ident = user.registrant_ident.split('-')
-
-          BusinessRegistryCache.fetch_associated_domains(ident, country_code)
-        rescue Soap::Arireg::NotAvailableError => error
-          Rails.logger.fatal("[EXCEPTION] #{error}")
-          user.domains
-        end
      end
    end
  end
--- a/app/controllers/api/v1/registrant/registry_locks_controller.rb
+++ b/app/controllers/api/v1/registrant/registry_locks_controller.rb
@ -0,0 +1,48 @@
+module Api
+  module V1
+    module Registrant
+      class RegistryLocksController < BaseController
+        before_action :set_domain
+        before_action :authorized_to_manage_locks?
+
+        def create
+          if @domain.apply_registry_lock
+            render json: @domain
+          else
+            render json: { errors: [{ base: ['Domain cannot be locked'] }] },
+                   status: :unprocessable_entity
+          end
+        end
+
+        def destroy
+          if @domain.remove_registry_lock
+            render json: @domain
+          else
+            render json: { errors: [{ base: ['Domain is not locked'] }] },
+                   status: :unprocessable_entity
+          end
+        end
+
+        private
+
+        def set_domain
+          domain_pool = current_registrant_user.domains
+          @domain = domain_pool.find_by(uuid: params[:domain_uuid])
+
+          return if @domain
+          render json: { errors: [{ base: ['Domain not found'] }] },
+                 status: :not_found and return
+        end
+
+        def authorized_to_manage_locks?
+          return if current_registrant_user.administered_domains.include?(@domain)
+
+          render json: { errors: [
+            { base: ['Only administrative contacts can manage registry locks'] }
+          ] },
+                 status: :unauthorized and return
+        end
+      end
+    end
+  end
+end