Merge pull request #1527 from internetee/fix-registrant-contact-view

Registrant: Allow to view other contacts of domain

app/controllers/registrant/contacts_controller.rb

@@ -3,9 +3,10 @@ class Registrant::ContactsController < RegistrantController
   helper_method :fax_enabled?
   helper_method :domain_filter_params
   skip_authorization_check only: %i[edit update]
+  before_action :set_contact, only: [:show]
 
   def show
-    @contact = current_user_contacts.find(params[:id])
+    @requester_contact = Contact.find_by(ident: current_registrant_user.ident).id
     authorize! :read, @contact
   end
 
@@ -30,6 +31,13 @@ class Registrant::ContactsController < RegistrantController
 
   private
 
+  def set_contact
+    id = params[:id]
+    contact = domain.contacts.find_by(id: id) || current_user_contacts.find_by(id: id)
+    contact ||= Contact.find_by(id: id, ident: domain.registrant.ident)
+    @contact = contact
+  end
+
   def domain
     current_user_domains.find(params[:domain_id])
   end

app/models/contact.rb

@@ -415,45 +415,66 @@ class Contact < ApplicationRecord
   # if total is smaller than needed, the load more
   # we also need to sort by valid_to
   # todo: extract to drapper. Then we can remove Domain#roles
-  def all_domains(page: nil, per: nil, params:)
+  def all_domains(page: nil, per: nil, params:, requester: nil)
-    # compose filter sql
+    filter_sql = qualified_domain_ids(params[:domain_filter])
-    filter_sql = case params[:domain_filter]
-      when "Registrant".freeze
-        %Q{select id from domains where registrant_id=#{id}}
-      when AdminDomainContact.to_s, TechDomainContact.to_s
-        %Q{select domain_id from domain_contacts where contact_id=#{id} AND type='#{params[:domain_filter]}'}
-      else
-        %Q{select domain_id from domain_contacts where contact_id=#{id}  UNION select id from domains where registrant_id=#{id}}
-    end
 
     # get sorting rules
     sorts = params.fetch(:sort, {}).first || []
-    sort  = Domain.column_names.include?(sorts.first) ? sorts.first : "valid_to"
+    sort  = %w[name registrar_name valid_to].include?(sorts.first) ? sorts.first : 'valid_to'
-    order = {"asc"=>"desc", "desc"=>"asc"}[sorts.second] || "desc"
+    order = %w[asc desc].include?(sorts.second) ? sorts.second : 'desc'
-
 
     # fetch domains
-    domains  = Domain.where("domains.id IN (#{filter_sql})")
+    domains = qualified_domain_name_list(requester, filter_sql)
     domains = domains.includes(:registrar).page(page).per(per)
 
-    if sorts.first == "registrar_name".freeze
     # using small rails hack to generate outer join
-      domains = domains.includes(:registrar).where.not(registrars: {id: nil}).order("registrars.name #{order} NULLS LAST")
+    domains = if sorts.first == 'registrar_name'.freeze
+                domains.includes(:registrar).where.not(registrars: { id: nil })
+                       .order("registrars.name #{order} NULLS LAST")
               else
-      domains = domains.order("#{sort} #{order} NULLS LAST")
+                domains.order("#{sort} #{order} NULLS LAST")
               end
 
-
-
     # adding roles. Need here to make faster sqls
     domain_c = Hash.new([])
-    registrant_domains.where(id: domains.map(&:id)).each{|d| domain_c[d.id] |= ["Registrant".freeze] }
+    registrant_domains.where(id: domains.map(&:id)).each do |d|
-    DomainContact.where(contact_id: id, domain_id: domains.map(&:id)).each{|d| domain_c[d.domain_id] |= [d.type] }
+      domain_c[d.id] |= ['Registrant'.freeze]
-    domains.each{|d| d.roles = domain_c[d.id].uniq}
+    end
+
+    DomainContact.where(contact_id: id, domain_id: domains.map(&:id)).each do |d|
+      domain_c[d.domain_id] |= [d.type]
+    end
+
+    domains.each { |d| d.roles = domain_c[d.id].uniq }
 
     domains
   end
 
+  def qualified_domain_name_list(requester, filter_sql)
+    return Domain.where('domains.id IN (?)', filter_sql) if requester.nil?
+
+    requester = Contact.find_by(id: requester)
+    registrant_user = RegistrantUser.find_or_initialize_by(registrant_ident:
+      "#{requester.ident_country_code}-#{requester.ident}")
+    begin
+      registrant_user.domains.where('domains.id IN (?)', filter_sql)
+    rescue CompanyRegister::NotAvailableError
+      registrant_user.direct_domains.where('domains.id IN (?)', filter_sql)
+    end
+  end
+
+  def qualified_domain_ids(domain_filter)
+    registrant_ids = registrant_domains.pluck(:id)
+    return registrant_ids if domain_filter == 'Registrant'
+
+    if %w[AdminDomainContact TechDomainContact].include? domain_filter
+      DomainContact.select('domain_id').where(contact_id: id, type: domain_filter)
+    else
+      (DomainContact.select('domain_id').where(contact_id: id).pluck(:domain_id) +
+       registrant_ids).uniq
+    end
+  end
+
   def update_prohibited?
     (statuses & [
       CLIENT_UPDATE_PROHIBITED,

app/views/registrant/contacts/show/_domains.html.erb

@@ -1,5 +1,5 @@
 <% domains = contact.all_domains(page: params[:domain_page], per: 20,
-                                 params: domain_filter_params.to_h) %>
+                                 params: domain_filter_params.to_h, requester: @requester_contact) %>
 
 <div class="panel panel-default">
     <div class="panel-heading">

test/integration/registrant_area/contacts_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+
+class RegistrantAreaContactsIntegrationTest < ApplicationIntegrationTest
+  setup do
+    @domain = domains(:shop)
+    @registrant = users(:registrant)
+    sign_in @registrant
+  end
+
+  def test_can_view_other_domain_contacts
+    secondary_contact = contacts(:jane)
+
+    visit registrant_domain_path(@domain)
+    assert_text secondary_contact.name
+    click_link secondary_contact.name
+    assert_text @domain.name
+    assert_text secondary_contact.email
+  end
+end