Add handling of PaperTrail.whodunnit to Registrant API controllers

2025-06-06 20:55:44 +02:00 · 2018-08-17 13:31:53 +03:00 · 2018-08-17 13:31:53 +03:00 · 3ee5291b57
commit 3ee5291b57
parent 07072ec6cb
4 changed files with 23 additions and 12 deletions
--- a/app/controllers/api/v1/registrant/base_controller.rb
+++ b/app/controllers/api/v1/registrant/base_controller.rb
@ -6,6 +6,7 @@ module Api
    module Registrant
      class BaseController < ActionController::API
        before_action :authenticate
+        before_action :set_paper_trail_whodunnit

        rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
          error = {}
@ -41,6 +42,12 @@ module Api
            render json: { errors: [{base: ['Not authorized']}] }, status: :unauthorized
          end
        end
+
+        # This controller does not inherit from ApplicationController,
+        # so user_for_paper_trail method is not usable.
+        def set_paper_trail_whodunnit
+          ::PaperTrail.whodunnit = current_user.id_role_username
+        end
      end
    end
  end
--- a/app/controllers/api/v1/registrant/registry_locks_controller.rb
+++ b/app/controllers/api/v1/registrant/registry_locks_controller.rb
@ -17,7 +17,7 @@ module Api
          if @domain.remove_registry_lock
            render json: @domain
          else
-            render json: { errors: [{ base: ['Domain cannot be unlocked'] }] },
+            render json: { errors: [{ base: ['Domain not locked'] }] },
                   status: :unprocessable_entity
          end
        end
--- a/app/models/concerns/versions.rb
+++ b/app/models/concerns/versions.rb
@ -34,16 +34,12 @@ module Versions
    end

    def user_from_id_role_username(str)
-      user = ApiUser.find_by(id: $1) if str =~ /^(\d+)-(ApiUser:|api-)/
-      unless user.present?
-        user = AdminUser.find_by(id: $1) if str =~ /^(\d+)-AdminUser:/
-        unless user.present?
-          # on import we copied Registrar name, which may eql code
-          registrar = Registrar.find_by(name: str)
-          # assume each registrar has only one user
-          user = registrar.api_users.first if registrar
-        end
-      end
+      registrar = Registrar.find_by(name: str)
+      user = registrar.api_users.first if registrar
+
+      str_match = str.match(/^(\d+)-(ApiUser:|api-|AdminUser:|RegistrantUser:)/)
+      user ||= User.find_by(id: str_match[1]) if str_match
+
      user
    end

--- a/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb
+++ b/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb
@ -35,6 +35,14 @@ class RegistrantApiDomainRegistryLockTest < ApplicationIntegrationTest
    assert(@domain.locked_by_registrant?)
  end

+  def test_locking_a_domain_leaves_paper_trail
+    post '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock',
+         {}, @auth_headers
+
+    @domain.reload
+    assert_equal(@domain.updator, @user)
+  end
+
  def test_cannot_lock_a_domain_in_pending_state
    @domain.statuses << DomainStatus::PENDING_UPDATE
    @domain.save
@ -77,7 +85,7 @@ class RegistrantApiDomainRegistryLockTest < ApplicationIntegrationTest

    response_json = JSON.parse(response.body, symbolize_names: true)
    assert_equal(422, response.status)
-    assert_equal({ errors: [{ base: ['Domain cannot be unlocked'] }] }, response_json)
+    assert_equal({ errors: [{ base: ['Domain not locked'] }] }, response_json)
  end

  def test_returns_404_when_domain_is_not_found