diff --git a/app/controllers/api/v1/registrant/base_controller.rb b/app/controllers/api/v1/registrant/base_controller.rb index 06dfd8804..62ca449a5 100644 --- a/app/controllers/api/v1/registrant/base_controller.rb +++ b/app/controllers/api/v1/registrant/base_controller.rb @@ -6,6 +6,7 @@ module Api module Registrant class BaseController < ActionController::API before_action :authenticate + before_action :set_paper_trail_whodunnit rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception| error = {} @@ -41,6 +42,12 @@ module Api render json: { errors: [{base: ['Not authorized']}] }, status: :unauthorized end end + + # This controller does not inherit from ApplicationController, + # so user_for_paper_trail method is not usable. + def set_paper_trail_whodunnit + ::PaperTrail.whodunnit = current_user.id_role_username + end end end end diff --git a/app/controllers/api/v1/registrant/registry_locks_controller.rb b/app/controllers/api/v1/registrant/registry_locks_controller.rb index 212d8bc21..b01e6b40d 100644 --- a/app/controllers/api/v1/registrant/registry_locks_controller.rb +++ b/app/controllers/api/v1/registrant/registry_locks_controller.rb @@ -17,7 +17,7 @@ module Api if @domain.remove_registry_lock render json: @domain else - render json: { errors: [{ base: ['Domain cannot be unlocked'] }] }, + render json: { errors: [{ base: ['Domain not locked'] }] }, status: :unprocessable_entity end end diff --git a/app/models/concerns/versions.rb b/app/models/concerns/versions.rb index 5e2bad90c..77bc484ae 100644 --- a/app/models/concerns/versions.rb +++ b/app/models/concerns/versions.rb @@ -34,16 +34,12 @@ module Versions end def user_from_id_role_username(str) - user = ApiUser.find_by(id: $1) if str =~ /^(\d+)-(ApiUser:|api-)/ - unless user.present? - user = AdminUser.find_by(id: $1) if str =~ /^(\d+)-AdminUser:/ - unless user.present? - # on import we copied Registrar name, which may eql code - registrar = Registrar.find_by(name: str) - # assume each registrar has only one user - user = registrar.api_users.first if registrar - end - end + registrar = Registrar.find_by(name: str) + user = registrar.api_users.first if registrar + + str_match = str.match(/^(\d+)-(ApiUser:|api-|AdminUser:|RegistrantUser:)/) + user ||= User.find_by(id: str_match[1]) if str_match + user end diff --git a/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb b/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb index 89bb80d97..8ad1d0826 100644 --- a/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb +++ b/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb @@ -35,6 +35,14 @@ class RegistrantApiDomainRegistryLockTest < ApplicationIntegrationTest assert(@domain.locked_by_registrant?) end + def test_locking_a_domain_leaves_paper_trail + post '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock', + {}, @auth_headers + + @domain.reload + assert_equal(@domain.updator, @user) + end + def test_cannot_lock_a_domain_in_pending_state @domain.statuses << DomainStatus::PENDING_UPDATE @domain.save @@ -77,7 +85,7 @@ class RegistrantApiDomainRegistryLockTest < ApplicationIntegrationTest response_json = JSON.parse(response.body, symbolize_names: true) assert_equal(422, response.status) - assert_equal({ errors: [{ base: ['Domain cannot be unlocked'] }] }, response_json) + assert_equal({ errors: [{ base: ['Domain not locked'] }] }, response_json) end def test_returns_404_when_domain_is_not_found