zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-07 05:05:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add handling of PaperTrail.whodunnit to Registrant API controllers

Browse source
This commit is contained in:
Maciej Szlosarczyk 2018-08-17 13:31:53 +03:00
parent 07072ec6cb
commit 3ee5291b57
No known key found for this signature in database
GPG key ID: 41D62D42D3B0D765
4 changed files with 23 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/api/v1/registrant/base_controller.rb
View file

@ -6,6 +6,7 @@ module Api
module Registrant module Registrant
class BaseController < ActionController::API class BaseController < ActionController::API
before_action :authenticate before_action :authenticate
before_action :set_paper_trail_whodunnit
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception| rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
error = {} error = {}
@ -41,6 +42,12 @@ module Api
render json: { errors: [{base: ['Not authorized']}] }, status: :unauthorized render json: { errors: [{base: ['Not authorized']}] }, status: :unauthorized
end end
end end
# This controller does not inherit from ApplicationController,
# so user_for_paper_trail method is not usable.
def set_paper_trail_whodunnit
::PaperTrail.whodunnit = current_user.id_role_username
end
end end
end end
end end

2
app/controllers/api/v1/registrant/registry_locks_controller.rb
View file

@ -17,7 +17,7 @@ module Api
if @domain.remove_registry_lock if @domain.remove_registry_lock
render json: @domain render json: @domain
else else
render json: { errors: [{ base: ['Domain cannot be unlocked'] }] }, render json: { errors: [{ base: ['Domain not locked'] }] },
status: :unprocessable_entity status: :unprocessable_entity
end end
end end

16
app/models/concerns/versions.rb
View file

@ -34,16 +34,12 @@ module Versions
end end
def user_from_id_role_username(str) def user_from_id_role_username(str)
user = ApiUser.find_by(id: $1) if str =~ /^(\d+)-(ApiUser:|api-)/ registrar = Registrar.find_by(name: str)
unless user.present? user = registrar.api_users.first if registrar
user = AdminUser.find_by(id: $1) if str =~ /^(\d+)-AdminUser:/
unless user.present? str_match = str.match(/^(\d+)-(ApiUser:|api-|AdminUser:|RegistrantUser:)/)
# on import we copied Registrar name, which may eql code user ||= User.find_by(id: str_match[1]) if str_match
registrar = Registrar.find_by(name: str)
# assume each registrar has only one user
user = registrar.api_users.first if registrar
end
end
user user
end end

10
test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb
View file

@ -35,6 +35,14 @@ class RegistrantApiDomainRegistryLockTest < ApplicationIntegrationTest
assert(@domain.locked_by_registrant?) assert(@domain.locked_by_registrant?)
end end
def test_locking_a_domain_leaves_paper_trail
post '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock',
{}, @auth_headers
@domain.reload
assert_equal(@domain.updator, @user)
end
def test_cannot_lock_a_domain_in_pending_state def test_cannot_lock_a_domain_in_pending_state
@domain.statuses << DomainStatus::PENDING_UPDATE @domain.statuses << DomainStatus::PENDING_UPDATE
@domain.save @domain.save
@ -77,7 +85,7 @@ class RegistrantApiDomainRegistryLockTest < ApplicationIntegrationTest
response_json = JSON.parse(response.body, symbolize_names: true) response_json = JSON.parse(response.body, symbolize_names: true)
assert_equal(422, response.status) assert_equal(422, response.status)
assert_equal({ errors: [{ base: ['Domain cannot be unlocked'] }] }, response_json) assert_equal({ errors: [{ base: ['Domain not locked'] }] }, response_json)
end end
def test_returns_404_when_domain_is_not_found def test_returns_404_when_domain_is_not_found