FEATURE 104525314.6&7: do not allow changes to admin or tech contact if prohibited

2025-07-22 02:35:57 +02:00 · 2015-10-23 19:36:01 +03:00 · 2015-10-23 19:36:01 +03:00 · 3fba8442af
commit 3fba8442af
parent 8f2595c0ca
2 changed files with 34 additions and 5 deletions
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@ -12,9 +12,10 @@ class Domain < ActiveRecord::Base

  has_many :domain_contacts, dependent: :destroy
  has_many :admin_domain_contacts
-  accepts_nested_attributes_for :admin_domain_contacts, allow_destroy: true
+  accepts_nested_attributes_for :admin_domain_contacts,  allow_destroy: !:admin_change_prohibited?, reject_if: :admin_change_prohibited?
  has_many :tech_domain_contacts
-  accepts_nested_attributes_for :tech_domain_contacts, allow_destroy: true
+  accepts_nested_attributes_for :tech_domain_contacts, allow_destroy: !:tech_change_prohibited?, reject_if: :tech_change_prohibited?
+

  has_many :contacts, through: :domain_contacts, source: :contact
  has_many :admin_contacts, through: :admin_domain_contacts, source: :contact
@ -172,6 +173,14 @@ class Domain < ActiveRecord::Base
    nameservers.select { |x| !x.hostname.end_with?(name) }
  end

+  def admin_change_prohibited?
+    statuses.include? DomainStatus::SERVER_ADMIN_CHANGE_PROHIBITED
+  end
+
+  def tech_change_prohibited?
+    statuses.include? DomainStatus::SERVER_TECH_CHANGE_PROHIBITED
+  end
+
  class << self
    def convert_period_to_time(period, unit)
      return (period.to_i / 365).years if unit == 'd'
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@ -211,6 +211,11 @@ class Epp::Domain < Domain
  def admin_domain_contacts_attrs(frame, action)
    admin_attrs = domain_contact_attrs_from(frame, action, 'admin')

+    if action && !admin_attrs.empty? && admin_change_prohibited?
+      add_epp_error('2304', 'admin', DomainStatus::SERVER_ADMIN_CHANGE_PROHIBITED, I18n.t(:object_status_prohibits_operation))
+      return []
+    end
+
    case action
    when 'rem'
      return destroy_attrs(admin_attrs, admin_domain_contacts)
@ -222,6 +227,11 @@ class Epp::Domain < Domain
  def tech_domain_contacts_attrs(frame, action)
    tech_attrs = domain_contact_attrs_from(frame, action, 'tech')

+    if action && !tech_attrs.empty? && tech_change_prohibited?
+      add_epp_error('2304', 'tech', DomainStatus::SERVER_TECH_CHANGE_PROHIBITED, I18n.t(:object_status_prohibits_operation))
+      return []
+    end
+
    case action
    when 'rem'
      return destroy_attrs(tech_attrs, tech_domain_contacts)
@ -355,7 +365,6 @@ class Epp::Domain < Domain

  def domain_statuses_attrs(frame, action)
    status_list = domain_status_list_from(frame)
-
    if action == 'rem'
      to_destroy = []
      status_list.each do |x|
@ -407,8 +416,19 @@ class Epp::Domain < Domain

    at_add = attrs_from(frame.css('add'), current_user)
    at[:nameservers_attributes] += at_add[:nameservers_attributes]
+
+    if !at[:admin_domain_contacts_attributes].empty? && admin_change_prohibited?
+      add_epp_error('2304', 'admin', DomainStatus::SERVER_ADMIN_CHANGE_PROHIBITED, I18n.t(:object_status_prohibits_operation))
+    else
      at[:admin_domain_contacts_attributes] += at_add[:admin_domain_contacts_attributes]
+    end
+
+    if !at[:tech_domain_contacts_attributes].empty? && tech_change_prohibited?
+      add_epp_error('2304', 'tech', DomainStatus::SERVER_TECH_CHANGE_PROHIBITED, I18n.t(:object_status_prohibits_operation))
+    else
      at[:tech_domain_contacts_attributes] += at_add[:tech_domain_contacts_attributes]
+    end
+
    at[:dnskeys_attributes] += at_add[:dnskeys_attributes]
    at[:statuses] =
      statuses - domain_statuses_attrs(frame.css('rem'), 'rem') + domain_statuses_attrs(frame.css('add'), 'add')