Added Registrar roles with super, epp, billing

2025-05-17 01:47:18 +02:00 · 2015-05-20 19:58:00 +03:00 · 2015-05-20 19:58:00 +03:00 · 5afa0ac793
commit 5afa0ac793
parent 8371dcf46e
12 changed files with 77 additions and 24 deletions
--- a/app/controllers/admin/api_users_controller.rb
+++ b/app/controllers/admin/api_users_controller.rb
@ -55,6 +55,8 @@ class Admin::ApiUsersController < AdminController
  end
  def api_user_params
-    params.require(:api_user).permit(:username, :password, :active, :registrar_id, :registrar_typeahead, :identity_code)
+    params.require(:api_user).permit(:username, :password, :active, 
                                     :registrar_id, :registrar_typeahead, 
                                     :identity_code, { roles: [] })
  end
 end
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -145,6 +145,7 @@ class Registrar::SessionsController < Devise::SessionsController
  private
  def check_ip
    return if Rails.env.development?
    return if WhiteIp.registrar_ip_white?(request.ip)
    render text: t('ip_is_not_whitelisted') and return
  end
--- a/app/controllers/registrar_controller.rb
+++ b/app/controllers/registrar_controller.rb
@ -12,6 +12,11 @@ class RegistrarController < ApplicationController
  def check_ip
    return unless current_user
    unless current_user.is_a? ApiUser
      sign_out(current_user)
      return
    end
    return if current_user.registrar.registrar_ip_white?(request.ip)
    flash[:alert] = t('ip_is_not_whitelisted')
    sign_out(current_user)
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -1,6 +1,8 @@
 class Ability
  include CanCan::Ability
-
+  # rubocop: disable Metrics/CyclomaticComplexity
  # rubocop: disable Metrics/PerceivedComplexity
  # rubocop: disable Metrics/LineLength
  def initialize(user)
    alias_action :show, to: :view
    alias_action :show, :create, :update, :destroy, to: :crud
@ -11,11 +13,11 @@ class Ability
    when 'AdminUser'
      @user.roles.each { |role| send(role) } if @user.roles
    when 'ApiUser'
-      epp
+      @user.roles.each { |role| send(role) } if @user.roles
-      registrar
+      static_epp
-      registrant # refactor
+      static_registrar
    when 'RegistrantUser'
-      registrant
+      static_registrant
    end
    # Public user
@ -23,10 +25,7 @@ class Ability
    can :create, :registrant_domain_update_confirm
  end
-  # rubocop: disable Metrics/CyclomaticComplexity
+  def static_epp
  # rubocop: disable Metrics/PerceivedComplexity
  # rubocop: disable Metrics/LineLength
  def epp
    # Epp::Domain
    can(:info,     Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
    can(:check,    Epp::Domain)
@ -47,12 +46,8 @@ class Ability
    can(:renew,  Epp::Contact)
    can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
  end
  # rubocop: enable Metrics/LineLength
  # rubocop: enable Metrics/CyclomaticComplexity
  # rubocop: enable Metrics/PerceivedComplexity
-  def registrar
+  def static_registrar
    can :manage, Invoice
    can :read, AccountActivity
    can :manage, Nameserver
    can :view, :registrar_dashboard
@ -68,15 +63,38 @@ class Ability
    can :manage, :deposit
  end
-  def registrant
+  def static_registrant
    can :manage, :registrant_whois
    can :manage, Depp::Domain
  end
  def static_billing
    can :manage, Invoice
  end
  def user
    can :show, :dashboard
  end
  # api_user dynamic role
  def super
    static_epp
    static_registrar
  end
  # api_user dynamic role
  def epp
    static_epp
    static_registrar
  end
  # api_user dynamic role
  def billing
    static_registrar
    static_billing
  end
  # admin dynamic role
  def customer_service
    user
    can :manage, Domain
@ -84,6 +102,7 @@ class Ability
    can :manage, Registrar
  end
  # admin dynamic role
  def admin
    customer_service
    can :manage, Setting
@ -105,4 +124,7 @@ class Ability
    can :create, :zonefile
    can :access, :settings_menu
  end
  # rubocop: enable Metrics/LineLength
  # rubocop: enable Metrics/CyclomaticComplexity
  # rubocop: enable Metrics/PerceivedComplexity
 end
--- a/app/models/admin_user.rb
+++ b/app/models/admin_user.rb
@ -6,7 +6,7 @@ class AdminUser < User
  validate :validate_identity_code, if: -> { country_code == 'EE' }
-  ROLES = %w(user customer_service admin)
+  ROLES = %w(user customer_service admin) # should not match to api_users roles
  devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@ -15,11 +15,13 @@ class ApiUser < User
  belongs_to :registrar
  has_many :certificates
-  validates :username, :password, :registrar, presence: true
+  validates :username, :password, :registrar, :roles, presence: true
  validates :username, uniqueness: true
  attr_accessor :registrar_typeahead
  ROLES = %w(super epp billing) # should not match to admin roles
  def ability
    @ability ||= Ability.new(self)
  end
--- a/app/views/admin/api_users/_form.haml
+++ b/app/views/admin/api_users/_form.haml
@ -29,11 +29,20 @@
            %span.glyphicon.glyphicon-ok.form-control-feedback.js-typeahead-ok.hidden
            %span.glyphicon.glyphicon-remove.form-control-feedback.js-typeahead-remove
            = f.hidden_field(:registrar_id, class: 'js-registrar-id')
      .form-group
        .col-md-4.control-label
          = f.label :role
        .col-md-7
          = select_tag 'api_user[roles][]', 
            options_for_select(ApiUser::ROLES.map {|x| [t(x), x] }, @api_user.roles.try(:first)),
            class: 'form-control selectize'
          .checkbox
            %label{for: 'api_user_active'}
              = f.check_box(:active)
              = t(:active)
  %hr
  .row
    .col-md-8.text-right
      = button_tag(t(:save), class: 'btn btn-primary')
--- a/app/views/admin/api_users/show.haml
+++ b/app/views/admin/api_users/show.haml
@ -26,6 +26,9 @@
          %dt= t(:registrar)
          %dd= link_to(@api_user.registrar, admin_registrar_path(@api_user.registrar))
          %dt= t(:role)
          %dd= @api_user.roles.join(', ')
          %dt= t(:active)
          %dd= @api_user.active
 .row
--- a/db/migrate/20150520163237_add_defalut_role.rb
+++ b/db/migrate/20150520163237_add_defalut_role.rb
@ -0,0 +1,7 @@
 class AddDefalutRole < ActiveRecord::Migration
  def change
    ApiUser.all.each do |u|
      u.update_column :roles, ['super'] if u.roles.blank?
    end
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20150519144118) do
+ActiveRecord::Schema.define(version: 20150520163237) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
--- a/spec/fabricators/api_user_fabricator.rb
+++ b/spec/fabricators/api_user_fabricator.rb
@ -5,6 +5,7 @@ Fabricator(:api_user) do
  identity_code '14212128025'
  registrar
  active true
  roles ['super']
 end
 # use dedicated fabricator for fixed one
--- a/spec/models/api_user_spec.rb
+++ b/spec/models/api_user_spec.rb
@ -13,7 +13,8 @@ describe ApiUser do
      @api_user.errors.full_messages.should match_array([
        "Password Password is missing",
        "Registrar Registrar is missing",
-        "Username Username is missing"
+        "Username Username is missing",
        "Roles is missing"
      ])
    end