zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-02 17:23:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' of github.com:domify/registry

Browse source
This commit is contained in:
Martin Lensment 2015-05-20 21:24:39 +03:00
commit 6725b3cadc
14 changed files with 96 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/api/repp/api.rb
View file

@ -12,6 +12,10 @@ module Repp
error! I18n.t('ip_is_not_whitelisted'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
end
if @current_user.cannot?(:view, :repp)
error! I18n.t('no_permission'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
end
next if Rails.env.test? || Rails.env.development?
message = 'Certificate mismatch! Cert common name should be:'
request_name = env['HTTP_SSL_CLIENT_S_DN_CN']
@ -22,7 +26,6 @@ module Repp
else
error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
end
end
helpers do

4
app/controllers/admin/api_users_controller.rb
View file

@ -55,6 +55,8 @@ class Admin::ApiUsersController < AdminController
end
def api_user_params
params.require(:api_user).permit(:username, :password, :active, :registrar_id, :registrar_typeahead, :identity_code)
params.require(:api_user).permit(:username, :password, :active,
:registrar_id, :registrar_typeahead,
:identity_code, { roles: [] })
end
end

17
app/controllers/registrar/sessions_controller.rb
View file

@ -35,7 +35,7 @@ class Registrar::SessionsController < Devise::SessionsController
@api_user = ApiUser.find_by(username: params[:depp_user][:tag])
if @api_user.active?
sign_in @api_user
redirect_to registrar_root_url
redirect_to role_base_root_url(@api_user)
else
@depp_user.errors.add(:base, :not_active)
render 'login'
@ -52,7 +52,7 @@ class Registrar::SessionsController < Devise::SessionsController
if @user
sign_in(@user, event: :authentication)
redirect_to registrar_root_url
redirect_to role_base_root_url(@user)
else
flash[:alert] = t('no_such_user')
redirect_to registrar_login_url
@ -70,7 +70,7 @@ class Registrar::SessionsController < Devise::SessionsController
if Rails.env.test? && phone == "123"
@user = ApiUser.find_by(identity_code: "14212128025")
sign_in(@user, event: :authentication)
return redirect_to registrar_root_url
return redirect_to role_base_root_url(@user)
end
# country_codes = {'+372' => 'EST'}
@ -112,7 +112,7 @@ class Registrar::SessionsController < Devise::SessionsController
sign_in @user
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrar_root_path}'"
render js: "window.location = '#{role_base_root_url(@user)}'"
when 'NOT_VALID'
render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
when 'EXPIRED_TRANSACTION'
@ -145,7 +145,16 @@ class Registrar::SessionsController < Devise::SessionsController
private
def check_ip
return if Rails.env.development?
return if WhiteIp.registrar_ip_white?(request.ip)
render text: t('access_denied') and return
end
def role_base_root_url(user)
if user.try(:roles) == ['billing']
registrar_invoices_url
else
registrar_root_url
end
end
end

5
app/controllers/registrar_controller.rb
View file

@ -12,6 +12,11 @@ class RegistrarController < ApplicationController
def check_ip
return unless current_user
unless current_user.is_a? ApiUser
sign_out(current_user)
return
end
return if Rails.env.development?
return if current_user.registrar.registrar_ip_white?(request.ip)
flash[:alert] = t('access_denied')
sign_out(current_user)

58
app/models/ability.rb
View file

@ -1,21 +1,21 @@
class Ability
include CanCan::Ability
# rubocop: disable Metrics/CyclomaticComplexity
# rubocop: disable Metrics/PerceivedComplexity
# rubocop: disable Metrics/LineLength
def initialize(user)
alias_action :show, to: :view
alias_action :show, :create, :update, :destroy, to: :crud
@user = user || AdminUser.new
@user = user || User.new
case @user.class.to_s
when 'AdminUser'
@user.roles.each { |role| send(role) } if @user.roles
when 'ApiUser'
epp
registrar
registrant # refactor
@user.roles.each { |role| send(role) } if @user.roles
when 'RegistrantUser'
registrant
static_registrant
end
# Public user
@ -23,10 +23,7 @@ class Ability
can :create, :registrant_domain_update_confirm
end
# rubocop: disable Metrics/CyclomaticComplexity
# rubocop: disable Metrics/PerceivedComplexity
# rubocop: disable Metrics/LineLength
def epp
def static_epp
# Epp::Domain
can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
can(:check, Epp::Domain)
@ -46,14 +43,12 @@ class Ability
can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
can(:renew, Epp::Contact)
can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
end
# rubocop: enable Metrics/LineLength
# rubocop: enable Metrics/CyclomaticComplexity
# rubocop: enable Metrics/PerceivedComplexity
def registrar
can :manage, Invoice
can :read, AccountActivity
# REPP
can(:manage, :repp)
end
def static_registrar
can :manage, Nameserver
can :view, :registrar_dashboard
can :delete, :registrar_poll
@ -65,10 +60,9 @@ class Ability
can :manage, Depp::Keyrelay
can :confirm, :keyrelay
can :confirm, :transfer
can :manage, :deposit
end
def registrant
def static_registrant
can :manage, :registrant_whois
can :manage, Depp::Domain
end
@ -77,6 +71,28 @@ class Ability
can :show, :dashboard
end
# Registrar/api_user dynamic role
def super
static_registrar
billing
epp
end
# Registrar/api_user dynamic role
def epp
static_registrar
static_epp
end
# Registrar/api_user dynamic role
def billing
can :view, :registrar_dashboard
can :manage, Invoice
can :manage, :deposit
can :read, AccountActivity
end
# Admin/admin_user dynamic role
def customer_service
user
can :manage, Domain
@ -84,6 +100,7 @@ class Ability
can :manage, Registrar
end
# Admin/admin_user dynamic role
def admin
customer_service
can :manage, Setting
@ -105,4 +122,7 @@ class Ability
can :create, :zonefile
can :access, :settings_menu
end
# rubocop: enable Metrics/LineLength
# rubocop: enable Metrics/CyclomaticComplexity
# rubocop: enable Metrics/PerceivedComplexity
end

2
app/models/admin_user.rb
View file

@ -6,7 +6,7 @@ class AdminUser < User
validate :validate_identity_code, if: -> { country_code == 'EE' }
ROLES = %w(user customer_service admin)
ROLES = %w(user customer_service admin) # should not match to api_users roles
devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable

4
app/models/api_user.rb
View file

@ -15,11 +15,13 @@ class ApiUser < User
belongs_to :registrar
has_many :certificates
validates :username, :password, :registrar, presence: true
validates :username, :password, :registrar, :roles, presence: true
validates :username, uniqueness: true
attr_accessor :registrar_typeahead
ROLES = %w(super epp billing) # should not match to admin roles
def ability
@ability ||= Ability.new(self)
end

17
app/views/admin/api_users/_form.haml
View file

@ -29,11 +29,20 @@
%span.glyphicon.glyphicon-ok.form-control-feedback.js-typeahead-ok.hidden
%span.glyphicon.glyphicon-remove.form-control-feedback.js-typeahead-remove
= f.hidden_field(:registrar_id, class: 'js-registrar-id')
.checkbox
%label{for: 'api_user_active'}
= f.check_box(:active)
= t(:active)
.form-group
.col-md-4.control-label
= f.label :role
.col-md-7
= select_tag 'api_user[roles][]',
options_for_select(ApiUser::ROLES.map {|x| [t(x), x] }, @api_user.roles.try(:first)),
class: 'form-control selectize'
.checkbox
%label{for: 'api_user_active'}
= f.check_box(:active)
= t(:active)
%hr
.row
.col-md-8.text-right
= button_tag(t(:save), class: 'btn btn-primary')

3
app/views/admin/api_users/show.haml
View file

@ -26,6 +26,9 @@
%dt= t(:registrar)
%dd= link_to(@api_user.registrar, admin_registrar_path(@api_user.registrar))
%dt= t(:role)
%dd= @api_user.roles.join(', ')
%dt= t(:active)
%dd= @api_user.active
.row

1
config/locales/en.yml
View file

@ -796,5 +796,6 @@ en:
registrant_domain_verification_rejected: 'Domain owner change has been rejected successfully.'
registrant_domain_verification_rejected_failed: 'Something went wrong'
ip_is_not_whitelisted: 'IP is not whitelisted'
no_permission: 'No permission'
access_denied: 'Access denied'
connection_limit_reached: 'Connection limit reached'

7
db/migrate/20150520163237_add_defalut_role.rb Normal file
View file

@ -0,0 +1,7 @@
class AddDefalutRole < ActiveRecord::Migration
def change
ApiUser.all.each do |u|
u.update_column :roles, ['super'] if u.roles.blank?
end
end
end

2
db/schema.rb
View file

@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150520164507) do
ActiveRecord::Schema.define(version: 20150520163237) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"

1
spec/fabricators/api_user_fabricator.rb
View file

@ -5,6 +5,7 @@ Fabricator(:api_user) do
identity_code '14212128025'
registrar
active true
roles ['super']
end
# use dedicated fabricator for fixed one

3
spec/models/api_user_spec.rb
View file

@ -13,7 +13,8 @@ describe ApiUser do
@api_user.errors.full_messages.should match_array([
"Password Password is missing",
"Registrar Registrar is missing",
"Username Username is missing"
"Username Username is missing",
"Roles is missing"
])
end