mirror of
https://github.com/internetee/registry.git
synced 2025-05-17 01:47:18 +02:00
Added role base redirect and updated abilities
This commit is contained in:
parent
5afa0ac793
commit
84cd0b8378
5 changed files with 34 additions and 24 deletions
|
@ -12,6 +12,10 @@ module Repp
|
||||||
error! I18n.t('ip_is_not_whitelisted'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
|
error! I18n.t('ip_is_not_whitelisted'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if @current_user.cannot?(:view, :repp)
|
||||||
|
error! I18n.t('no_permission'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
|
||||||
|
end
|
||||||
|
|
||||||
next if Rails.env.test? || Rails.env.development?
|
next if Rails.env.test? || Rails.env.development?
|
||||||
message = 'Certificate mismatch! Cert common name should be:'
|
message = 'Certificate mismatch! Cert common name should be:'
|
||||||
request_name = env['HTTP_SSL_CLIENT_S_DN_CN']
|
request_name = env['HTTP_SSL_CLIENT_S_DN_CN']
|
||||||
|
@ -22,7 +26,6 @@ module Repp
|
||||||
else
|
else
|
||||||
error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
|
error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
helpers do
|
helpers do
|
||||||
|
|
|
@ -35,7 +35,7 @@ class Registrar::SessionsController < Devise::SessionsController
|
||||||
@api_user = ApiUser.find_by(username: params[:depp_user][:tag])
|
@api_user = ApiUser.find_by(username: params[:depp_user][:tag])
|
||||||
if @api_user.active?
|
if @api_user.active?
|
||||||
sign_in @api_user
|
sign_in @api_user
|
||||||
redirect_to registrar_root_url
|
redirect_to role_base_root_url(@api_user)
|
||||||
else
|
else
|
||||||
@depp_user.errors.add(:base, :not_active)
|
@depp_user.errors.add(:base, :not_active)
|
||||||
render 'login'
|
render 'login'
|
||||||
|
@ -52,7 +52,7 @@ class Registrar::SessionsController < Devise::SessionsController
|
||||||
|
|
||||||
if @user
|
if @user
|
||||||
sign_in(@user, event: :authentication)
|
sign_in(@user, event: :authentication)
|
||||||
redirect_to registrar_root_url
|
redirect_to role_base_root_url(@user)
|
||||||
else
|
else
|
||||||
flash[:alert] = t('no_such_user')
|
flash[:alert] = t('no_such_user')
|
||||||
redirect_to registrar_login_url
|
redirect_to registrar_login_url
|
||||||
|
@ -70,7 +70,7 @@ class Registrar::SessionsController < Devise::SessionsController
|
||||||
if Rails.env.test? && phone == "123"
|
if Rails.env.test? && phone == "123"
|
||||||
@user = ApiUser.find_by(identity_code: "14212128025")
|
@user = ApiUser.find_by(identity_code: "14212128025")
|
||||||
sign_in(@user, event: :authentication)
|
sign_in(@user, event: :authentication)
|
||||||
return redirect_to registrar_root_url
|
return redirect_to role_base_root_url(@user)
|
||||||
end
|
end
|
||||||
|
|
||||||
# country_codes = {'+372' => 'EST'}
|
# country_codes = {'+372' => 'EST'}
|
||||||
|
@ -112,7 +112,7 @@ class Registrar::SessionsController < Devise::SessionsController
|
||||||
sign_in @user
|
sign_in @user
|
||||||
flash[:notice] = t(:welcome)
|
flash[:notice] = t(:welcome)
|
||||||
flash.keep(:notice)
|
flash.keep(:notice)
|
||||||
render js: "window.location = '#{registrar_root_path}'"
|
render js: "window.location = '#{role_base_root_url(@user)}'"
|
||||||
when 'NOT_VALID'
|
when 'NOT_VALID'
|
||||||
render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
|
render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
|
||||||
when 'EXPIRED_TRANSACTION'
|
when 'EXPIRED_TRANSACTION'
|
||||||
|
@ -149,4 +149,12 @@ class Registrar::SessionsController < Devise::SessionsController
|
||||||
return if WhiteIp.registrar_ip_white?(request.ip)
|
return if WhiteIp.registrar_ip_white?(request.ip)
|
||||||
render text: t('ip_is_not_whitelisted') and return
|
render text: t('ip_is_not_whitelisted') and return
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def role_base_root_url(user)
|
||||||
|
if user.try(:roles) == ['billing']
|
||||||
|
registrar_invoices_url
|
||||||
|
else
|
||||||
|
registrar_root_url
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -16,7 +16,7 @@ class RegistrarController < ApplicationController
|
||||||
sign_out(current_user)
|
sign_out(current_user)
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
return if Rails.env.development?
|
||||||
return if current_user.registrar.registrar_ip_white?(request.ip)
|
return if current_user.registrar.registrar_ip_white?(request.ip)
|
||||||
flash[:alert] = t('ip_is_not_whitelisted')
|
flash[:alert] = t('ip_is_not_whitelisted')
|
||||||
sign_out(current_user)
|
sign_out(current_user)
|
||||||
|
|
|
@ -7,15 +7,13 @@ class Ability
|
||||||
alias_action :show, to: :view
|
alias_action :show, to: :view
|
||||||
alias_action :show, :create, :update, :destroy, to: :crud
|
alias_action :show, :create, :update, :destroy, to: :crud
|
||||||
|
|
||||||
@user = user || AdminUser.new
|
@user = user || User.new
|
||||||
|
|
||||||
case @user.class.to_s
|
case @user.class.to_s
|
||||||
when 'AdminUser'
|
when 'AdminUser'
|
||||||
@user.roles.each { |role| send(role) } if @user.roles
|
@user.roles.each { |role| send(role) } if @user.roles
|
||||||
when 'ApiUser'
|
when 'ApiUser'
|
||||||
@user.roles.each { |role| send(role) } if @user.roles
|
@user.roles.each { |role| send(role) } if @user.roles
|
||||||
static_epp
|
|
||||||
static_registrar
|
|
||||||
when 'RegistrantUser'
|
when 'RegistrantUser'
|
||||||
static_registrant
|
static_registrant
|
||||||
end
|
end
|
||||||
|
@ -45,10 +43,12 @@ class Ability
|
||||||
can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
|
can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
|
||||||
can(:renew, Epp::Contact)
|
can(:renew, Epp::Contact)
|
||||||
can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
|
can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
|
||||||
|
|
||||||
|
# REPP
|
||||||
|
can(:manage, :repp)
|
||||||
end
|
end
|
||||||
|
|
||||||
def static_registrar
|
def static_registrar
|
||||||
can :read, AccountActivity
|
|
||||||
can :manage, Nameserver
|
can :manage, Nameserver
|
||||||
can :view, :registrar_dashboard
|
can :view, :registrar_dashboard
|
||||||
can :delete, :registrar_poll
|
can :delete, :registrar_poll
|
||||||
|
@ -60,7 +60,6 @@ class Ability
|
||||||
can :manage, Depp::Keyrelay
|
can :manage, Depp::Keyrelay
|
||||||
can :confirm, :keyrelay
|
can :confirm, :keyrelay
|
||||||
can :confirm, :transfer
|
can :confirm, :transfer
|
||||||
can :manage, :deposit
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def static_registrant
|
def static_registrant
|
||||||
|
@ -68,33 +67,32 @@ class Ability
|
||||||
can :manage, Depp::Domain
|
can :manage, Depp::Domain
|
||||||
end
|
end
|
||||||
|
|
||||||
def static_billing
|
|
||||||
can :manage, Invoice
|
|
||||||
end
|
|
||||||
|
|
||||||
def user
|
def user
|
||||||
can :show, :dashboard
|
can :show, :dashboard
|
||||||
end
|
end
|
||||||
|
|
||||||
# api_user dynamic role
|
# Registrar/api_user dynamic role
|
||||||
def super
|
def super
|
||||||
static_epp
|
|
||||||
static_registrar
|
static_registrar
|
||||||
|
billing
|
||||||
|
epp
|
||||||
end
|
end
|
||||||
|
|
||||||
# api_user dynamic role
|
# Registrar/api_user dynamic role
|
||||||
def epp
|
def epp
|
||||||
|
static_registrar
|
||||||
static_epp
|
static_epp
|
||||||
static_registrar
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# api_user dynamic role
|
# Registrar/api_user dynamic role
|
||||||
def billing
|
def billing
|
||||||
static_registrar
|
can :view, :registrar_dashboard
|
||||||
static_billing
|
can :manage, Invoice
|
||||||
|
can :manage, :deposit
|
||||||
|
can :read, AccountActivity
|
||||||
end
|
end
|
||||||
|
|
||||||
# admin dynamic role
|
# Admin/admin_user dynamic role
|
||||||
def customer_service
|
def customer_service
|
||||||
user
|
user
|
||||||
can :manage, Domain
|
can :manage, Domain
|
||||||
|
@ -102,7 +100,7 @@ class Ability
|
||||||
can :manage, Registrar
|
can :manage, Registrar
|
||||||
end
|
end
|
||||||
|
|
||||||
# admin dynamic role
|
# Admin/admin_user dynamic role
|
||||||
def admin
|
def admin
|
||||||
customer_service
|
customer_service
|
||||||
can :manage, Setting
|
can :manage, Setting
|
||||||
|
|
|
@ -796,3 +796,4 @@ en:
|
||||||
registrant_domain_verification_rejected: 'Domain owner change has been rejected successfully.'
|
registrant_domain_verification_rejected: 'Domain owner change has been rejected successfully.'
|
||||||
registrant_domain_verification_rejected_failed: 'Something went wrong'
|
registrant_domain_verification_rejected_failed: 'Something went wrong'
|
||||||
ip_is_not_whitelisted: 'IP is not whitelisted'
|
ip_is_not_whitelisted: 'IP is not whitelisted'
|
||||||
|
no_permission: 'No permission'
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue