zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-17 01:47:18 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added role base redirect and updated abilities

Browse source
This commit is contained in:
Priit Tark 2015-05-20 20:58:57 +03:00
parent 5afa0ac793
commit 84cd0b8378
5 changed files with 34 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/api/repp/api.rb
View file

@ -12,6 +12,10 @@ module Repp
error! I18n.t('ip_is_not_whitelisted'), 401 unless @current_user.registrar.api_ip_white?(request.ip) error! I18n.t('ip_is_not_whitelisted'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
end end
if @current_user.cannot?(:view, :repp)
error! I18n.t('no_permission'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
end
next if Rails.env.test? || Rails.env.development? next if Rails.env.test? || Rails.env.development?
message = 'Certificate mismatch! Cert common name should be:' message = 'Certificate mismatch! Cert common name should be:'
request_name = env['HTTP_SSL_CLIENT_S_DN_CN'] request_name = env['HTTP_SSL_CLIENT_S_DN_CN']
@ -22,7 +26,6 @@ module Repp
else else
error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
end end
end end
helpers do helpers do

16
app/controllers/registrar/sessions_controller.rb
View file

@ -35,7 +35,7 @@ class Registrar::SessionsController < Devise::SessionsController
@api_user = ApiUser.find_by(username: params[:depp_user][:tag]) @api_user = ApiUser.find_by(username: params[:depp_user][:tag])
if @api_user.active? if @api_user.active?
sign_in @api_user sign_in @api_user
redirect_to registrar_root_url redirect_to role_base_root_url(@api_user)
else else
@depp_user.errors.add(:base, :not_active) @depp_user.errors.add(:base, :not_active)
render 'login' render 'login'
@ -52,7 +52,7 @@ class Registrar::SessionsController < Devise::SessionsController
if @user if @user
sign_in(@user, event: :authentication) sign_in(@user, event: :authentication)
redirect_to registrar_root_url redirect_to role_base_root_url(@user)
else else
flash[:alert] = t('no_such_user') flash[:alert] = t('no_such_user')
redirect_to registrar_login_url redirect_to registrar_login_url
@ -70,7 +70,7 @@ class Registrar::SessionsController < Devise::SessionsController
if Rails.env.test? && phone == "123" if Rails.env.test? && phone == "123"
@user = ApiUser.find_by(identity_code: "14212128025") @user = ApiUser.find_by(identity_code: "14212128025")
sign_in(@user, event: :authentication) sign_in(@user, event: :authentication)
return redirect_to registrar_root_url return redirect_to role_base_root_url(@user)
end end
# country_codes = {'+372' => 'EST'} # country_codes = {'+372' => 'EST'}
@ -112,7 +112,7 @@ class Registrar::SessionsController < Devise::SessionsController
sign_in @user sign_in @user
flash[:notice] = t(:welcome) flash[:notice] = t(:welcome)
flash.keep(:notice) flash.keep(:notice)
render js: "window.location = '#{registrar_root_path}'" render js: "window.location = '#{role_base_root_url(@user)}'"
when 'NOT_VALID' when 'NOT_VALID'
render json: { message: t(:user_signature_is_invalid) }, status: :bad_request render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
when 'EXPIRED_TRANSACTION' when 'EXPIRED_TRANSACTION'
@ -149,4 +149,12 @@ class Registrar::SessionsController < Devise::SessionsController
return if WhiteIp.registrar_ip_white?(request.ip) return if WhiteIp.registrar_ip_white?(request.ip)
render text: t('ip_is_not_whitelisted') and return render text: t('ip_is_not_whitelisted') and return
end end
def role_base_root_url(user)
if user.try(:roles) == ['billing']
registrar_invoices_url
else
registrar_root_url
end
end
end end

2
app/controllers/registrar_controller.rb
View file

@ -16,7 +16,7 @@ class RegistrarController < ApplicationController
sign_out(current_user) sign_out(current_user)
return return
end end
return if Rails.env.development?
return if current_user.registrar.registrar_ip_white?(request.ip) return if current_user.registrar.registrar_ip_white?(request.ip)
flash[:alert] = t('ip_is_not_whitelisted') flash[:alert] = t('ip_is_not_whitelisted')
sign_out(current_user) sign_out(current_user)

34
app/models/ability.rb
View file

@ -7,15 +7,13 @@ class Ability
alias_action :show, to: :view alias_action :show, to: :view
alias_action :show, :create, :update, :destroy, to: :crud alias_action :show, :create, :update, :destroy, to: :crud
@user = user || AdminUser.new @user = user || User.new
case @user.class.to_s case @user.class.to_s
when 'AdminUser' when 'AdminUser'
@user.roles.each { |role| send(role) } if @user.roles @user.roles.each { |role| send(role) } if @user.roles
when 'ApiUser' when 'ApiUser'
@user.roles.each { |role| send(role) } if @user.roles @user.roles.each { |role| send(role) } if @user.roles
static_epp
static_registrar
when 'RegistrantUser' when 'RegistrantUser'
static_registrant static_registrant
end end
@ -45,10 +43,12 @@ class Ability
can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
can(:renew, Epp::Contact) can(:renew, Epp::Contact)
can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
# REPP
can(:manage, :repp)
end end
def static_registrar def static_registrar
can :read, AccountActivity
can :manage, Nameserver can :manage, Nameserver
can :view, :registrar_dashboard can :view, :registrar_dashboard
can :delete, :registrar_poll can :delete, :registrar_poll
@ -60,7 +60,6 @@ class Ability
can :manage, Depp::Keyrelay can :manage, Depp::Keyrelay
can :confirm, :keyrelay can :confirm, :keyrelay
can :confirm, :transfer can :confirm, :transfer
can :manage, :deposit
end end
def static_registrant def static_registrant
@ -68,33 +67,32 @@ class Ability
can :manage, Depp::Domain can :manage, Depp::Domain
end end
def static_billing
can :manage, Invoice
end
def user def user
can :show, :dashboard can :show, :dashboard
end end
# api_user dynamic role # Registrar/api_user dynamic role
def super def super
static_epp
static_registrar static_registrar
billing
epp
end end
# api_user dynamic role # Registrar/api_user dynamic role
def epp def epp
static_registrar
static_epp static_epp
static_registrar
end end
# api_user dynamic role # Registrar/api_user dynamic role
def billing def billing
static_registrar can :view, :registrar_dashboard
static_billing can :manage, Invoice
can :manage, :deposit
can :read, AccountActivity
end end
# admin dynamic role # Admin/admin_user dynamic role
def customer_service def customer_service
user user
can :manage, Domain can :manage, Domain
@ -102,7 +100,7 @@ class Ability
can :manage, Registrar can :manage, Registrar
end end
# admin dynamic role # Admin/admin_user dynamic role
def admin def admin
customer_service customer_service
can :manage, Setting can :manage, Setting

1
config/locales/en.yml
View file

@ -796,3 +796,4 @@ en:
registrant_domain_verification_rejected: 'Domain owner change has been rejected successfully.' registrant_domain_verification_rejected: 'Domain owner change has been rejected successfully.'
registrant_domain_verification_rejected_failed: 'Something went wrong' registrant_domain_verification_rejected_failed: 'Something went wrong'
ip_is_not_whitelisted: 'IP is not whitelisted' ip_is_not_whitelisted: 'IP is not whitelisted'
no_permission: 'No permission'