diff --git a/app/controllers/api/v1/registrant/contacts_controller.rb b/app/controllers/api/v1/registrant/contacts_controller.rb index bbaa3fcb5..47e036534 100644 --- a/app/controllers/api/v1/registrant/contacts_controller.rb +++ b/app/controllers/api/v1/registrant/contacts_controller.rb @@ -55,7 +55,10 @@ module Api attributes_not_exist_error(extra_attrs) and return if extra_attrs.present? end - # render_disclosed_attributes_error and return if disclosed_attributes.present? && contact.org? + if disclosed_attributes.present? && contact.org? + extra_attrs = disclosed_attributes - Contact::OPEN_LEGAL_ATTRIBUTES + render_disclosed_attributes_error and return if extra_attrs.present? + end contact.disclosed_attributes = disclosed_attributes if disclosed_attributes publishable = reparsed_request[:registrant_publishable] diff --git a/app/models/contact.rb b/app/models/contact.rb index 1ffbaa18f..36784509b 100644 --- a/app/models/contact.rb +++ b/app/models/contact.rb @@ -156,6 +156,10 @@ class Contact < ApplicationRecord fax ].freeze + OPEN_LEGAL_ATTRIBUTES = %w[ + phone + ].freeze + STATUSES = [ CLIENT_DELETE_PROHIBITED, SERVER_DELETE_PROHIBITED, CLIENT_TRANSFER_PROHIBITED, diff --git a/test/integration/api/v1/registrant/contacts/update_test.rb b/test/integration/api/v1/registrant/contacts/update_test.rb index 79cb8ab3c..d3fba62c3 100644 --- a/test/integration/api/v1/registrant/contacts/update_test.rb +++ b/test/integration/api/v1/registrant/contacts/update_test.rb @@ -175,31 +175,31 @@ class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest assert_empty @contact.disclosed_attributes end - # def test_legal_persons_disclosed_attributes_cannot_be_changed - # @contact = contacts(:acme_ltd) + def test_legal_persons_disclosed_attributes_cannot_be_changed + @contact = contacts(:acme_ltd) - # contacts(:acme_ltd).ident - # assert_equal '1234567', @contact.ident + contacts(:acme_ltd).ident + assert_equal '1234567', @contact.ident - # assert_equal Contact::ORG, @contact.ident_type - # assert_equal 'US', @contact.ident_country_code - # @contact.update!(disclosed_attributes: %w[]) - # assert_equal 'US-1234', @user.registrant_ident + assert_equal Contact::ORG, @contact.ident_type + assert_equal 'US', @contact.ident_country_code + @contact.update!(disclosed_attributes: %w[]) + assert_equal 'US-1234', @user.registrant_ident - # assert_no_changes -> { @contact.disclosed_attributes } do - # patch api_v1_registrant_contact_path(@contact.uuid), - # params: { disclosed_attributes: %w[name] }, - # as: :json, - # headers: { 'HTTP_AUTHORIZATION' => auth_token } - # @contact.reload - # end - # assert_response :bad_request + assert_no_changes -> { @contact.disclosed_attributes } do + patch api_v1_registrant_contact_path(@contact.uuid), + params: { disclosed_attributes: %w[name] }, + as: :json, + headers: { 'HTTP_AUTHORIZATION' => auth_token } + @contact.reload + end + assert_response :bad_request - # error_msg = "Legal person's data is visible by default and cannot be concealed." \ - # ' Please remove this parameter.' - # assert_equal ({ errors: [{ disclosed_attributes: [error_msg] }] }), - # JSON.parse(response.body, symbolize_names: true) - # end + error_msg = "Legal person's data is visible by default and cannot be concealed." \ + ' Please remove this parameter.' + assert_equal ({ errors: [{ disclosed_attributes: [error_msg] }] }), + JSON.parse(response.body, symbolize_names: true) + end def test_legal_persons_disclosed_attributes_change_when_phone @contact = contacts(:acme_ltd)