Merge pull request #2502 from internetee/2492-return-contact-details-with-domain-authinfo

get contact info through domain transferred code

app/models/ability.rb

@@ -54,8 +54,14 @@ class Ability
     can(:delete,   Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
 
     # Epp::Contact
-    can(:info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || pw.blank? ? true : c.auth_info == pw }
+    can(:info, Epp::Contact) do |c, pw|
-    can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
+      c.registrar_id == @user.registrar_id ||
+        pw.blank? ? true : c.auth_info == pw ||
+          c.transferred_passwords.include?(pw)
+    end
+    can(:view_full_info, Epp::Contact) do |c, pw|
+      c.registrar_id == @user.registrar_id || c.auth_info == pw || c.transferred_passwords.include?(pw)
+    end
     can(:check,  Epp::Contact)
     can(:create, Epp::Contact)
     can(:update, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }

app/models/epp/contact.rb

@@ -16,6 +16,10 @@ class Epp::Contact < Contact
     throw(:abort)
   end
 
+  def transferred_passwords
+    domains.pluck(:transfer_code)
+  end
+
   class << self
     # support legacy search
     def find_by_epp_code(code)

test/integration/epp/contact/info/base_test.rb

@@ -188,6 +188,47 @@ class EppContactInfoBaseTest < EppTestCase
     ENV["shunter_enabled"] = 'false'
   end
 
+  def test_contact_info_of_another_registar_should_be_hidden
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+    contact = contacts(:jack)
+    assert_equal 'jack-001', contact.code
+    assert_equal [Contact::OK, Contact::LINKED], contact.statuses
+    assert_equal 'jack@inbox.test', contact.email
+    assert_equal '+555.555', contact.phone
+
+    # https://github.com/internetee/registry/issues/415
+    contact.update_columns(code: contact.code.upcase)
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <info>
+            <contact:info xmlns:contact="#{Xsd::Schema.filename(for_prefix: 'contact-ee', for_version: '1.1')}">
+              <contact:id>jack-001</contact:id>
+            </contact:info>
+          </info>
+        </command>
+      </epp>
+    XML
+
+    post epp_info_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_correct_against_schema response_xml
+    assert_epp_response :completed_successfully
+    assert_equal 'JACK-001', response_xml.at_xpath('//contact:id', contact: xml_schema).text
+    assert_equal 'ok', response_xml.at_xpath('//contact:status', contact: xml_schema)['s']
+    assert_equal 'No access', response_xml.at_xpath('//contact:email', contact: xml_schema)
+                                      .text
+    assert_equal 'No access', response_xml.at_xpath('//contact:voice', contact: xml_schema).text
+    assert_equal 'goodnames', response_xml.at_xpath('//contact:clID', contact: xml_schema).text
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+
   private
 
   def xml_schema