zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-06 20:55:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

Make sure that only admin contacts and registrants can lock a domain

Browse source
This commit is contained in:
Maciej Szlosarczyk 2018-08-24 12:54:05 +03:00
parent 1d53e7bb5b
commit a64b03d204
No known key found for this signature in database
GPG key ID: 41D62D42D3B0D765
4 changed files with 49 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

12
app/controllers/api/v1/registrant/registry_locks_controller.rb
View file

@ -3,6 +3,7 @@ module Api
module Registrant
class RegistryLocksController < BaseController
before_action :set_domain
before_action :authorized_to_manage_locks?
def create
if @domain.apply_registry_lock
@ -25,13 +26,22 @@ module Api
private
def set_domain
domain_pool = current_user.administrated_domains
domain_pool = current_user.domains
@domain = domain_pool.find_by(uuid: params[:domain_uuid])
return if @domain
render json: { errors: [{ base: ['Domain not found'] }] },
status: :not_found and return
end
def authorized_to_manage_locks?
return if current_user.administrated_domains.include?(@domain)
render json: { errors: [
{ base: ['Only administrative contacts can manage registry locks'] }
] },
status: :unauthorized and return
end
end
end
end