Implement status policy

2025-07-03 09:43:36 +02:00 · 2015-03-30 18:37:57 +03:00 · 2015-03-30 18:37:57 +03:00 · bb93f8b609
commit bb93f8b609
parent 09c73d6109
7 changed files with 109 additions and 38 deletions
--- a/app/controllers/epp/contacts_controller.rb
+++ b/app/controllers/epp/contacts_controller.rb
@ -101,6 +101,7 @@ class Epp::ContactsController < EppController
    end
    contact_org_disabled
    fax_disabled
+    status_editing_disabled
    @prefix = nil
    requires 'extension > extdata > ident'
  end
@ -115,6 +116,7 @@ class Epp::ContactsController < EppController
    end
    contact_org_disabled
    fax_disabled
+    status_editing_disabled
    requires 'id', 'authInfo > pw'
    @prefix = nil
  end
@ -142,4 +144,13 @@ class Epp::ContactsController < EppController
      msg: "#{I18n.t(:contact_fax_error)}: fax [fax]"
    }
  end
+
+  def status_editing_disabled
+    return true if Setting.client_status_editing_enabled
+    return true if params[:parsed_frame].css('status').empty?
+    epp_errors << {
+      code: '2306',
+      msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]"
+    }
+  end
 end
--- a/app/controllers/epp/domains_controller.rb
+++ b/app/controllers/epp/domains_controller.rb
@ -116,6 +116,8 @@ class Epp::DomainsController < EppController

    @prefix = nil
    requires 'extension > extdata > legalDocument'
+
+    status_editing_disabled
  end

  def validate_renew
@ -130,6 +132,8 @@ class Epp::DomainsController < EppController

    @prefix = 'update > update >'
    requires 'name'
+
+    status_editing_disabled
  end

  ## TRANSFER
@ -170,4 +174,13 @@ class Epp::DomainsController < EppController
  def find_password
    @password = params[:parsed_frame].css('authInfo pw').text
  end
+
+  def status_editing_disabled
+    return true if Setting.client_status_editing_enabled
+    return true if params[:parsed_frame].css('status').empty?
+    epp_errors << {
+      code: '2306',
+      msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]"
+    }
+  end
 end
--- a/config/initializers/initial_settings.rb
+++ b/config/initializers/initial_settings.rb
@ -29,6 +29,8 @@ if con.present? && con.table_exists?('settings')
  Setting.save_default(:ns_max_count, 11)

  Setting.save_default(:transfer_wait_time, 0)
+
+  Setting.save_default(:client_side_status_editing_enabled, false)
 end

 # dev only setting
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -506,3 +506,4 @@ en:
  sending_error: 'Could not send sms to user'
  sim_error: 'SIM application error'
  internal_error: 'Internal error'
+  client_side_status_editing_error: 'Parameter value policy error. Client-side object status management not supported'
--- a/spec/epp/contact_spec.rb
+++ b/spec/epp/contact_spec.rb
@ -330,6 +330,27 @@ describe 'EPP Contact', epp: true do

        Contact.find_by(code: 'sh8013').fax.should == nil
      end
+
+      it 'does not allow to edit statuses if policy forbids it' do
+        Setting.client_status_editing_enabled = false
+
+        xml = @epp_xml.update({
+          id: { value: 'sh8013' },
+          add: [{
+            _anonymus: [
+              { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
+              { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
+            ]
+          }]
+        })
+
+        response = epp_plain_request(xml, :xml)
+        response[:results][0][:result_code].should == '2306'
+        response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\
+                                              "management not supported: status [status]"
+
+        Setting.client_status_editing_enabled = true
+      end
    end

    context 'delete command' do
--- a/spec/epp/domain_spec.rb
+++ b/spec/epp/domain_spec.rb
@ -1460,6 +1460,27 @@ describe 'EPP Domain', epp: true do
      d.domain_statuses.count.should == 2
    end

+    it 'does not allow to edit statuses if policy forbids it' do
+      Setting.client_status_editing_enabled = false
+
+      xml = domain_update_xml({
+        name: { value: domain.name },
+        add: [{
+          _anonymus: [
+            { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
+            { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
+          ]
+        }]
+      })
+
+      response = epp_plain_request(xml, :xml)
+      response[:results][0][:result_code].should == '2306'
+      response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\
+                                            "management not supported: status [status]"
+
+      Setting.client_status_editing_enabled = true
+    end
+
    it 'updates a domain and removes objects' do
      xml = domain_update_xml({
        name: { value: domain.name },
--- a/spec/support/general.rb
+++ b/spec/support/general.rb
@ -16,6 +16,8 @@ module General
    Setting.admin_contacts_max_count = 10
    Setting.tech_contacts_min_count = 0
    Setting.tech_contacts_max_count = 10
+
+    Setting.client_side_status_editing_enabled = true
  end

  def create_disclosure_settings