Story#105842700 - Set security

This commit is contained in:
Vladimir Krylov 2016-01-27 13:21:45 +02:00
parent 438f77a981
commit be8aa474f8
3 changed files with 21 additions and 9 deletions

View file

@ -1,8 +1,18 @@
class Registrant::ContactsController < RegistrantController
def show
@contact = Contact.find(params[:id])
@contact = contacts.find(params[:id])
authorize! :read, @contact
@contact.valid?
end
def contacts
ident_cc, ident = @current_user.registrant_ident.to_s.split '-'
begin
BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_contacts
rescue Soap::Arireg::NotAvailableError => error
flash[:notice] = I18n.t(error.json[:message])
Rails.logger.fatal("[EXCEPTION] #{error.to_s}")
Contact.none
end
end
end

View file

@ -11,15 +11,12 @@ class Registrant::DomainsController < RegistrantController
end
def show
@domain = Domain.find(params[:id])
if !(domains.include?(@domain) || @domain.valid?)
redirect_to registrant_domains_path
end
@domain = domains.find(params[:id])
authorize! :read, @domain
end
def set_domain
@domain = Domain.find(params[:id])
@domain = domains.find(params[:id])
end
def download_list

View file

@ -22,11 +22,16 @@ class BusinessRegistryCache < ActiveRecord::Base
# 1. load domains by business
# 2. load domains by person
def associated_contacts
contact_ids = Contact.where(ident_type: 'org', ident: associated_businesses, ident_country_code: 'EE').pluck(:id)
contact_ids += Contact.where(ident_type: 'priv', ident: ident, ident_country_code: ident_country_code).pluck(:id)
contact_ids
end
def associated_domains
domains = []
contact_ids = Contact.where(ident_type: 'org', ident: associated_businesses, ident_country_code: 'EE').pluck(:id)
contact_ids += Contact.where(ident_type: 'priv', ident: ident, ident_country_code: ident_country_code).pluck(:id)
contact_ids = associated_contacts
unless contact_ids.blank?
domains = DomainContact.distinct.where(contact_id: contact_ids).pluck(:domain_id)