Story#105842700 - Set security

2025-07-02 01:03:35 +02:00 · 2016-01-27 13:21:45 +02:00 · 2016-01-27 13:21:45 +02:00 · be8aa474f8
commit be8aa474f8
parent 438f77a981
3 changed files with 21 additions and 9 deletions
--- a/app/controllers/registrant/contacts_controller.rb
+++ b/app/controllers/registrant/contacts_controller.rb
@ -1,8 +1,18 @@
 class Registrant::ContactsController < RegistrantController

  def show
-    @contact = Contact.find(params[:id])
+    @contact = contacts.find(params[:id])
    authorize! :read, @contact
-    @contact.valid?
+  end
+
+  def contacts
+    ident_cc, ident = @current_user.registrant_ident.to_s.split '-'
+    begin
+      BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_contacts
+    rescue Soap::Arireg::NotAvailableError => error
+      flash[:notice] = I18n.t(error.json[:message])
+      Rails.logger.fatal("[EXCEPTION] #{error.to_s}")
+      Contact.none
+    end
  end
 end
--- a/app/controllers/registrant/domains_controller.rb
+++ b/app/controllers/registrant/domains_controller.rb
@ -11,15 +11,12 @@ class Registrant::DomainsController < RegistrantController
  end

  def show
-    @domain = Domain.find(params[:id])
-    if !(domains.include?(@domain) || @domain.valid?)
-      redirect_to registrant_domains_path
-    end
+    @domain = domains.find(params[:id])
    authorize! :read, @domain
  end

  def set_domain
-    @domain = Domain.find(params[:id])
+    @domain = domains.find(params[:id])
  end

  def download_list
--- a/app/models/business_registry_cache.rb
+++ b/app/models/business_registry_cache.rb
@ -22,11 +22,16 @@ class BusinessRegistryCache < ActiveRecord::Base

  # 1. load domains by business
  # 2. load domains by person
+  def associated_contacts
+    contact_ids  = Contact.where(ident_type: 'org',  ident: associated_businesses, ident_country_code: 'EE').pluck(:id)
+    contact_ids += Contact.where(ident_type: 'priv', ident: ident, ident_country_code: ident_country_code).pluck(:id)
+    contact_ids
+  end
+
  def associated_domains
    domains = []

-    contact_ids  = Contact.where(ident_type: 'org',  ident: associated_businesses, ident_country_code: 'EE').pluck(:id)
-    contact_ids += Contact.where(ident_type: 'priv', ident: ident, ident_country_code: ident_country_code).pluck(:id)
+    contact_ids = associated_contacts

    unless contact_ids.blank?
      domains = DomainContact.distinct.where(contact_id: contact_ids).pluck(:domain_id)