From be8aa474f87ac58d2c6e41054401171d1d62ffee Mon Sep 17 00:00:00 2001 From: Vladimir Krylov Date: Wed, 27 Jan 2016 13:21:45 +0200 Subject: [PATCH] Story#105842700 - Set security --- app/controllers/registrant/contacts_controller.rb | 14 ++++++++++++-- app/controllers/registrant/domains_controller.rb | 7 ++----- app/models/business_registry_cache.rb | 9 +++++++-- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/app/controllers/registrant/contacts_controller.rb b/app/controllers/registrant/contacts_controller.rb index d3a0ddff8..5ebf396ae 100644 --- a/app/controllers/registrant/contacts_controller.rb +++ b/app/controllers/registrant/contacts_controller.rb @@ -1,8 +1,18 @@ class Registrant::ContactsController < RegistrantController def show - @contact = Contact.find(params[:id]) + @contact = contacts.find(params[:id]) authorize! :read, @contact - @contact.valid? + end + + def contacts + ident_cc, ident = @current_user.registrant_ident.to_s.split '-' + begin + BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_contacts + rescue Soap::Arireg::NotAvailableError => error + flash[:notice] = I18n.t(error.json[:message]) + Rails.logger.fatal("[EXCEPTION] #{error.to_s}") + Contact.none + end end end \ No newline at end of file diff --git a/app/controllers/registrant/domains_controller.rb b/app/controllers/registrant/domains_controller.rb index bf7ce37bb..0d8ffa5c5 100644 --- a/app/controllers/registrant/domains_controller.rb +++ b/app/controllers/registrant/domains_controller.rb @@ -11,15 +11,12 @@ class Registrant::DomainsController < RegistrantController end def show - @domain = Domain.find(params[:id]) - if !(domains.include?(@domain) || @domain.valid?) - redirect_to registrant_domains_path - end + @domain = domains.find(params[:id]) authorize! :read, @domain end def set_domain - @domain = Domain.find(params[:id]) + @domain = domains.find(params[:id]) end def download_list diff --git a/app/models/business_registry_cache.rb b/app/models/business_registry_cache.rb index 5ca1e002c..cab39e7ee 100644 --- a/app/models/business_registry_cache.rb +++ b/app/models/business_registry_cache.rb @@ -22,11 +22,16 @@ class BusinessRegistryCache < ActiveRecord::Base # 1. load domains by business # 2. load domains by person + def associated_contacts + contact_ids = Contact.where(ident_type: 'org', ident: associated_businesses, ident_country_code: 'EE').pluck(:id) + contact_ids += Contact.where(ident_type: 'priv', ident: ident, ident_country_code: ident_country_code).pluck(:id) + contact_ids + end + def associated_domains domains = [] - contact_ids = Contact.where(ident_type: 'org', ident: associated_businesses, ident_country_code: 'EE').pluck(:id) - contact_ids += Contact.where(ident_type: 'priv', ident: ident, ident_country_code: ident_country_code).pluck(:id) + contact_ids = associated_contacts unless contact_ids.blank? domains = DomainContact.distinct.where(contact_id: contact_ids).pluck(:domain_id)