From 47669f184b91ed272c95fd503a1fa7dff3a30235 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Tue, 18 Aug 2015 21:36:20 +0300 Subject: [PATCH 01/14] Added registrant index view local currency support #2781 --- app/views/registrar/invoices/index.haml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/registrar/invoices/index.haml b/app/views/registrar/invoices/index.haml index ed543f381..543070c32 100644 --- a/app/views/registrar/invoices/index.haml +++ b/app/views/registrar/invoices/index.haml @@ -4,7 +4,7 @@ = render 'shared/title', name: t(:your_account) = t(:your_current_account_balance_is, - balance: current_user.registrar.cash_account.balance, + balance: currency(current_user.registrar.cash_account.balance), currency: current_user.registrar.cash_account.currency) %h1= t(:invoices) @@ -68,7 +68,7 @@ %td{class: 'text-danger'}= t(:unpaid) %td= l(x.due_date, format: :date_long) - %td= x.sum + %td= currency(x.sum) .row .col-md-12 = paginate @invoices From 618df68a76ee19e308ab3d935fa1483930a2fdb7 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Tue, 18 Aug 2015 21:52:07 +0300 Subject: [PATCH 02/14] Email typo update #2872 --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 7d33957db..b19381c26 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -781,7 +781,7 @@ en: unimplemented_object_service: 'Unimplemented object service' contact_email_update_subject: 'Teie domeenide kontakt epostiaadress on muutunud / Contact e-mail addresses of your domains have changed' object_status_prohibits_operation: 'Object status prohibits operation' - pending_update_request_for_old_registrant_subject: "Kinnitustaotlus domeeni %{name} registreerija vahetuseks / Application for approval for registrant chache of %{name}" + pending_update_request_for_old_registrant_subject: "Kinnitustaotlus domeeni %{name} registreerija vahetuseks / Application for approval for registrant change of %{name}" pending_update_notification_for_new_registrant_subject: "Domeeni %{name} registreerija vahetus protseduur on algatatud / %{name} registrant change" pending_update_rejected_notification_for_new_registrant_subject: "Domeeni %{name} registreerija vahetuse taotlus tagasi lükatud / %{name} registrant change declined" pending_update_expired_notification_for_new_registrant_subject: "Domeeni %{name} registreerija vahetuse taotlus on tühistatud / %{name} registrant change cancelled" From 78e898c6dcd7336b6c8204472b708961311874c9 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Tue, 18 Aug 2015 21:58:24 +0300 Subject: [PATCH 03/14] Email translation fix #2873 --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index b19381c26..389616dff 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -788,7 +788,7 @@ en: registrant_updated_notification_for_new_registrant_subject: 'Domeeni %{name} registreerija vahetus teostatud / Registrant change of %{name} has been finished.' registrant_updated_notification_for_old_registrant_subject: 'Domeeni %{name} registreerija vahetus teostatud / Registrant change of %{name} has been finished.' domain_pending_deleted_subject: "Kinnitustaotlus domeeni %{name} kustutamiseks .ee registrist / Application for approval for deletion of %{name}" - pending_delete_rejected_notification_subject: "Domeeni %{name} kustutamise taotlus tagasi lükatud / %{name) deletion declined" + pending_delete_rejected_notification_subject: "Domeeni %{name} kustutamise taotlus tagasi lükatud / %{name} deletion declined" pending_delete_expired_notification_subject: "Domeeni %{name} kustutamise taotlus on tühistatud / %{name} deletion cancelled" delete_confirmation_subject: "Domeeni %{name} kustutatud / %{name} deleted" whois: WHOIS From 6eaf6badc060a169403d93bc3feffa2aa5d997da Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 00:03:48 +0300 Subject: [PATCH 04/14] Disable possibility to select --- value from select #2517 --- lib/sorted_country.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/sorted_country.rb b/lib/sorted_country.rb index 114213681..2cca29aa3 100644 --- a/lib/sorted_country.rb +++ b/lib/sorted_country.rb @@ -6,12 +6,12 @@ class SortedCountry include ActionView::Helpers def all_options(selected = nil) - quick_options = options_for_select(quick_list + [['---', '']], selected) + quick_options = options_for_select([['','']] + quick_list, { selected: selected }) # no double select selected = quick_list.map(&:second).include?(selected) ? '' : selected - all_options = options_for_select(all_sorted_truncated, selected) + all_options = options_for_select([['---', '---']] + all_sorted_truncated, { selected: selected, disabled: ['---'] }) quick_options + all_options end From aad7884c0ef9842e8915ba6b64cc06db24f7ef08 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 00:03:58 +0300 Subject: [PATCH 05/14] Admin and api user password now checked on browser side #2517 --- app/views/admin/admin_users/_form.haml | 27 +++++++++++++++++--------- app/views/admin/api_users/_form.haml | 17 ++++++++++++---- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/app/views/admin/admin_users/_form.haml b/app/views/admin/admin_users/_form.haml index e7738a9f0..ba7203e1e 100644 --- a/app/views/admin/admin_users/_form.haml +++ b/app/views/admin/admin_users/_form.haml @@ -1,3 +1,10 @@ +- if @admin_user.new_record? + - overwrite_required = '' + - field_required = 'required' +- else + - overwrite_required = 'not-required' # otherwise automatic one adds required + - field_required = '' + = form_for([:admin, @admin_user], html: { class: 'form-horizontal', autocomplete: 'off' }) do |f| = render 'shared/full_errors', object: @admin_user @@ -11,22 +18,22 @@ - if @admin_user.new_record? || can?(:update, AdminUser) .form-group .col-md-4.control-label - - not_required = @admin_user.new_record? ? '' : 'not-required' - = f.label :password, class: not_required + + = f.label :password, class: overwrite_required .col-md-8 - = f.text_field(:password, class: 'form-control') + = f.text_field(:password, class: "form-control #{field_required}") .form-group .col-md-4.control-label - = f.label :password_confirmation, class: not_required + = f.label :password_confirmation, class: overwrite_required .col-md-8 - = f.text_field(:password_confirmation, class: 'form-control') + = f.text_field(:password_confirmation, class: "form-control #{field_required}") %hr .form-group .col-md-4.control-label = f.label :identity_code .col-md-8 - = f.text_field(:identity_code, class: 'form-control') + = f.text_field(:identity_code, class: 'form-control required') .form-group .col-md-4.control-label = f.label :email @@ -37,13 +44,15 @@ = f.label :country_code, t(:country) .col-md-8 = f.select(:country_code, - SortedCountry.all_options(f.object.country_code), {}, class: 'form-control') + SortedCountry.all_options(f.object.country_code), {}, class: 'form-control required') %hr .form-group .col-md-4.control-label - = f.label :role + = f.label :role, class: 'required' .col-md-8 - = select_tag 'admin_user[roles][]', options_for_select(AdminUser::ROLES.map {|x| [t(x), x] }, @admin_user.roles.try(:first)), class: 'form-control selectize' + = select_tag 'admin_user[roles][]', + options_for_select(AdminUser::ROLES.map {|x| [t(x), x] }, + @admin_user.roles.try(:first)), class: 'form-control selectize' %hr .row diff --git a/app/views/admin/api_users/_form.haml b/app/views/admin/api_users/_form.haml index e6851e424..00e6bb248 100644 --- a/app/views/admin/api_users/_form.haml +++ b/app/views/admin/api_users/_form.haml @@ -1,3 +1,11 @@ +- if @api_user.new_record? + - overwrite_required = '' + - field_required = 'required' +- else + - overwrite_required = 'not-required' # otherwise automatic one adds required + - field_required = '' + + = form_for([:admin, @api_user], multipart: true, html: {class: 'form-horizontal', autocomplete: 'off'}) do |f| = render 'shared/full_errors', object: @api_user @@ -11,16 +19,16 @@ = f.text_field(:username, class: 'form-control') .form-group .col-md-4.control-label - - not_required = @api_user.new_record? ? '' : 'not-required' - = f.label :password, class: not_required + = f.label :password, class: overwrite_required .col-md-7 - = f.text_field :password, class: 'form-control', autocomplete: 'off' + = f.text_field :password, class: "form-control #{field_required}", autocomplete: 'off' .form-group .col-md-4.control-label = f.label :identity_code .col-md-7 = f.text_field(:identity_code, class: 'form-control') + .form-group .form-group.has-feedback.js-typeahead-container .col-md-4.control-label @@ -32,9 +40,10 @@ %span.glyphicon.glyphicon-ok.form-control-feedback.js-typeahead-ok.hidden %span.glyphicon.glyphicon-remove.form-control-feedback.js-typeahead-remove = f.hidden_field(:registrar_id, class: 'js-registrar-id') + .form-group .col-md-4.control-label - = f.label :role + = f.label :role, class: 'required' .col-md-7 = select_tag 'api_user[roles][]', options_for_select(ApiUser::ROLES.map {|x| [t(x), x] }, @api_user.roles.try(:first)), From 259b6dd2560d01e35daf65699d62f9eedf6f7dd3 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 00:10:57 +0300 Subject: [PATCH 06/14] Registrant confirmation email typo fix #2874 --- app/mailers/domain_mailer.rb | 8 ++++---- app/models/domain.rb | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/mailers/domain_mailer.rb b/app/mailers/domain_mailer.rb index 1eb4341c9..3e9b7c360 100644 --- a/app/mailers/domain_mailer.rb +++ b/app/mailers/domain_mailer.rb @@ -73,8 +73,8 @@ class DomainMailer < ApplicationMailer @domain = domain # no delivery off control, driggered by que, no epp request - @new_registrant_email = @domain.pending_json[:new_registrant_email] - @new_registrant_name = @domain.pending_json[:new_registrant_name] + @new_registrant_email = @domain.pending_json['new_registrant_email'] + @new_registrant_name = @domain.pending_json['new_registrant_name'] return if whitelist_blocked?(@new_registrant_email) mail(to: @new_registrant_email, @@ -86,8 +86,8 @@ class DomainMailer < ApplicationMailer @domain = domain # no delivery off control, driggered by cron, no epp request - @new_registrant_email = @domain.pending_json[:new_registrant_email] - @new_registrant_name = @domain.pending_json[:new_registrant_name] + @new_registrant_email = @domain.pending_json['new_registrant_email'] + @new_registrant_name = @domain.pending_json['new_registrant_name'] return if whitelist_blocked?(@new_registrant_email) if @new_registrant_email.blank? diff --git a/app/models/domain.rb b/app/models/domain.rb index 55c246987..9ed9afde4 100644 --- a/app/models/domain.rb +++ b/app/models/domain.rb @@ -394,10 +394,10 @@ class Domain < ActiveRecord::Base self.registrant_verification_token = token self.registrant_verification_asked_at = asked_at set_pending_update - pending_json[:domain] = changes_cache - pending_json[:new_registrant_id] = new_registrant_id - pending_json[:new_registrant_email] = new_registrant_email - pending_json[:new_registrant_name] = new_registrant_name + pending_json['domain'] = changes_cache + pending_json['new_registrant_id'] = new_registrant_id + pending_json['new_registrant_email'] = new_registrant_email + pending_json['new_registrant_name'] = new_registrant_name # This pending_update! method is triggered by before_update # Note, all before_save callbacks are excecuted before before_update, From 85e5a175098e1fdccd8c67c9e2f78499ac6827c5 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 00:58:40 +0300 Subject: [PATCH 07/14] Rubocop update --- lib/sorted_country.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/sorted_country.rb b/lib/sorted_country.rb index 2cca29aa3..d05a31bab 100644 --- a/lib/sorted_country.rb +++ b/lib/sorted_country.rb @@ -6,12 +6,13 @@ class SortedCountry include ActionView::Helpers def all_options(selected = nil) - quick_options = options_for_select([['','']] + quick_list, { selected: selected }) + quick_options = options_for_select([['', '']] + quick_list, { selected: selected }) # no double select selected = quick_list.map(&:second).include?(selected) ? '' : selected - all_options = options_for_select([['---', '---']] + all_sorted_truncated, { selected: selected, disabled: ['---'] }) + all_options = options_for_select([['---', '---']] + all_sorted_truncated, + { selected: selected, disabled: ['---'] }) quick_options + all_options end From 598ab7ba63e7f810bd1cd667a73f2d4f0db23db8 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Tue, 18 Aug 2015 14:15:16 +0300 Subject: [PATCH 08/14] Ignore empty identity for regisrar user switch #2754 --- app/controllers/epp/sessions_controller.rb | 2 +- app/models/api_user.rb | 23 ++++++++++++-------- app/views/layouts/registrar/application.haml | 2 +- spec/models/api_user_spec.rb | 16 ++++++++++++++ 4 files changed, 32 insertions(+), 11 deletions(-) diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index b877c01ce..975d3cab5 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -105,7 +105,7 @@ class Epp::SessionsController < EppController end def connection_limit_ok? - return true if Rails.env.test? + return true if Rails.env.test? || Rails.env.development? c = EppSession.where( 'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes ).count diff --git a/app/models/api_user.rb b/app/models/api_user.rb index a8e0174bd..51c4da606 100644 --- a/app/models/api_user.rb +++ b/app/models/api_user.rb @@ -40,6 +40,20 @@ class ApiUser < User self.active = true unless active_changed? end + class << self + def find_by_idc_data(idc_data) + return false if idc_data.blank? + identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first + + find_by(identity_code: identity_code) + end + + def all_by_identity_code(identity_code) + ApiUser.where(identity_code: identity_code) + .where("identity_code is NOT NULL and identity_code != ''").includes(:registrar) + end + end + def registrar_typeahead @registrar_typeahead || registrar || nil end @@ -75,13 +89,4 @@ class ApiUser < User md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s certificates.api.exists?(md5: md5, common_name: cn) end - - class << self - def find_by_idc_data(idc_data) - return false if idc_data.blank? - identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first - - find_by(identity_code: identity_code) - end - end end diff --git a/app/views/layouts/registrar/application.haml b/app/views/layouts/registrar/application.haml index a2273de22..3754cd0bf 100644 --- a/app/views/layouts/registrar/application.haml +++ b/app/views/layouts/registrar/application.haml @@ -54,7 +54,7 @@ = "#{current_user} (#{current_user.roles.first}) - #{current_user.registrar}" %span.caret %ul.dropdown-menu{role: "menu"} - - ApiUser.where(identity_code: current_user.identity_code).includes(:registrar).each do |x| + - ApiUser.all_by_identity_code(current_user.identity_code).each do |x| %li= link_to "#{x} (#{x.roles.first}) - #{x.registrar}", "/registrar/switch_user/#{x.id}" - if user_signed_in? %li= link_to t(:log_out_), '/registrar/logout' diff --git a/spec/models/api_user_spec.rb b/spec/models/api_user_spec.rb index 8e46d0c6e..f159e5a7a 100644 --- a/spec/models/api_user_spec.rb +++ b/spec/models/api_user_spec.rb @@ -3,6 +3,22 @@ require 'rails_helper' describe ApiUser do it { should belong_to(:registrar) } + context 'class methods' do + before do + Fabricate(:api_user, identity_code: '') + Fabricate(:api_user, identity_code: 14212128025) + end + + it 'should return all api users with given identity code' do + ApiUser.all_by_identity_code('14212128025').size.should == 1 + ApiUser.all_by_identity_code(14212128025).size.should == 1 + end + + it 'should not return any api user with blank identity code' do + ApiUser.all_by_identity_code('').size.should == 0 + end + end + context 'with invalid attribute' do before :all do @api_user = ApiUser.new From 34f1d7d2542fc614737e8eb10f1c01dced0df815 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 01:21:16 +0300 Subject: [PATCH 09/14] Separated epp login and epp request abilities #2742 --- app/controllers/epp/sessions_controller.rb | 9 ++ .../registrar/sessions_controller.rb | 2 +- app/controllers/registrar_controller.rb | 2 +- app/models/ability.rb | 127 ++++++++++-------- app/models/api_user.rb | 4 - 5 files changed, 83 insertions(+), 61 deletions(-) diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index 975d3cab5..c4b66e411 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -56,6 +56,15 @@ class Epp::SessionsController < EppController success = false end + if success && @api_user.cannot?(:create, :epp_login) + epp_errors << { + msg: 'Authentication error; server closing connection (API user does not have epp role)', + code: '2501' + } + + success = false + end + if success && !ip_white? epp_errors << { msg: 'Authentication error; server closing connection (IP is not whitelisted)', diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index a2310a0d1..03d440514 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -71,7 +71,7 @@ class Registrar::SessionsController < Devise::SessionsController redirect_to :back and return end - if @api_user.can_make_api_calls? + if @api_user.can(:create, :epp_login) unless @api_user.registrar.api_ip_white?(request.ip) flash[:alert] = I18n.t(:ip_is_not_whitelisted) redirect_to :back and return diff --git a/app/controllers/registrar_controller.rb b/app/controllers/registrar_controller.rb index ba165da07..47d43a794 100644 --- a/app/controllers/registrar_controller.rb +++ b/app/controllers/registrar_controller.rb @@ -21,7 +21,7 @@ class RegistrarController < ApplicationController riw = current_user.registrar.registrar_ip_white?(request.ip) aiw = true - if current_user.can_make_api_calls? + if current_user.can?(:create, :epp_request) aiw = current_user.registrar.api_ip_white?(request.ip) end diff --git a/app/models/ability.rb b/app/models/ability.rb index 0fcd87d6b..a9efb046b 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -24,7 +24,77 @@ class Ability can :create, :registrant_domain_update_confirm end + # + # User roles + # + + def super # Registrar/api_user dynamic role + static_registrar + static_epp + billing + end + + def epp # Registrar/api_user dynamic role + static_registrar + static_epp + end + + def billing # Registrar/api_user dynamic role + can :view, :registrar_dashboard + can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id } + can :manage, :deposit + can :read, AccountActivity + static_epp_login # billing can establis epp connection in order to login + end + + def customer_service # Admin/admin_user dynamic role + user + can :manage, Domain + can :manage, Contact + can :manage, Registrar + end + + def admin # Admin/admin_user dynamic role + customer_service + can :manage, Setting + can :manage, BlockedDomain + can :manage, ReservedDomain + can :manage, ZonefileSetting + can :manage, DomainVersion + can :manage, Pricelist + can :manage, User + can :manage, ApiUser + can :manage, AdminUser + can :manage, Certificate + can :manage, Keyrelay + can :manage, LegalDocument + can :manage, BankStatement + can :manage, BankTransaction + can :manage, Invoice + can :manage, WhiteIp + can :read, ApiLog::EppLog + can :read, ApiLog::ReppLog + can :update, :pending + can :destroy, :pending + can :create, :zonefile + can :access, :settings_menu + end + + # + # Static roles, linked from dynamic roles + # + def static_epp_login + can(:create, :epp_login) + end + def static_epp + # REPP + can(:manage, :repp) + + # EPP + static_epp_login + can(:create, :epp_requests) + # Epp::Domain can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw } can(:check, Epp::Domain) @@ -45,8 +115,6 @@ class Ability can(:renew, Epp::Contact) can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } - # REPP - can(:manage, :repp) end def static_registrar @@ -73,62 +141,11 @@ class Ability can :show, :dashboard end - # Registrar/api_user dynamic role - def super - static_registrar - billing - epp - end - # Registrar/api_user dynamic role - def epp - static_registrar - static_epp - end - # Registrar/api_user dynamic role - def billing - can :view, :registrar_dashboard - can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id } - can :manage, :deposit - can :read, AccountActivity - end - - # Admin/admin_user dynamic role - def customer_service - user - can :manage, Domain - can :manage, Contact - can :manage, Registrar - end - - # Admin/admin_user dynamic role - def admin - customer_service - can :manage, Setting - can :manage, BlockedDomain - can :manage, ReservedDomain - can :manage, ZonefileSetting - can :manage, DomainVersion - can :manage, Pricelist - can :manage, User - can :manage, ApiUser - can :manage, AdminUser - can :manage, Certificate - can :manage, Keyrelay - can :manage, LegalDocument - can :manage, BankStatement - can :manage, BankTransaction - can :manage, Invoice - can :manage, WhiteIp - can :read, ApiLog::EppLog - can :read, ApiLog::ReppLog - can :update, :pending - can :destroy, :pending - can :create, :zonefile - can :access, :settings_menu - end # rubocop: enable Metrics/LineLength # rubocop: enable Metrics/CyclomaticComplexity # rubocop: enable Metrics/PerceivedComplexity + + end diff --git a/app/models/api_user.rb b/app/models/api_user.rb index 51c4da606..260441620 100644 --- a/app/models/api_user.rb +++ b/app/models/api_user.rb @@ -58,10 +58,6 @@ class ApiUser < User @registrar_typeahead || registrar || nil end - def can_make_api_calls? - ([SUPER, EPP] & roles).any? - end - def to_s username end From 2d1166cd080ffb3d108f7c58df16e1aa0121c03c Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 01:45:46 +0300 Subject: [PATCH 10/14] Domain mailer spec update --- spec/mailers/domain_mailer_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/mailers/domain_mailer_spec.rb b/spec/mailers/domain_mailer_spec.rb index bf06d4677..ec9fd4672 100644 --- a/spec/mailers/domain_mailer_spec.rb +++ b/spec/mailers/domain_mailer_spec.rb @@ -122,8 +122,8 @@ describe DomainMailer do @new_registrant = Fabricate(:registrant, email: 'new@example.org') @domain = Fabricate(:domain, registrant: @registrant) @domain.deliver_emails = true - @domain.pending_json[:new_registrant_email] = 'new@example.org' - @domain.pending_json[:new_registrant_name] = 'test name' + @domain.pending_json['new_registrant_email'] = 'new@example.org' + @domain.pending_json['new_registrant_name'] = 'test name' @mail = DomainMailer.pending_update_rejected_notification_for_new_registrant(@domain) end From 4abf00524186d4b6b4cc0504105c248bccab3553 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 11:10:11 +0300 Subject: [PATCH 11/14] Rubocop update --- app/models/ability.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index a9efb046b..7b805b952 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -114,7 +114,6 @@ class Ability can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } can(:renew, Epp::Contact) can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } - end def static_registrar @@ -141,11 +140,7 @@ class Ability can :show, :dashboard end - - # rubocop: enable Metrics/LineLength # rubocop: enable Metrics/CyclomaticComplexity # rubocop: enable Metrics/PerceivedComplexity - - end From 30454cc196b980ac8e6ab2a8827b31978f96b593 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 11:18:38 +0300 Subject: [PATCH 12/14] Updated specs --- app/controllers/registrar/sessions_controller.rb | 2 +- spec/features/registrar/domain_spec.rb | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index 03d440514..b28dfdcf0 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -71,7 +71,7 @@ class Registrar::SessionsController < Devise::SessionsController redirect_to :back and return end - if @api_user.can(:create, :epp_login) + if @api_user.can?(:create, :epp_login) unless @api_user.registrar.api_ip_white?(request.ip) flash[:alert] = I18n.t(:ip_is_not_whitelisted) redirect_to :back and return diff --git a/spec/features/registrar/domain_spec.rb b/spec/features/registrar/domain_spec.rb index 49c4c5497..f9eb76c76 100644 --- a/spec/features/registrar/domain_spec.rb +++ b/spec/features/registrar/domain_spec.rb @@ -54,7 +54,6 @@ feature 'Domains', type: :feature do page.should_not have_text(d1.name) page.should have_text(d2.name) - end it 'should search domains' do From 98673094679ddf84229190f6b59ad821d56c9bc2 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 11:39:56 +0300 Subject: [PATCH 13/14] Refacterd ability for epp+repp #2713 --- app/controllers/registrar_controller.rb | 8 +-- app/models/ability.rb | 65 +++++++++++-------------- 2 files changed, 33 insertions(+), 40 deletions(-) diff --git a/app/controllers/registrar_controller.rb b/app/controllers/registrar_controller.rb index 47d43a794..a665cee09 100644 --- a/app/controllers/registrar_controller.rb +++ b/app/controllers/registrar_controller.rb @@ -18,14 +18,14 @@ class RegistrarController < ApplicationController return end return if Rails.env.development? - riw = current_user.registrar.registrar_ip_white?(request.ip) + registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip) - aiw = true + api_ip_whitelisted = true if current_user.can?(:create, :epp_request) - aiw = current_user.registrar.api_ip_white?(request.ip) + api_ip_whitelisted = current_user.registrar.api_ip_white?(request.ip) end - return if riw && aiw + return if registrar_ip_whitelisted && api_ip_whitelisted flash[:alert] = t('ip_is_not_whitelisted') sign_out(current_user) redirect_to registrar_login_path and return diff --git a/app/models/ability.rb b/app/models/ability.rb index 7b805b952..2fb84807d 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -30,13 +30,39 @@ class Ability def super # Registrar/api_user dynamic role static_registrar - static_epp + epp billing end def epp # Registrar/api_user dynamic role static_registrar - static_epp + + # REPP + can(:manage, :repp) + + # EPP + can(:create, :epp_login) # billing can establis epp connection in order to login + can(:create, :epp_requests) + + # Epp::Domain + can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw } + can(:check, Epp::Domain) + can(:create, Epp::Domain) + can(:renew, Epp::Domain) { |d| d.registrar_id == @user.registrar_id } + can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } + can(:transfer, Epp::Domain) { |d, pw| d.auth_info == pw } + can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } + can(:delete, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } + + # Epp::Contact + can(:info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || pw.blank? ? true : c.auth_info == pw } + can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } + can(:check, Epp::Contact) + can(:create, Epp::Contact) + can(:update, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } + can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } + can(:renew, Epp::Contact) + can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } end def billing # Registrar/api_user dynamic role @@ -44,7 +70,7 @@ class Ability can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id } can :manage, :deposit can :read, AccountActivity - static_epp_login # billing can establis epp connection in order to login + can(:create, :epp_login) # billing can establis epp connection in order to login end def customer_service # Admin/admin_user dynamic role @@ -83,39 +109,6 @@ class Ability # # Static roles, linked from dynamic roles # - def static_epp_login - can(:create, :epp_login) - end - - def static_epp - # REPP - can(:manage, :repp) - - # EPP - static_epp_login - can(:create, :epp_requests) - - # Epp::Domain - can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw } - can(:check, Epp::Domain) - can(:create, Epp::Domain) - can(:renew, Epp::Domain) { |d| d.registrar_id == @user.registrar_id } - can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } - can(:transfer, Epp::Domain) { |d, pw| d.auth_info == pw } - can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } - can(:delete, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw } - - # Epp::Contact - can(:info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || pw.blank? ? true : c.auth_info == pw } - can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } - can(:check, Epp::Contact) - can(:create, Epp::Contact) - can(:update, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } - can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } - can(:renew, Epp::Contact) - can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } - end - def static_registrar can :manage, Nameserver can :view, :registrar_dashboard From 4764c4ce779347b2f00570de5d34ff0c850395c1 Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Wed, 19 Aug 2015 12:28:51 +0300 Subject: [PATCH 14/14] Ability typo fix --- app/models/ability.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index 2fb84807d..0c659026b 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -42,7 +42,7 @@ class Ability # EPP can(:create, :epp_login) # billing can establis epp connection in order to login - can(:create, :epp_requests) + can(:create, :epp_request) # Epp::Domain can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }