zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-28 21:46:24 +02:00
Code Issues Projects Releases Packages Wiki Activity

disclose attributes validator

Browse source
This commit is contained in:
olegphenomenon 2022-11-28 11:26:43 +02:00
parent 1b92bf0d64
commit ea2fc01a60
3 changed files with 42 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

12
app/controllers/api/v1/registrant/contacts_controller.rb
View file

@ -50,6 +50,13 @@ module Api
reparsed_request = reparsed_request(request.body.string) reparsed_request = reparsed_request(request.body.string)
disclosed_attributes = reparsed_request[:disclosed_attributes] disclosed_attributes = reparsed_request[:disclosed_attributes]
if disclosed_attributes.present?
extra_attrs = disclosed_attributes - Contact::DISCLOSE_ATTRIBUTES
attributes_not_exist_error(extra_attrs) and return if extra_attrs.present?
end
# render_disclosed_attributes_error and return if disclosed_attributes.present? && contact.org?
contact.disclosed_attributes = disclosed_attributes if disclosed_attributes contact.disclosed_attributes = disclosed_attributes if disclosed_attributes
publishable = reparsed_request[:registrant_publishable] publishable = reparsed_request[:registrant_publishable]
contact.registrant_publishable = publishable if publishable.in? [true, false] contact.registrant_publishable = publishable if publishable.in? [true, false]
@ -116,6 +123,11 @@ module Api
) )
end end
def attributes_not_exist_error(extra_attrs)
error_msg = "Request contains extra attributes: #{extra_attrs.join(', ')}"
render json: { errors: [{ disclosed_attributes: [error_msg] }] }, status: :bad_request
end
def render_address_error def render_address_error
error_msg = 'Address processing is disabled and therefore cannot be updated' error_msg = 'Address processing is disabled and therefore cannot be updated'
render json: { errors: [{ address: [error_msg] }] }, status: :bad_request render json: { errors: [{ address: [error_msg] }] }, status: :bad_request

9
app/models/contact.rb
View file

@ -147,6 +147,15 @@ class Contact < ApplicationRecord
# "clientDeleteProhibited" or "serverDeleteProhibited" status. # "clientDeleteProhibited" or "serverDeleteProhibited" status.
PENDING_DELETE = 'pendingDelete'.freeze PENDING_DELETE = 'pendingDelete'.freeze
DISCLOSE_ATTRIBUTES = %w[
name
email
phone
registrant_publishable
address
fax
].freeze
STATUSES = [ STATUSES = [
CLIENT_DELETE_PROHIBITED, SERVER_DELETE_PROHIBITED, CLIENT_DELETE_PROHIBITED, SERVER_DELETE_PROHIBITED,
CLIENT_TRANSFER_PROHIBITED, CLIENT_TRANSFER_PROHIBITED,

43
test/integration/api/v1/registrant/contacts/update_test.rb
View file

@ -9,7 +9,6 @@ class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest
@original_address_processing = Setting.address_processing @original_address_processing = Setting.address_processing
@original_fax_enabled_setting = ENV['fax_enabled'] @original_fax_enabled_setting = ENV['fax_enabled']
@user = users(:registrant) @user = users(:registrant)
end end
teardown do teardown do
@ -91,18 +90,18 @@ class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest
@contact.address @contact.address
end end
# def test_update_address_when_enabled_without_address_params def test_update_address_when_enabled_without_address_params
# Setting.address_processing = false Setting.address_processing = false
# patch api_v1_registrant_contact_path(@contact.uuid), params: { address: { } }, patch api_v1_registrant_contact_path(@contact.uuid), params: { address: { } },
# as: :json, as: :json,
# headers: { 'HTTP_AUTHORIZATION' => auth_token } headers: { 'HTTP_AUTHORIZATION' => auth_token }
# assert_response :bad_request assert_response :bad_request
# @contact.reload @contact.reload
# assert_equal Contact::Address.new(nil, nil, nil, nil, nil), assert_equal Contact::Address.new(nil, nil, nil, nil, nil),
# @contact.address @contact.address
# end end
def test_address_is_optional_when_enabled def test_address_is_optional_when_enabled
Setting.address_processing = true Setting.address_processing = true
@ -179,7 +178,7 @@ class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest
# def test_legal_persons_disclosed_attributes_cannot_be_changed # def test_legal_persons_disclosed_attributes_cannot_be_changed
# @contact = contacts(:acme_ltd) # @contact = contacts(:acme_ltd)
# # contacts(:acme_ltd).ident # contacts(:acme_ltd).ident
# assert_equal '1234567', @contact.ident # assert_equal '1234567', @contact.ident
# assert_equal Contact::ORG, @contact.ident_type # assert_equal Contact::ORG, @contact.ident_type
@ -254,20 +253,20 @@ class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest
symbolize_names: true) symbolize_names: true)
end end
# def test_org_disclosed_attributes def test_org_disclosed_attributes
# patch api_v1_registrant_contact_path(@contact_org.uuid), params: { disclosed_attributes: ["some_attr"] }, patch api_v1_registrant_contact_path(@contact_org.uuid), params: { disclosed_attributes: ["some_attr"] },
# as: :json, as: :json,
# headers: { 'HTTP_AUTHORIZATION' => auth_token } headers: { 'HTTP_AUTHORIZATION' => auth_token }
# assert_response :bad_request assert_response :bad_request
# err_msg = "Legal person's data is visible by default and cannot be concealed. Please remove this parameter." err_msg = "Request contains extra attributes: some_attr"
# response_json = JSON.parse(response.body, symbolize_names: true) response_json = JSON.parse(response.body, symbolize_names: true)
# response_msg = response_json[:errors][0][:disclosed_attributes][0] response_msg = response_json[:errors][0][:disclosed_attributes][0]
# assert_equal err_msg, response_msg assert_equal err_msg, response_msg
# end end
def test_unmanaged_contact_cannot_be_updated def test_unmanaged_contact_cannot_be_updated
assert_equal 'US-1234', @user.registrant_ident assert_equal 'US-1234', @user.registrant_ident