feat: add admin contact ident type validation

- Add new setting for allowed admin contact ident types - Add validation for admin contact ident types on domain create/update - Add UI controls for managing allowed ident types - Add tests for new validation rules - Update domain model to respect new settings The changes allow configuring which identification types (private person, organization, birthday) are allowed for administrative contacts. This is enforced when creating new domains or adding new admin contacts.
2025-07-30 06:26:15 +02:00 · 2025-02-03 13:59:03 +02:00 · 2025-02-03 13:59:03 +02:00 · f2978599b4
commit f2978599b4
parent b641235bbd
12 changed files with 346 additions and 11 deletions
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@ -36,6 +36,23 @@ class Epp::Domain < Domain
        ok = false
      end
    end
+
+    # Validate admin contacts ident type only for new domains or new admin contacts
+    allowed_types = Setting.admin_contacts_allowed_ident_type
+    if allowed_types.present?
+      active_admins.each do |admin_contact|
+        next if !new_record? && admin_contact.persisted? && !admin_contact.changed?
+        
+        contact = admin_contact.contact
+        unless allowed_types[contact.ident_type] == true
+          add_epp_error('2306', 'contact', contact.code, 
+            I18n.t('activerecord.errors.models.domain.admin_contact_invalid_ident_type',
+                   ident_type: contact.ident_type))
+          ok = false
+        end
+      end
+    end
+
    ok
  end

@ -95,7 +112,8 @@ class Epp::Domain < Domain
        [:base, :key_data_not_allowed],
        [:period, :not_a_number],
        [:period, :not_an_integer],
-        [:registrant, :cannot_be_missing]
+        [:registrant, :cannot_be_missing],
+        [:admin_contacts, :invalid_ident_type]
      ],
      '2308' => [
        [:base, :domain_name_blocked, { value: { obj: 'name', val: name_dirty } }],
@ -414,15 +432,15 @@ class Epp::Domain < Domain
  end

  def require_admin_contacts?
-    return true if registrant.org?
+    return true if registrant.org? && Setting.admin_contacts_required_for_org
    return false unless registrant.priv?
    
-    underage_registrant?
+    underage_registrant? && Setting.admin_contacts_required_for_minors
  end

  def tech_contacts_validation_rules(for_org:)
    {
-      min: 0, # Технический контакт опционален для всех
+      min: 0,
      max: -> { Setting.tech_contacts_max_count }
    }
  end