Implement status policy

teadur · Mar 30, 2015 · bb93f8b · bb93f8b
1 parent 09c73d6
commit bb93f8b
Show file tree

Hide file tree

Showing 7 changed files with 109 additions and 38 deletions.
diff --git a/app/controllers/epp/contacts_controller.rb b/app/controllers/epp/contacts_controller.rb
@@ -20,7 +20,7 @@ def create
     @contact = Epp::Contact.new(params[:parsed_frame], current_user.registrar)
 
     if @contact.save
-      render_epp_response '/epp/contacts/create' 
+      render_epp_response '/epp/contacts/create'
     else
       handle_errors(@contact)
     end
@@ -63,10 +63,10 @@ def find_contact
     @contact = Epp::Contact.find_by(code: code)
 
     if @contact.blank?
-      epp_errors << { 
+      epp_errors << {
         code: '2303',
         msg: t('errors.messages.epp_obj_does_not_exist'),
-        value: { obj: 'id', val: code } 
+        value: { obj: 'id', val: code }
       }
       fail CanCan::AccessDenied
     end
@@ -94,27 +94,29 @@ def validate_create
     )
     ident = params[:parsed_frame].css('ident')
     if ident.present? && ident.text != 'birthday' && ident.attr('cc').blank?
-      epp_errors << { 
-        code: '2003', 
-        msg: I18n.t('errors.messages.required_attribute_missing', key: 'ident country code missing') 
+      epp_errors << {
+        code: '2003',
+        msg: I18n.t('errors.messages.required_attribute_missing', key: 'ident country code missing')
       }
     end
-    contact_org_disabled 
+    contact_org_disabled
     fax_disabled
+    status_editing_disabled
     @prefix = nil
     requires 'extension > extdata > ident'
   end
 
   def validate_update
     @prefix = 'update > update >'
     if element_count('chg') == 0 && element_count('rem') == 0 && element_count('add') == 0
-      epp_errors << { 
-        code: '2003', 
-        msg: I18n.t('errors.messages.required_parameter_missing', key: 'add, rem or chg') 
+      epp_errors << {
+        code: '2003',
+        msg: I18n.t('errors.messages.required_parameter_missing', key: 'add, rem or chg')
       }
     end
     contact_org_disabled
     fax_disabled
+    status_editing_disabled
     requires 'id', 'authInfo > pw'
     @prefix = nil
   end
@@ -142,4 +144,13 @@ def fax_disabled
       msg: "#{I18n.t(:contact_fax_error)}: fax [fax]"
     }
   end
+
+  def status_editing_disabled
+    return true if Setting.client_status_editing_enabled
+    return true if params[:parsed_frame].css('status').empty?
+    epp_errors << {
+      code: '2306',
+      msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]"
+    }
+  end
 end
diff --git a/app/controllers/epp/domains_controller.rb b/app/controllers/epp/domains_controller.rb
@@ -116,6 +116,8 @@ def validate_create
 
     @prefix = nil
     requires 'extension > extdata > legalDocument'
+
+    status_editing_disabled
   end
 
   def validate_renew
@@ -130,6 +132,8 @@ def validate_update
 
     @prefix = 'update > update >'
     requires 'name'
+
+    status_editing_disabled
   end
 
   ## TRANSFER
@@ -170,4 +174,13 @@ def find_domain
   def find_password
     @password = params[:parsed_frame].css('authInfo pw').text
   end
+
+  def status_editing_disabled
+    return true if Setting.client_status_editing_enabled
+    return true if params[:parsed_frame].css('status').empty?
+    epp_errors << {
+      code: '2306',
+      msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]"
+    }
+  end
 end
diff --git a/config/initializers/initial_settings.rb b/config/initializers/initial_settings.rb
@@ -29,6 +29,8 @@
   Setting.save_default(:ns_max_count, 11)
 
   Setting.save_default(:transfer_wait_time, 0)
+
+  Setting.save_default(:client_side_status_editing_enabled, false)
 end
 
 # dev only setting

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -506,3 +506,4 @@ en:
   sending_error: 'Could not send sms to user'
   sim_error: 'SIM application error'
   internal_error: 'Internal error'
+  client_side_status_editing_error: 'Parameter value policy error. Client-side object status management not supported'
diff --git a/spec/epp/contact_spec.rb b/spec/epp/contact_spec.rb
@@ -7,7 +7,7 @@
     @registrar1 = Fabricate(:registrar1)
     @registrar2 = Fabricate(:registrar2)
     @epp_xml    = EppXml::Contact.new(cl_trid: 'ABC-12345')
-    
+
     Fabricate(:api_user, username: 'registrar1', registrar: @registrar1)
     Fabricate(:api_user, username: 'registrar2', registrar: @registrar2)
 
@@ -50,17 +50,17 @@ def create_request(overwrites = {}, extension = {})
 
       it 'fails if request xml is missing' do
         response = epp_plain_request(@epp_xml.create, :xml)
-        response[:results][0][:msg].should == 
+        response[:results][0][:msg].should ==
           'Required parameter missing: create > create > postalInfo > name [name]'
-        response[:results][1][:msg].should == 
+        response[:results][1][:msg].should ==
           'Required parameter missing: create > create > postalInfo > addr > city [city]'
-        response[:results][2][:msg].should == 
+        response[:results][2][:msg].should ==
           'Required parameter missing: create > create > postalInfo > addr > cc [cc]'
-        response[:results][3][:msg].should == 
+        response[:results][3][:msg].should ==
           'Required parameter missing: create > create > voice [voice]'
-        response[:results][4][:msg].should == 
+        response[:results][4][:msg].should ==
           'Required parameter missing: create > create > email [email]'
-        response[:results][5][:msg].should == 
+        response[:results][5][:msg].should ==
           'Required parameter missing: extension > extdata > ident [ident]'
 
         response[:results][0][:result_code].should == '2003'
@@ -101,9 +101,9 @@ def create_request(overwrites = {}, extension = {})
             value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==',
             attrs: { type: 'pdf' }
           },
-          ident: { 
+          ident: {
             value: '1990-22-12',
-            attrs: { type: 'birthday', cc: 'US' } 
+            attrs: { type: 'birthday', cc: 'US' }
           }
         }
         response = create_request({}, extension)
@@ -165,7 +165,7 @@ def create_request(overwrites = {}, extension = {})
 
       it 'should return parameter value policy error for org' do
         response = create_request({ postalInfo: { org: { value: 'should not save' } } })
-        response[:msg].should == 
+        response[:msg].should ==
           'Parameter value policy error. Org should be blank: postalInfo > org [org]'
         response[:result_code].should == '2306'
 
@@ -174,7 +174,7 @@ def create_request(overwrites = {}, extension = {})
 
       it 'should return parameter value policy error for fax' do
         response = create_request({ fax: { value: 'should not save' } })
-        response[:msg].should == 
+        response[:msg].should ==
           'Parameter value policy error. Fax should be blank: fax [fax]'
         response[:result_code].should == '2306'
 
@@ -220,13 +220,13 @@ def update_request(overwrites = {}, extension = {})
       it 'fails if request is invalid' do
         response = epp_plain_request(@epp_xml.update, :xml)
 
-        response[:results][0][:msg].should == 
+        response[:results][0][:msg].should ==
           'Required parameter missing: add, rem or chg'
         response[:results][0][:result_code].should == '2003'
-        response[:results][1][:msg].should == 
+        response[:results][1][:msg].should ==
           'Required parameter missing: update > update > id [id]'
         response[:results][1][:result_code].should == '2003'
-        response[:results][2][:msg].should == 
+        response[:results][2][:msg].should ==
           'Required parameter missing: update > update > authInfo > pw [pw]'
         response[:results][2][:result_code].should == '2003'
         response[:results].count.should == 3
@@ -291,9 +291,9 @@ def update_request(overwrites = {}, extension = {})
             value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==',
             attrs: { type: 'pdf' }
           },
-          ident: { 
+          ident: {
             value: '1990-22-12',
-            attrs: { type: 'birthday', cc: 'US' } 
+            attrs: { type: 'birthday', cc: 'US' }
           }
         }
         response = update_request({ id: { value: 'sh8013' } }, extension)
@@ -304,32 +304,53 @@ def update_request(overwrites = {}, extension = {})
       end
 
       it 'should return parameter value policy errror for org update' do
-        response = update_request({ 
-          id: { value: 'sh8013' }, 
+        response = update_request({
+          id: { value: 'sh8013' },
           chg: {
-            postalInfo: { org: { value: 'should not save' } } 
+            postalInfo: { org: { value: 'should not save' } }
           }
         })
-        response[:msg].should == 
+        response[:msg].should ==
           'Parameter value policy error. Org should be blank: postalInfo > org [org]'
         response[:result_code].should == '2306'
 
         Contact.find_by(code: 'sh8013').org_name.should == nil
       end
 
       it 'should return parameter value policy errror for fax update' do
-        response = update_request({ 
-          id: { value: 'sh8013' }, 
+        response = update_request({
+          id: { value: 'sh8013' },
           chg: {
-            fax: { value: 'should not save' } 
+            fax: { value: 'should not save' }
           }
         })
-        response[:msg].should == 
+        response[:msg].should ==
           'Parameter value policy error. Fax should be blank: fax [fax]'
         response[:result_code].should == '2306'
 
         Contact.find_by(code: 'sh8013').fax.should == nil
       end
+
+      it 'does not allow to edit statuses if policy forbids it' do
+        Setting.client_status_editing_enabled = false
+
+        xml = @epp_xml.update({
+          id: { value: 'sh8013' },
+          add: [{
+            _anonymus: [
+              { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
+              { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
+            ]
+          }]
+        })
+
+        response = epp_plain_request(xml, :xml)
+        response[:results][0][:result_code].should == '2306'
+        response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\
+                                              "management not supported: status [status]"
+
+        Setting.client_status_editing_enabled = true
+      end
     end
 
     context 'delete command' do
@@ -349,10 +370,10 @@ def delete_request(overwrites = {})
       it 'fails if request is invalid' do
         response = epp_plain_request(@epp_xml.delete, :xml)
 
-        response[:results][0][:msg].should == 
+        response[:results][0][:msg].should ==
           'Required parameter missing: delete > delete > id [id]'
         response[:results][0][:result_code].should == '2003'
-        response[:results][1][:msg].should == 
+        response[:results][1][:msg].should ==
           'Required parameter missing: delete > delete > authInfo > pw [pw]'
         response[:results][1][:result_code].should == '2003'
         response[:results].count.should == 2
@@ -378,7 +399,7 @@ def delete_request(overwrites = {})
         @domain = Fabricate(:domain, registrar: @registrar1, owner_contact: @contact)
         @domain.owner_contact.address.present?.should == true
 
-        response = delete_request 
+        response = delete_request
         response[:msg].should == 'Object association prohibits operation [domains]'
         response[:result_code].should == '2305'
         response[:results].count.should == 1
@@ -443,7 +464,7 @@ def info_request(overwrites = {})
 
       it 'fails if request invalid' do
         response = epp_plain_request(@epp_xml.info, :xml)
-        response[:results][0][:msg].should == 
+        response[:results][0][:msg].should ==
           'Required parameter missing: info > info > id [id]'
         response[:results][0][:result_code].should == '2003'
         response[:results].count.should == 1

diff --git a/spec/epp/domain_spec.rb b/spec/epp/domain_spec.rb
@@ -1460,6 +1460,27 @@
       d.domain_statuses.count.should == 2
     end
 
+    it 'does not allow to edit statuses if policy forbids it' do
+      Setting.client_status_editing_enabled = false
+
+      xml = domain_update_xml({
+        name: { value: domain.name },
+        add: [{
+          _anonymus: [
+            { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
+            { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
+          ]
+        }]
+      })
+
+      response = epp_plain_request(xml, :xml)
+      response[:results][0][:result_code].should == '2306'
+      response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\
+                                            "management not supported: status [status]"
+
+      Setting.client_status_editing_enabled = true
+    end
+
     it 'updates a domain and removes objects' do
       xml = domain_update_xml({
         name: { value: domain.name },

diff --git a/spec/support/general.rb b/spec/support/general.rb
@@ -16,6 +16,8 @@ def create_settings
     Setting.admin_contacts_max_count = 10
     Setting.tech_contacts_min_count = 0
     Setting.tech_contacts_max_count = 10
+
+    Setting.client_side_status_editing_enabled = true
   end
 
   def create_disclosure_settings