Add support for domain based ACLs

diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb
index f206bb99f498ea5f1fc1598651d17364a9971f92..dbb8a6f2cb8ef4144e4e8d2eb47863fcb2b0d743 100644 (file)
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@@ -163,7 +163,7 @@ class TraceController < ApplicationController
     trace = Trace.find(params[:id])
 
     if trace.visible? and (trace.public? or (@user and @user == trace.user))
     trace = Trace.find(params[:id])
 
     if trace.visible? and (trace.public? or (@user and @user == trace.user))

-      if Acl.address(request.remote_ip).where(:k => "no_trace_download").exists?
+      if Acl.match(request.remote_ip).where(:k => "no_trace_download").exists?

         render :nothing => true, :status => :forbidden
       elsif request.format == Mime::XML
         send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment')
         render :nothing => true, :status => :forbidden
       elsif request.format == Mime::XML
         send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment')

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 8c63f8b757845b517e82321e794aaed209e37538..77370c311317b03e73e96c5e6c1f8f6bbbd7203f 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -38,6 +38,8 @@ class UserController < ApplicationController
       else
         render :action => 'terms'
       end
       else
         render :action => 'terms'
       end

+    elsif Acl.match(request.remote_ip, params[:user][:email].split("@").last).where(:k => "no_account_creation").exists?
+      render :action => 'blocked'

     else
       session[:referer] = params[:referer]
 
     else
       session[:referer] = params[:referer]
 


@@ -79,9 +81,7 @@ class UserController < ApplicationController
   def save
     @title = t 'user.new.title'
 
   def save
     @title = t 'user.new.title'
 

-    if Acl.address(request.remote_ip).where(:k => "no_account_creation").exists?
-      render :action => 'new'
-    elsif params[:decline]
+    if params[:decline]

       if @user
         @user.terms_seen = true
 
       if @user
         @user.terms_seen = true
 


@@ -112,6 +112,8 @@ class UserController < ApplicationController
       else
         redirect_to :action => :account, :display_name => @user.display_name
       end
       else
         redirect_to :action => :account, :display_name => @user.display_name
       end

+    elsif Acl.match(request.remote_ip, params[:user][:email].split("@").last).where(:k => "no_account_creation").exists?
+      render :action => 'blocked'

     else
       @user = User.new(params[:user])
 
     else
       @user = User.new(params[:user])
 


@@ -269,6 +271,8 @@ class UserController < ApplicationController
                        :openid_url => params[:openid])
 
       flash.now[:notice] = t 'user.new.openid association'
                        :openid_url => params[:openid])
 
       flash.now[:notice] = t 'user.new.openid association'

+    elsif Acl.match(request.remote_ip).where(:k => "no_account_creation").exists?
+      render :action => 'blocked'

     end
   end
 
     end
   end
 

diff --git a/app/models/acl.rb b/app/models/acl.rb
index 8eeb2310a77674545fa68c2c1d5d8f7deb75e7e0..e19c6988b4100e59f61e5a5c5a503c9e4c97b4f0 100644 (file)
--- a/app/models/acl.rb
+++ b/app/models/acl.rb
@@ -1,3 +1,9 @@
 class Acl < ActiveRecord::Base
 class Acl < ActiveRecord::Base

-  scope :address, lambda { |address| where("address >> ?", address) }
+  def self.match(address, domain = nil)
+    if domain
+      condition = Acl.where("address >> ? OR domain = ?", address, domain)
+    else
+      condition = Acl.where("address >> ?", address)
+    end
+  end

 end
 end

diff --git a/app/views/user/blocked.html.erb b/app/views/user/blocked.html.erb
new file mode 100644 (file)
index 0000000..8f1f925
--- /dev/null
+++ b/app/views/user/blocked.html.erb
@@ -0,0 +1,5 @@
+<h1><%= t 'user.new.heading' %></h1>
+
+<p><%= t 'user.new.no_auto_account_create' %></p>
+
+<p><%= t 'user.new.contact_webmaster' %></p>

diff --git a/app/views/user/new.html.erb b/app/views/user/new.html.erb
index 2bf6f528114601e04efc89df4a9e475221c4856b..e8400eb9019a687c629a5c8eac5d5eb82e8e6fdb 100644 (file)
--- a/app/views/user/new.html.erb
+++ b/app/views/user/new.html.erb
@@ -1,13 +1,5 @@
 <h1><%= t 'user.new.heading' %></h1>
 
 <h1><%= t 'user.new.heading' %></h1>
 

-<% if Acl.address(request.remote_ip).where(:k => "no_account_creation").exists? %>
-
-<p><%= t 'user.new.no_auto_account_create' %></p>
-
-<p><%= t 'user.new.contact_webmaster' %></p>
-
-<% else %>
-

 <p><%= t 'user.new.fill_form' %></p>
 
 <%= error_messages_for 'user' %>
 <p><%= t 'user.new.fill_form' %></p>
 
 <%= error_messages_for 'user' %>


@@ -102,5 +94,3 @@ enableOpenID();
 disableOpenID();
 <% end -%>
 </script>
 disableOpenID();
 <% end -%>
 </script>

-
-<% end %>

diff --git a/db/migrate/20120208194454_add_domain_to_acl.rb b/db/migrate/20120208194454_add_domain_to_acl.rb
new file mode 100644 (file)
index 0000000..43dd829
--- /dev/null
+++ b/db/migrate/20120208194454_add_domain_to_acl.rb
@@ -0,0 +1,11 @@
+class AddDomainToAcl < ActiveRecord::Migration
+  def up
+    add_column :acls, :domain, :string
+    change_column :acls, :address, :inet, :null => true
+  end
+
+  def down
+    change_column :acls, :address, :inet, :null => false
+    remove_column :acls, :domain
+  end
+end