From: Tom Hughes Date: Wed, 8 Feb 2012 21:40:21 +0000 (+0000) Subject: Add support for domain based ACLs X-Git-Tag: live~6390 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/cd43529cc8d9b8c020117fd5d690a64f2f0464b9 Add support for domain based ACLs --- diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index f206bb99f..dbb8a6f2c 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -163,7 +163,7 @@ class TraceController < ApplicationController trace = Trace.find(params[:id]) if trace.visible? and (trace.public? or (@user and @user == trace.user)) - if Acl.address(request.remote_ip).where(:k => "no_trace_download").exists? + if Acl.match(request.remote_ip).where(:k => "no_trace_download").exists? render :nothing => true, :status => :forbidden elsif request.format == Mime::XML send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 8c63f8b75..77370c311 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -38,6 +38,8 @@ class UserController < ApplicationController else render :action => 'terms' end + elsif Acl.match(request.remote_ip, params[:user][:email].split("@").last).where(:k => "no_account_creation").exists? + render :action => 'blocked' else session[:referer] = params[:referer] @@ -79,9 +81,7 @@ class UserController < ApplicationController def save @title = t 'user.new.title' - if Acl.address(request.remote_ip).where(:k => "no_account_creation").exists? - render :action => 'new' - elsif params[:decline] + if params[:decline] if @user @user.terms_seen = true @@ -112,6 +112,8 @@ class UserController < ApplicationController else redirect_to :action => :account, :display_name => @user.display_name end + elsif Acl.match(request.remote_ip, params[:user][:email].split("@").last).where(:k => "no_account_creation").exists? + render :action => 'blocked' else @user = User.new(params[:user]) @@ -269,6 +271,8 @@ class UserController < ApplicationController :openid_url => params[:openid]) flash.now[:notice] = t 'user.new.openid association' + elsif Acl.match(request.remote_ip).where(:k => "no_account_creation").exists? + render :action => 'blocked' end end diff --git a/app/models/acl.rb b/app/models/acl.rb index 8eeb2310a..e19c6988b 100644 --- a/app/models/acl.rb +++ b/app/models/acl.rb @@ -1,3 +1,9 @@ class Acl < ActiveRecord::Base - scope :address, lambda { |address| where("address >> ?", address) } + def self.match(address, domain = nil) + if domain + condition = Acl.where("address >> ? OR domain = ?", address, domain) + else + condition = Acl.where("address >> ?", address) + end + end end diff --git a/app/views/user/blocked.html.erb b/app/views/user/blocked.html.erb new file mode 100644 index 000000000..8f1f9251c --- /dev/null +++ b/app/views/user/blocked.html.erb @@ -0,0 +1,5 @@ +

<%= t 'user.new.heading' %>

+ +

<%= t 'user.new.no_auto_account_create' %>

+ +

<%= t 'user.new.contact_webmaster' %>

diff --git a/app/views/user/new.html.erb b/app/views/user/new.html.erb index 2bf6f5281..e8400eb90 100644 --- a/app/views/user/new.html.erb +++ b/app/views/user/new.html.erb @@ -1,13 +1,5 @@

<%= t 'user.new.heading' %>

-<% if Acl.address(request.remote_ip).where(:k => "no_account_creation").exists? %> - -

<%= t 'user.new.no_auto_account_create' %>

- -

<%= t 'user.new.contact_webmaster' %>

- -<% else %> -

<%= t 'user.new.fill_form' %>

<%= error_messages_for 'user' %> @@ -102,5 +94,3 @@ enableOpenID(); disableOpenID(); <% end -%> - -<% end %> diff --git a/db/migrate/20120208194454_add_domain_to_acl.rb b/db/migrate/20120208194454_add_domain_to_acl.rb new file mode 100644 index 000000000..43dd82923 --- /dev/null +++ b/db/migrate/20120208194454_add_domain_to_acl.rb @@ -0,0 +1,11 @@ +class AddDomainToAcl < ActiveRecord::Migration + def up + add_column :acls, :domain, :string + change_column :acls, :address, :inet, :null => true + end + + def down + change_column :acls, :address, :inet, :null => false + remove_column :acls, :domain + end +end