Add support for domain based ACLs

app/controllers/trace_controller.rb

@@ -163,7 +163,7 @@ class TraceController < ApplicationController
     trace = Trace.find(params[:id])
 
     if trace.visible? and (trace.public? or (@user and @user == trace.user))
-      if Acl.address(request.remote_ip).where(:k => "no_trace_download").exists?
+      if Acl.match(request.remote_ip).where(:k => "no_trace_download").exists?
         render :nothing => true, :status => :forbidden
       elsif request.format == Mime::XML
         send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment')

app/controllers/user_controller.rb

@@ -38,6 +38,8 @@ class UserController < ApplicationController
       else
         render :action => 'terms'
       end
+    elsif Acl.match(request.remote_ip, params[:user][:email].split("@").last).where(:k => "no_account_creation").exists?
+      render :action => 'blocked'
     else
       session[:referer] = params[:referer]
 
@@ -79,9 +81,7 @@ class UserController < ApplicationController
   def save
     @title = t 'user.new.title'
 
-    if Acl.address(request.remote_ip).where(:k => "no_account_creation").exists?
-      render :action => 'new'
-    elsif params[:decline]
+    if params[:decline]
       if @user
         @user.terms_seen = true
 
@@ -112,6 +112,8 @@ class UserController < ApplicationController
       else
         redirect_to :action => :account, :display_name => @user.display_name
       end
+    elsif Acl.match(request.remote_ip, params[:user][:email].split("@").last).where(:k => "no_account_creation").exists?
+      render :action => 'blocked'
     else
       @user = User.new(params[:user])
 
@@ -269,6 +271,8 @@ class UserController < ApplicationController
                        :openid_url => params[:openid])
 
       flash.now[:notice] = t 'user.new.openid association'
+    elsif Acl.match(request.remote_ip).where(:k => "no_account_creation").exists?
+      render :action => 'blocked'
     end
   end
 

app/models/acl.rb

@@ -1,3 +1,9 @@
 class Acl < ActiveRecord::Base
-  scope :address, lambda { |address| where("address >> ?", address) }
+  def self.match(address, domain = nil)
+    if domain
+      condition = Acl.where("address >> ? OR domain = ?", address, domain)
+    else
+      condition = Acl.where("address >> ?", address)
+    end
+  end
 end

app/views/user/blocked.html.erb

@@ -0,0 +1,5 @@
+<h1><%= t 'user.new.heading' %></h1>
+
+<p><%= t 'user.new.no_auto_account_create' %></p>
+
+<p><%= t 'user.new.contact_webmaster' %></p>

app/views/user/new.html.erb

@@ -1,13 +1,5 @@
 <h1><%= t 'user.new.heading' %></h1>
 
-<% if Acl.address(request.remote_ip).where(:k => "no_account_creation").exists? %>
-
-<p><%= t 'user.new.no_auto_account_create' %></p>
-
-<p><%= t 'user.new.contact_webmaster' %></p>
-
-<% else %>
-
 <p><%= t 'user.new.fill_form' %></p>
 
 <%= error_messages_for 'user' %>
@@ -102,5 +94,3 @@ enableOpenID();
 disableOpenID();
 <% end -%>
 </script>
-
-<% end %>

db/migrate/20120208194454_add_domain_to_acl.rb

@@ -0,0 +1,11 @@
+class AddDomainToAcl < ActiveRecord::Migration
+  def up
+    add_column :acls, :domain, :string
+    change_column :acls, :address, :inet, :null => true
+  end
+
+  def down
+    change_column :acls, :address, :inet, :null => false
+    remove_column :acls, :domain
+  end
+end