FEATURE: restrict admin access based on IP address

2025-09-06 09:10:25 +08:00 · 2014-09-04 18:50:27 -04:00 · 2014-09-04 18:50:27 -04:00 · ca5f361d0a
commit ca5f361d0a
parent 1040a88389
12 changed files with 118 additions and 10 deletions
--- a/spec/models/screened_ip_address_spec.rb
+++ b/spec/models/screened_ip_address_spec.rb
@ -235,4 +235,51 @@ describe ScreenedIpAddress do
      end
    end
  end
+
+  describe '#block_login?' do
+    context 'no allow_admin records exist' do
+      it "returns false when user is nil" do
+        described_class.block_login?(nil, '123.12.12.12').should == false
+      end
+
+      it "returns false for non-admin user" do
+        described_class.block_login?(Fabricate.build(:user), '123.12.12.12').should == false
+      end
+
+      it "returns false for admin user" do
+        described_class.block_login?(Fabricate.build(:admin), '123.12.12.12').should == false
+      end
+
+      it "returns false for admin user and ip_address arg is nil" do
+        described_class.block_login?(Fabricate.build(:admin), nil).should == false
+      end
+    end
+
+    context 'allow_admin record exists' do
+      before do
+        @permitted_ip_address = '111.234.23.11'
+        Fabricate(:screened_ip_address, ip_address: @permitted_ip_address, action_type: described_class.actions[:allow_admin])
+      end
+
+      it "returns false when user is nil" do
+        described_class.block_login?(nil, @permitted_ip_address).should == false
+      end
+
+      it "returns false for an admin user at the allowed ip address" do
+        described_class.block_login?(Fabricate.build(:admin), @permitted_ip_address).should == false
+      end
+
+      it "returns true for an admin user at another ip address" do
+        described_class.block_login?(Fabricate.build(:admin), '123.12.12.12').should == true
+      end
+
+      it "returns false for regular user at allowed ip address" do
+        described_class.block_login?(Fabricate.build(:user), @permitted_ip_address).should == false
+      end
+
+      it "returns false for regular user at another ip address" do
+        described_class.block_login?(Fabricate.build(:user), '123.12.12.12').should == false
+      end
+    end
+  end
 end