Migrate to Postgresql for better network handling. Add more user functionality.

2025-11-06 14:08:39 +11:00
parent 85252a1a07
commit fc567f0b91
69 changed files with 4266 additions and 952 deletions
--- a/app/controllers/rules_controller.rb
+++ b/app/controllers/rules_controller.rb
@@ -1,29 +1,58 @@
 # frozen_string_literal: true

 class RulesController < ApplicationController
+  # Follow proper before_action order:
+  # 1. Authentication/Authorization
+  allow_unauthenticated_access only: [:index, :show]
+
+  # 2. Resource loading
  before_action :set_rule, only: [:show, :edit, :update, :disable, :enable]
-  before_action :authorize_rule
+  before_action :set_project, only: [:index, :show]

  # GET /rules
  def index
-    @rules = Rule.includes(:project).order(created_at: :desc)
+    @rules = policy_scope(Rule).includes(:user, :network_range).order(created_at: :desc)
    @rule_types = Rule::RULE_TYPES
    @actions = Rule::ACTIONS
  end

  # GET /rules/new
  def new
+    authorize Rule
    @rule = Rule.new
+
+    # Pre-fill from URL parameters
+    if params[:network_range_id].present?
+      network_range = NetworkRange.find_by(id: params[:network_range_id])
+      @rule.network_range = network_range if network_range
+    end
+
+    if params[:cidr].present?
+      @rule.rule_type = 'network'
+    end
+
    @rule_types = Rule::RULE_TYPES
    @actions = Rule::ACTIONS
  end

  # POST /rules
  def create
+    authorize Rule
    @rule = Rule.new(rule_params)
+    @rule.user = Current.user
    @rule_types = Rule::RULE_TYPES
    @actions = Rule::ACTIONS

+    # Handle network range creation if CIDR is provided
+    if params[:cidr].present? && @rule.network_rule?
+      network_range = NetworkRange.find_or_create_by(cidr: params[:cidr]) do |range|
+        range.user = Current.user
+        range.source = 'manual'
+        range.creation_reason = "Created for rule ##{@rule.id}"
+      end
+      @rule.network_range = network_range
+    end
+
    if @rule.save
      redirect_to @rule, notice: 'Rule was successfully created.'
    else
@@ -33,16 +62,19 @@ class RulesController < ApplicationController

  # GET /rules/:id
  def show
+    authorize @rule
  end

  # GET /rules/:id/edit
  def edit
+    authorize @rule
    @rule_types = Rule::RULE_TYPES
    @actions = Rule::ACTIONS
  end

  # PATCH/PUT /rules/:id
  def update
+    authorize @rule
    if @rule.update(rule_params)
      redirect_to @rule, notice: 'Rule was successfully updated.'
    else
@@ -52,6 +84,7 @@ class RulesController < ApplicationController

  # POST /rules/:id/disable
  def disable
+    authorize @rule, :disable?
    reason = params[:reason] || "Disabled manually"
    @rule.disable!(reason: reason)
    redirect_to @rule, notice: 'Rule was successfully disabled.'
@@ -59,6 +92,7 @@ class RulesController < ApplicationController

  # POST /rules/:id/enable
  def enable
+    authorize @rule, :enable?
    @rule.enable!
    redirect_to @rule, notice: 'Rule was successfully enabled.'
  end
@@ -69,20 +103,32 @@ class RulesController < ApplicationController
    @rule = Rule.find(params[:id])
  end

-  def authorize_rule
-    # Add authorization logic here if needed
-    # For now, allow all authenticated users
+  def rule_params
+  permitted = [
+    :rule_type,
+    :action,
+    :metadata,
+    :expires_at,
+    :enabled,
+    :source,
+    :network_range_id
+  ]
+
+  # Only include conditions for non-network rules
+  if params[:rule][:rule_type] != 'network'
+    permitted << :conditions
  end

-  def rule_params
-    params.require(:rule).permit(
-      :rule_type,
-      :action,
-      :conditions,
-      :metadata,
-      :expires_at,
-      :enabled,
-      :source
+  params.require(:rule).permit(permitted)
+end
+
+  def set_project
+    # For now, use the first project or create a default one
+    @project = Project.first || Project.create!(
+      name: 'Default Project',
+      slug: 'default',
+      public_key: SecureRandom.hex(32)
    )
  end
-end
+
+  end