134 lines
3.1 KiB
Ruby
134 lines
3.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class RulesController < ApplicationController
|
|
# Follow proper before_action order:
|
|
# 1. Authentication/Authorization
|
|
allow_unauthenticated_access only: [:index, :show]
|
|
|
|
# 2. Resource loading
|
|
before_action :set_rule, only: [:show, :edit, :update, :disable, :enable]
|
|
before_action :set_project, only: [:index, :show]
|
|
|
|
# GET /rules
|
|
def index
|
|
@rules = policy_scope(Rule).includes(:user, :network_range).order(created_at: :desc)
|
|
@rule_types = Rule::RULE_TYPES
|
|
@actions = Rule::ACTIONS
|
|
end
|
|
|
|
# GET /rules/new
|
|
def new
|
|
authorize Rule
|
|
@rule = Rule.new
|
|
|
|
# Pre-fill from URL parameters
|
|
if params[:network_range_id].present?
|
|
network_range = NetworkRange.find_by(id: params[:network_range_id])
|
|
@rule.network_range = network_range if network_range
|
|
end
|
|
|
|
if params[:cidr].present?
|
|
@rule.rule_type = 'network'
|
|
end
|
|
|
|
@rule_types = Rule::RULE_TYPES
|
|
@actions = Rule::ACTIONS
|
|
end
|
|
|
|
# POST /rules
|
|
def create
|
|
authorize Rule
|
|
@rule = Rule.new(rule_params)
|
|
@rule.user = Current.user
|
|
@rule_types = Rule::RULE_TYPES
|
|
@actions = Rule::ACTIONS
|
|
|
|
# Handle network range creation if CIDR is provided
|
|
if params[:cidr].present? && @rule.network_rule?
|
|
network_range = NetworkRange.find_or_create_by(cidr: params[:cidr]) do |range|
|
|
range.user = Current.user
|
|
range.source = 'manual'
|
|
range.creation_reason = "Created for rule ##{@rule.id}"
|
|
end
|
|
@rule.network_range = network_range
|
|
end
|
|
|
|
if @rule.save
|
|
redirect_to @rule, notice: 'Rule was successfully created.'
|
|
else
|
|
render :new, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
# GET /rules/:id
|
|
def show
|
|
authorize @rule
|
|
end
|
|
|
|
# GET /rules/:id/edit
|
|
def edit
|
|
authorize @rule
|
|
@rule_types = Rule::RULE_TYPES
|
|
@actions = Rule::ACTIONS
|
|
end
|
|
|
|
# PATCH/PUT /rules/:id
|
|
def update
|
|
authorize @rule
|
|
if @rule.update(rule_params)
|
|
redirect_to @rule, notice: 'Rule was successfully updated.'
|
|
else
|
|
render :edit, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
# POST /rules/:id/disable
|
|
def disable
|
|
authorize @rule, :disable?
|
|
reason = params[:reason] || "Disabled manually"
|
|
@rule.disable!(reason: reason)
|
|
redirect_to @rule, notice: 'Rule was successfully disabled.'
|
|
end
|
|
|
|
# POST /rules/:id/enable
|
|
def enable
|
|
authorize @rule, :enable?
|
|
@rule.enable!
|
|
redirect_to @rule, notice: 'Rule was successfully enabled.'
|
|
end
|
|
|
|
private
|
|
|
|
def set_rule
|
|
@rule = Rule.find(params[:id])
|
|
end
|
|
|
|
def rule_params
|
|
permitted = [
|
|
:rule_type,
|
|
:action,
|
|
:metadata,
|
|
:expires_at,
|
|
:enabled,
|
|
:source,
|
|
:network_range_id
|
|
]
|
|
|
|
# Only include conditions for non-network rules
|
|
if params[:rule][:rule_type] != 'network'
|
|
permitted << :conditions
|
|
end
|
|
|
|
params.require(:rule).permit(permitted)
|
|
end
|
|
|
|
def set_project
|
|
# For now, use the first project or create a default one
|
|
@project = Project.first || Project.create!(
|
|
name: 'Default Project',
|
|
slug: 'default',
|
|
public_key: SecureRandom.hex(32)
|
|
)
|
|
end
|
|
|
|
end |