Add ip whitelist support for organizations

Author: nygrenh

app/controllers/api/v8/organizations_controller.rb

@@ -46,7 +46,10 @@ class OrganizationsController < Api::V8::BaseController
       end
 
       def index
-        orgs = Organization.visible_organizations.map { |o| { name: o.name, information: o.information, slug: o.slug, logo_path: o.logo.url, pinned: o.pinned } }
+        orgs = Organization
+          .visible_organizations
+          .select { |org| org.visibility_allowed?(request) }
+          .map { |o| { name: o.name, information: o.information, slug: o.slug, logo_path: o.logo.url, pinned: o.pinned } }
         authorize! :read, orgs
         present(orgs)
       end

app/controllers/courses_controller.rb

@@ -205,6 +205,7 @@ def assign_show_view_vars
 
   def set_organization
     @organization = Organization.find_by!(slug: params[:organization_id])
+    unauthorized! unless @organization.visibility_allowed?(request)
   end
 
   def set_course

app/controllers/organizations_controller.rb

@@ -10,16 +10,17 @@ def index
     @organizations = Organization
       .accepted_organizations
       .order(ordering)
-      .reject { |org| org.hidden? && !can?(:view_hidden_organizations, nil)}
-    @my_organizations = Organization.taught_organizations(current_user)
-    @my_organizations |= Organization.assisted_organizations(current_user)
-    @my_organizations |= Organization.participated_organizations(current_user)
+      .reject { |org| org.hidden? && !can?(:view_hidden_organizations, nil) || !org.visibility_allowed?(request) }
+    @my_organizations = Organization.taught_organizations(current_user).select { |org| org.visibility_allowed?(request) }
+    @my_organizations |= Organization.assisted_organizations(current_user).select { |org| org.visibility_allowed?(request) }
+    @my_organizations |= Organization.participated_organizations(current_user).select { |org| org.visibility_allowed?(request) }
     @my_organizations.natsort_by!(&:name)
     @courses_under_initial_refresh = Course.where(initial_refresh_ready: false)
     @pinned_organizations = Organization
     .accepted_organizations
     .where(pinned: true)
     .order(ordering)
+    .select { |org| org.visibility_allowed?(request) }
     .reject { |org| org.hidden? && !can?(:view_hidden_organizations, nil)}
     render layout: 'landing'
   end
@@ -99,6 +100,7 @@ def percent_completed_hash(courses, user)
 
   def set_organization
     @organization = Organization.find_by(slug: params[:id])
+    unauthorized! unless @organization.visibility_allowed?(request)
     raise ActiveRecord::RecordNotFound, 'Invalid organization id' if @organization.nil?
   end
 

app/models/organization.rb

@@ -71,6 +71,11 @@ def find_by_slug(slug)
     Organization.where(slug: slug)
   end
 
+  def visibility_allowed?(request)
+    return true unless whitelisted_ips
+    whitelisted_ips.include?(request.remote_ip)
+  end
+
   def valid_slug? # slug must not be an existing route (/org/new etc)
     errors.add(:slug, 'is a system reserved word') if %w(new list_requests).include? slug
   end

db/migrate/20180508095009_add_whitelisted_ips_to_organization.rb

@@ -0,0 +1,5 @@
+class AddWhitelistedIpsToOrganization < ActiveRecord::Migration
+  def change
+    add_column :organizations, :whitelisted_ips, :string, array: true
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180425091037) do
+ActiveRecord::Schema.define(version: 20180508095009) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -238,6 +238,7 @@
     t.string   "email"
     t.text     "website"
     t.boolean  "pinned",              default: false, null: false
+    t.string   "whitelisted_ips",                                  array: true
   end
 
   create_table "points_upload_queues", force: :cascade do |t|