diff options
author | Robert Schilling <rschilling@student.tugraz.at> | 2017-02-20 15:31:11 +0300 |
---|---|---|
committer | Robert Schilling <rschilling@student.tugraz.at> | 2017-02-20 17:18:40 +0300 |
commit | 8f690604a523115370c011c767dbd76cb85c0f63 (patch) | |
tree | ba5b9a2e5a3c135a33a396cb6f397671d3b937c6 /lib/api | |
parent | bc0b438d13f6bffd8e837f551a5415173f43f9f3 (diff) |
API: Use POST to (un)block a user
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/users.rb | 4 | ||||
-rw-r--r-- | lib/api/v3/users.rb | 32 |
2 files changed, 34 insertions, 2 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 05538f5a42f..fbc17953691 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -314,7 +314,7 @@ module API params do requires :id, type: Integer, desc: 'The ID of the user' end - put ':id/block' do + post ':id/block' do authenticated_as_admin! user = User.find_by(id: params[:id]) not_found!('User') unless user @@ -330,7 +330,7 @@ module API params do requires :id, type: Integer, desc: 'The ID of the user' end - put ':id/unblock' do + post ':id/unblock' do authenticated_as_admin! user = User.find_by(id: params[:id]) not_found!('User') unless user diff --git a/lib/api/v3/users.rb b/lib/api/v3/users.rb index ceb139d11b8..e05e457a5df 100644 --- a/lib/api/v3/users.rb +++ b/lib/api/v3/users.rb @@ -39,6 +39,38 @@ module API present user.emails, with: ::API::Entities::Email end + + desc 'Block a user. Available only for admins.' + params do + requires :id, type: Integer, desc: 'The ID of the user' + end + put ':id/block' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + not_found!('User') unless user + + if !user.ldap_blocked? + user.block + else + forbidden!('LDAP blocked users cannot be modified by the API') + end + end + + desc 'Unblock a user. Available only for admins.' + params do + requires :id, type: Integer, desc: 'The ID of the user' + end + put ':id/unblock' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + not_found!('User') unless user + + if user.ldap_blocked? + forbidden!('LDAP blocked users cannot be unblocked by the API') + else + user.activate + end + end end resource :user do |