API: Use POST to (un)block a user

author: Robert Schilling <rschilling@student.tugraz.at> 2017-02-20 15:31:11 +0300
committer: Robert Schilling <rschilling@student.tugraz.at> 2017-02-20 17:18:40 +0300
commit: 8f690604a523115370c011c767dbd76cb85c0f63 (patch)
tree: ba5b9a2e5a3c135a33a396cb6f397671d3b937c6 /lib/api
parent: bc0b438d13f6bffd8e837f551a5415173f43f9f3 (diff)
2 files changed, 34 insertions, 2 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 05538f5a42f..fbc17953691 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -314,7 +314,7 @@ module API
       params do
         requires :id, type: Integer, desc: 'The ID of the user'
       end
-      put ':id/block' do
+      post ':id/block' do
         authenticated_as_admin!
         user = User.find_by(id: params[:id])
         not_found!('User') unless user
@@ -330,7 +330,7 @@ module API
       params do
         requires :id, type: Integer, desc: 'The ID of the user'
       end
-      put ':id/unblock' do
+      post ':id/unblock' do
         authenticated_as_admin!
         user = User.find_by(id: params[:id])
         not_found!('User') unless user
diff --git a/lib/api/v3/users.rb b/lib/api/v3/users.rb
index ceb139d11b8..e05e457a5df 100644
--- a/lib/api/v3/users.rb
+++ b/lib/api/v3/users.rb
@@ -39,6 +39,38 @@ module API
 
           present user.emails, with: ::API::Entities::Email
         end
+
+        desc 'Block a user. Available only for admins.'
+        params do
+          requires :id, type: Integer, desc: 'The ID of the user'
+        end
+        put ':id/block' do
+          authenticated_as_admin!
+          user = User.find_by(id: params[:id])
+          not_found!('User') unless user
+
+          if !user.ldap_blocked?
+            user.block
+          else
+            forbidden!('LDAP blocked users cannot be modified by the API')
+          end
+        end
+
+        desc 'Unblock a user. Available only for admins.'
+        params do
+          requires :id, type: Integer, desc: 'The ID of the user'
+        end
+        put ':id/unblock' do
+          authenticated_as_admin!
+          user = User.find_by(id: params[:id])
+          not_found!('User') unless user
+
+          if user.ldap_blocked?
+            forbidden!('LDAP blocked users cannot be unblocked by the API')
+          else
+            user.activate
+          end
+        end
       end
 
       resource :user do
author	Robert Schilling <rschilling@student.tugraz.at>	2017-02-20 15:31:11 +0300
committer	Robert Schilling <rschilling@student.tugraz.at>	2017-02-20 17:18:40 +0300
commit	8f690604a523115370c011c767dbd76cb85c0f63 (patch)
tree	ba5b9a2e5a3c135a33a396cb6f397671d3b937c6 /lib/api
parent	bc0b438d13f6bffd8e837f551a5415173f43f9f3 (diff)