diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2017-02-20 18:16:23 +0300 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2017-02-20 18:16:23 +0300 |
| commit | fbbbf1e4e77768a40b835455f17749384f7c4984 (patch) | |
| tree | 641ea53edc2509be47280a03ec675c2dd97cc94f /lib/api | |
| parent | 173dbeb972d0da365ac77129d0e12727ae571e91 (diff) | |
| parent | 8f690604a523115370c011c767dbd76cb85c0f63 (diff) | |
Merge branch 'api-post-block' into 'master'
API: Use POST to (un)block a user
Closes #14596
See merge request !9371
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/users.rb | 4 | ||||
| -rw-r--r-- | lib/api/v3/users.rb | 32 |
2 files changed, 34 insertions, 2 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 05538f5a42f..fbc17953691 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -314,7 +314,7 @@ module API params do requires :id, type: Integer, desc: 'The ID of the user' end - put ':id/block' do + post ':id/block' do authenticated_as_admin! user = User.find_by(id: params[:id]) not_found!('User') unless user @@ -330,7 +330,7 @@ module API params do requires :id, type: Integer, desc: 'The ID of the user' end - put ':id/unblock' do + post ':id/unblock' do authenticated_as_admin! user = User.find_by(id: params[:id]) not_found!('User') unless user diff --git a/lib/api/v3/users.rb b/lib/api/v3/users.rb index ceb139d11b8..e05e457a5df 100644 --- a/lib/api/v3/users.rb +++ b/lib/api/v3/users.rb @@ -39,6 +39,38 @@ module API present user.emails, with: ::API::Entities::Email end + + desc 'Block a user. Available only for admins.' + params do + requires :id, type: Integer, desc: 'The ID of the user' + end + put ':id/block' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + not_found!('User') unless user + + if !user.ldap_blocked? + user.block + else + forbidden!('LDAP blocked users cannot be modified by the API') + end + end + + desc 'Unblock a user. Available only for admins.' + params do + requires :id, type: Integer, desc: 'The ID of the user' + end + put ':id/unblock' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + not_found!('User') unless user + + if user.ldap_blocked? + forbidden!('LDAP blocked users cannot be unblocked by the API') + else + user.activate + end + end end resource :user do |