Block access to API & git when terms are enforced

When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms.
author: Bob Van Landuyt <bob@vanlanduyt.co> 2018-05-08 15:07:55 +0200
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-05-10 17:02:27 +0200
commit: f7f13f9db0da92c7b43481dfe5559f317711e533 (patch)
tree: 59359aecb555f844de1a81a0aebbd70336fbb8c1 /lib/api/api_guard.rb
parent: f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff)
download: gitlab-ce-f7f13f9db0da92c7b43481dfe5559f317711e533.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index c2113551207..c17089759de 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -45,7 +45,9 @@ module API
         user = find_user_from_sources
         return unless user
 
-        forbidden!('User is blocked') unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api)
+        unless api_access_allowed?(user)
+          forbidden!(api_access_denied_message(user))
+        end
 
         user
       end
@@ -72,6 +74,14 @@ module API
             end
           end
       end
+
+      def api_access_allowed?(user)
+        Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api)
+      end
+
+      def api_access_denied_message(user)
+        Gitlab::Auth::UserAccessDeniedReason.new(user).rejection_message
+      end
     end
 
     module ClassMethods
author	Bob Van Landuyt <bob@vanlanduyt.co>	2018-05-08 15:07:55 +0200
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-05-10 17:02:27 +0200
commit	f7f13f9db0da92c7b43481dfe5559f317711e533 (patch)
tree	59359aecb555f844de1a81a0aebbd70336fbb8c1 /lib/api/api_guard.rb
parent	f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff)
download	gitlab-ce-f7f13f9db0da92c7b43481dfe5559f317711e533.tar.gz