diff options
| author | Gabriel Mazetto <gabriel@gitlab.com> | 2015-12-30 16:52:02 -0200 |
|---|---|---|
| committer | Gabriel Mazetto <gabriel@gitlab.com> | 2016-01-08 16:26:04 -0200 |
| commit | 6e7db8e23e169bcbf0847ece27b9e44e00ae572b (patch) | |
| tree | 8b02d35437afb2f7a9d14f82edc9f8573062b273 /lib/api/users.rb | |
| parent | ba9855d4877998e3574907cc542fcab15a9d1353 (diff) | |
| download | gitlab-ce-6e7db8e23e169bcbf0847ece27b9e44e00ae572b.tar.gz | |
Prevent ldap_blocked users from being blocked/unblocked by the API
Diffstat (limited to 'lib/api/users.rb')
| -rw-r--r-- | lib/api/users.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 0d7813428e2..01fd90139b0 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -284,10 +284,12 @@ module API authenticated_as_admin! user = User.find_by(id: params[:id]) - if user + if !user + not_found!('User') + elsif !user.ldap_blocked? user.block else - not_found!('User') + forbidden!('LDAP blocked users cannot be modified by the API') end end @@ -299,10 +301,12 @@ module API authenticated_as_admin! user = User.find_by(id: params[:id]) - if user + if !user + not_found!('User') + elsif !user.ldap_blocked? user.activate else - not_found!('User') + forbidden!('LDAP blocked users cannot be unblocked by the API') end end end |