diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-04 12:07:52 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-04 12:07:52 +0000 |
commit | c6c7437861bff9572747674095c4dfbdfbea4988 (patch) | |
tree | 237d1ed922193f19ae326923457344c082003788 /lib/api | |
parent | d80f3cd75e700b6e62910865bfd36734644ffa89 (diff) | |
download | gitlab-ce-c6c7437861bff9572747674095c4dfbdfbea4988.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/helpers/custom_validators.rb | 12 | ||||
-rw-r--r-- | lib/api/users.rb | 13 |
2 files changed, 22 insertions, 3 deletions
diff --git a/lib/api/helpers/custom_validators.rb b/lib/api/helpers/custom_validators.rb index dab4ca1d1f1..4c15c1d01cd 100644 --- a/lib/api/helpers/custom_validators.rb +++ b/lib/api/helpers/custom_validators.rb @@ -14,6 +14,17 @@ module API end end + class GitSha < Grape::Validations::Base + def validate_param!(attr_name, params) + sha = params[attr_name] + + return if Commit::EXACT_COMMIT_SHA_PATTERN.match?(sha) + + raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)], + message: "should be a valid sha" + end + end + class Absence < Grape::Validations::Base def validate_param!(attr_name, params) return if params.respond_to?(:key?) && !params.key?(attr_name) @@ -50,6 +61,7 @@ module API end Grape::Validations.register_validator(:file_path, ::API::Helpers::CustomValidators::FilePath) +Grape::Validations.register_validator(:git_sha, ::API::Helpers::CustomValidators::GitSha) Grape::Validations.register_validator(:absence, ::API::Helpers::CustomValidators::Absence) Grape::Validations.register_validator(:integer_none_any, ::API::Helpers::CustomValidators::IntegerNoneAny) Grape::Validations.register_validator(:array_none_any, ::API::Helpers::CustomValidators::ArrayNoneAny) diff --git a/lib/api/users.rb b/lib/api/users.rb index c6dc7c08b11..5b51f114fb4 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -528,11 +528,18 @@ module API user = User.find_by(id: params[:id]) not_found!('User') unless user - if !user.ldap_blocked? - user.block - else + if user.ldap_blocked? forbidden!('LDAP blocked users cannot be modified by the API') end + + break if user.blocked? + + result = ::Users::BlockService.new(current_user).execute(user) + if result[:status] == :success + true + else + render_api_error!(result[:message], result[:http_status]) + end end # rubocop: enable CodeReuse/ActiveRecord |