diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | doc/api/users.md | 28 | ||||
| -rw-r--r-- | lib/api/users.rb | 30 | ||||
| -rw-r--r-- | spec/requests/api/users_spec.rb | 51 | 
4 files changed, 110 insertions, 0 deletions
| diff --git a/CHANGELOG b/CHANGELOG index 65be4bdf16c..4874f88f12f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -35,6 +35,7 @@ v 7.13.0 (unreleased)    - Faster automerge check and merge itself when source and target branches are in same repository     - Correctly show anonymous authorized applications under Profile > Applications.    - Query Optimization in MySQL. +  - Allow users to be blocked and unblocked via the API  v 7.12.1    - Fix error when deleting a user who has projects (Stan Hu) diff --git a/doc/api/users.md b/doc/api/users.md index 8b04282f160..5dca77b5c7b 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -396,3 +396,31 @@ Parameters:  - `id` (required)  - SSH key ID  Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found. + +## Block user + +Blocks the specified user.  Available only for admin. + +``` +PUT /users/:uid/block +``` + +Parameters: + +- `uid` (required) - id of specified user + +Will return `200 OK` on success, or `404 User Not Found` is user cannot be found. + +## Unblock user + +Unblocks the specified user.  Available only for admin. + +``` +PUT /users/:uid/unblock +``` + +Parameters: + +- `uid` (required) - id of specified user + +Will return `200 OK` on success, or `404 User Not Found` is user cannot be found. diff --git a/lib/api/users.rb b/lib/api/users.rb index 9b268cfe8bc..c468371d3d4 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -199,6 +199,36 @@ module API            not_found!('User')          end        end + +      # Block user. Available only for admin +      # +      # Example Request: +      #   PUT /users/:id/block +      put ':id/block' do +        authenticated_as_admin! +        user = User.find_by(id: params[:id]) + +        if user +          user.block +        else +          not_found!('User') +        end +      end + +      # Unblock user. Available only for admin +      # +      # Example Request: +      #   PUT /users/:id/unblock +      put ':id/unblock' do +        authenticated_as_admin! +        user = User.find_by(id: params[:id]) + +        if user +          user.activate +        else +          not_found!('User') +        end +      end      end      resource :user do diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 1a29058f3f1..c4dd1f76cf2 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -527,4 +527,55 @@ describe API::API, api: true  do        expect(response.status).to eq(401)      end    end + +  describe 'PUT /user/:id/block' do +    before { admin } +    it 'should block existing user' do +      put api("/users/#{user.id}/block", admin) +      expect(response.status).to eq(200) +      expect(user.reload.state).to eq('blocked') +    end + +    it 'should not be available for non admin users' do +      put api("/users/#{user.id}/block", user) +      expect(response.status).to eq(403) +      expect(user.reload.state).to eq('active') +    end + +    it 'should return a 404 error if user id not found' do +      put api('/users/9999/block', admin) +      expect(response.status).to eq(404) +      expect(json_response['message']).to eq('404 User Not Found') +    end +  end + +  describe 'PUT /user/:id/unblock' do +    before { admin } +    it 'should unblock existing user' do +      put api("/users/#{user.id}/unblock", admin) +      expect(response.status).to eq(200) +      expect(user.reload.state).to eq('active') +    end + +    it 'should unblock a blocked user' do +      put api("/users/#{user.id}/block", admin) +      expect(response.status).to eq(200) +      expect(user.reload.state).to eq('blocked') +      put api("/users/#{user.id}/unblock", admin) +      expect(response.status).to eq(200) +      expect(user.reload.state).to eq('active') +    end + +    it 'should not be available for non admin users' do +      put api("/users/#{user.id}/unblock", user) +      expect(response.status).to eq(403) +      expect(user.reload.state).to eq('active') +    end + +    it 'should return a 404 error if user id not found' do +      put api('/users/9999/block', admin) +      expect(response.status).to eq(404) +      expect(json_response['message']).to eq('404 User Not Found') +    end +  end  end | 
