diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/users.rb | 4 | ||||
-rw-r--r-- | lib/api/v3/users.rb | 32 |
2 files changed, 34 insertions, 2 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 05538f5a42f..fbc17953691 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -314,7 +314,7 @@ module API params do requires :id, type: Integer, desc: 'The ID of the user' end - put ':id/block' do + post ':id/block' do authenticated_as_admin! user = User.find_by(id: params[:id]) not_found!('User') unless user @@ -330,7 +330,7 @@ module API params do requires :id, type: Integer, desc: 'The ID of the user' end - put ':id/unblock' do + post ':id/unblock' do authenticated_as_admin! user = User.find_by(id: params[:id]) not_found!('User') unless user diff --git a/lib/api/v3/users.rb b/lib/api/v3/users.rb index ceb139d11b8..e05e457a5df 100644 --- a/lib/api/v3/users.rb +++ b/lib/api/v3/users.rb @@ -39,6 +39,38 @@ module API present user.emails, with: ::API::Entities::Email end + + desc 'Block a user. Available only for admins.' + params do + requires :id, type: Integer, desc: 'The ID of the user' + end + put ':id/block' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + not_found!('User') unless user + + if !user.ldap_blocked? + user.block + else + forbidden!('LDAP blocked users cannot be modified by the API') + end + end + + desc 'Unblock a user. Available only for admins.' + params do + requires :id, type: Integer, desc: 'The ID of the user' + end + put ':id/unblock' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + not_found!('User') unless user + + if user.ldap_blocked? + forbidden!('LDAP blocked users cannot be unblocked by the API') + else + user.activate + end + end end resource :user do |