From c6c7437861bff9572747674095c4dfbdfbea4988 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 4 Mar 2020 12:07:52 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 lib/api/helpers/custom_validators.rb | 12 ++++++++++++
 lib/api/users.rb                     | 13 ++++++++++---
 2 files changed, 22 insertions(+), 3 deletions(-)

(limited to 'lib/api')

diff --git a/lib/api/helpers/custom_validators.rb b/lib/api/helpers/custom_validators.rb
index dab4ca1d1f1..4c15c1d01cd 100644
--- a/lib/api/helpers/custom_validators.rb
+++ b/lib/api/helpers/custom_validators.rb
@@ -14,6 +14,17 @@ module API
         end
       end
 
+      class GitSha < Grape::Validations::Base
+        def validate_param!(attr_name, params)
+          sha = params[attr_name]
+
+          return if Commit::EXACT_COMMIT_SHA_PATTERN.match?(sha)
+
+          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
+                                                message: "should be a valid sha"
+        end
+      end
+
       class Absence < Grape::Validations::Base
         def validate_param!(attr_name, params)
           return if params.respond_to?(:key?) && !params.key?(attr_name)
@@ -50,6 +61,7 @@ module API
 end
 
 Grape::Validations.register_validator(:file_path, ::API::Helpers::CustomValidators::FilePath)
+Grape::Validations.register_validator(:git_sha, ::API::Helpers::CustomValidators::GitSha)
 Grape::Validations.register_validator(:absence, ::API::Helpers::CustomValidators::Absence)
 Grape::Validations.register_validator(:integer_none_any, ::API::Helpers::CustomValidators::IntegerNoneAny)
 Grape::Validations.register_validator(:array_none_any, ::API::Helpers::CustomValidators::ArrayNoneAny)
diff --git a/lib/api/users.rb b/lib/api/users.rb
index c6dc7c08b11..5b51f114fb4 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -528,11 +528,18 @@ module API
         user = User.find_by(id: params[:id])
         not_found!('User') unless user
 
-        if !user.ldap_blocked?
-          user.block
-        else
+        if user.ldap_blocked?
           forbidden!('LDAP blocked users cannot be modified by the API')
         end
+
+        break if user.blocked?
+
+        result = ::Users::BlockService.new(current_user).execute(user)
+        if result[:status] == :success
+          true
+        else
+          render_api_error!(result[:message], result[:http_status])
+        end
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
-- 
cgit v1.2.1