Commit b3a75111 authored by Steve Norman's avatar Steve Norman

Allow user to be blocked and unblocked via the API

parent 49749169
......@@ -35,6 +35,7 @@ v 7.13.0 (unreleased)
- Faster automerge check and merge itself when source and target branches are in same repository
- Correctly show anonymous authorized applications under Profile > Applications.
- Query Optimization in MySQL.
- Allow users to be blocked and unblocked via the API
v 7.12.1
- Fix error when deleting a user who has projects (Stan Hu)
......
......@@ -396,3 +396,31 @@ Parameters:
- `id` (required) - SSH key ID
Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found.
## Block user
Blocks the specified user. Available only for admin.
```
PUT /users/:uid/block
```
Parameters:
- `uid` (required) - id of specified user
Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
## Unblock user
Unblocks the specified user. Available only for admin.
```
PUT /users/:uid/unblock
```
Parameters:
- `uid` (required) - id of specified user
Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
......@@ -199,6 +199,36 @@ module API
not_found!('User')
end
end
# Block user. Available only for admin
#
# Example Request:
# PUT /users/:id/block
put ':id/block' do
authenticated_as_admin!
user = User.find_by(id: params[:id])
if user
user.block
else
not_found!('User')
end
end
# Unblock user. Available only for admin
#
# Example Request:
# PUT /users/:id/unblock
put ':id/unblock' do
authenticated_as_admin!
user = User.find_by(id: params[:id])
if user
user.activate
else
not_found!('User')
end
end
end
resource :user do
......
......@@ -527,4 +527,55 @@ describe API::API, api: true do
expect(response.status).to eq(401)
end
end
describe 'PUT /user/:id/block' do
before { admin }
it 'should block existing user' do
put api("/users/#{user.id}/block", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('blocked')
end
it 'should not be available for non admin users' do
put api("/users/#{user.id}/block", user)
expect(response.status).to eq(403)
expect(user.reload.state).to eq('active')
end
it 'should return a 404 error if user id not found' do
put api('/users/9999/block', admin)
expect(response.status).to eq(404)
expect(json_response['message']).to eq('404 User Not Found')
end
end
describe 'PUT /user/:id/unblock' do
before { admin }
it 'should unblock existing user' do
put api("/users/#{user.id}/unblock", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('active')
end
it 'should unblock a blocked user' do
put api("/users/#{user.id}/block", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('blocked')
put api("/users/#{user.id}/unblock", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('active')
end
it 'should not be available for non admin users' do
put api("/users/#{user.id}/unblock", user)
expect(response.status).to eq(403)
expect(user.reload.state).to eq('active')
end
it 'should return a 404 error if user id not found' do
put api('/users/9999/block', admin)
expect(response.status).to eq(404)
expect(json_response['message']).to eq('404 User Not Found')
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment