Prevent ldap_blocked users from being blocked/unblocked by the API
This commit is contained in:
parent
ba9855d487
commit
6e7db8e23e
|
@ -558,7 +558,8 @@ Parameters:
|
||||||
|
|
||||||
- `uid` (required) - id of specified user
|
- `uid` (required) - id of specified user
|
||||||
|
|
||||||
Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
|
Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
|
||||||
|
`403 Forbidden` when trying to block an already blocked user by LDAP synchronization.
|
||||||
|
|
||||||
## Unblock user
|
## Unblock user
|
||||||
|
|
||||||
|
@ -572,4 +573,5 @@ Parameters:
|
||||||
|
|
||||||
- `uid` (required) - id of specified user
|
- `uid` (required) - id of specified user
|
||||||
|
|
||||||
Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
|
Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
|
||||||
|
`403 Forbidden` when trying to unblock a user blocked by LDAP synchronization.
|
||||||
|
|
|
@ -284,10 +284,12 @@ module API
|
||||||
authenticated_as_admin!
|
authenticated_as_admin!
|
||||||
user = User.find_by(id: params[:id])
|
user = User.find_by(id: params[:id])
|
||||||
|
|
||||||
if user
|
if !user
|
||||||
|
not_found!('User')
|
||||||
|
elsif !user.ldap_blocked?
|
||||||
user.block
|
user.block
|
||||||
else
|
else
|
||||||
not_found!('User')
|
forbidden!('LDAP blocked users cannot be modified by the API')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -299,10 +301,12 @@ module API
|
||||||
authenticated_as_admin!
|
authenticated_as_admin!
|
||||||
user = User.find_by(id: params[:id])
|
user = User.find_by(id: params[:id])
|
||||||
|
|
||||||
if user
|
if !user
|
||||||
|
not_found!('User')
|
||||||
|
elsif !user.ldap_blocked?
|
||||||
user.activate
|
user.activate
|
||||||
else
|
else
|
||||||
not_found!('User')
|
forbidden!('LDAP blocked users cannot be unblocked by the API')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,6 +8,8 @@ describe API::API, api: true do
|
||||||
let(:key) { create(:key, user: user) }
|
let(:key) { create(:key, user: user) }
|
||||||
let(:email) { create(:email, user: user) }
|
let(:email) { create(:email, user: user) }
|
||||||
let(:omniauth_user) { create(:omniauth_user) }
|
let(:omniauth_user) { create(:omniauth_user) }
|
||||||
|
let(:ldap_user) { create(:omniauth_user, provider: 'ldapmain') }
|
||||||
|
let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
|
||||||
|
|
||||||
describe "GET /users" do
|
describe "GET /users" do
|
||||||
context "when unauthenticated" do
|
context "when unauthenticated" do
|
||||||
|
@ -783,6 +785,12 @@ describe API::API, api: true do
|
||||||
expect(user.reload.state).to eq('blocked')
|
expect(user.reload.state).to eq('blocked')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should not re-block ldap blocked users' do
|
||||||
|
put api("/users/#{ldap_blocked_user.id}/block", admin)
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
|
||||||
|
end
|
||||||
|
|
||||||
it 'should not be available for non admin users' do
|
it 'should not be available for non admin users' do
|
||||||
put api("/users/#{user.id}/block", user)
|
put api("/users/#{user.id}/block", user)
|
||||||
expect(response.status).to eq(403)
|
expect(response.status).to eq(403)
|
||||||
|
@ -797,7 +805,9 @@ describe API::API, api: true do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'PUT /user/:id/unblock' do
|
describe 'PUT /user/:id/unblock' do
|
||||||
|
let(:blocked_user) { create(:user, state: 'blocked') }
|
||||||
before { admin }
|
before { admin }
|
||||||
|
|
||||||
it 'should unblock existing user' do
|
it 'should unblock existing user' do
|
||||||
put api("/users/#{user.id}/unblock", admin)
|
put api("/users/#{user.id}/unblock", admin)
|
||||||
expect(response.status).to eq(200)
|
expect(response.status).to eq(200)
|
||||||
|
@ -805,12 +815,15 @@ describe API::API, api: true do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should unblock a blocked user' do
|
it 'should unblock a blocked user' do
|
||||||
put api("/users/#{user.id}/block", admin)
|
put api("/users/#{blocked_user.id}/unblock", admin)
|
||||||
expect(response.status).to eq(200)
|
expect(response.status).to eq(200)
|
||||||
expect(user.reload.state).to eq('blocked')
|
expect(blocked_user.reload.state).to eq('active')
|
||||||
put api("/users/#{user.id}/unblock", admin)
|
end
|
||||||
expect(response.status).to eq(200)
|
|
||||||
expect(user.reload.state).to eq('active')
|
it 'should not unblock ldap blocked users' do
|
||||||
|
put api("/users/#{ldap_blocked_user.id}/unblock", admin)
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should not be available for non admin users' do
|
it 'should not be available for non admin users' do
|
||||||
|
|
Loading…
Reference in New Issue