diff options
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | CONTRIBUTING.md | 2 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | doc/api/users.md | 28 | ||||
| -rw-r--r-- | lib/api/users.rb | 30 | ||||
| -rw-r--r-- | spec/requests/api/users_spec.rb | 51 |
6 files changed, 113 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index ec28ffac92f..4874f88f12f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.13.0 (unreleased) + - Fix redirection to home page URL for unauthorized users (Daniel Gerhardt) - Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt) - Remove link leading to a 404 error in Deploy Keys page (Stan Hu) - Add support for unlocking users in admin settings (Stan Hu) @@ -34,6 +35,7 @@ v 7.13.0 (unreleased) - Faster automerge check and merge itself when source and target branches are in same repository - Correctly show anonymous authorized applications under Profile > Applications. - Query Optimization in MySQL. + - Allow users to be blocked and unblocked via the API v 7.12.1 - Fix error when deleting a user who has projects (Stan Hu) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a9dcf67b1e2..69abadb151a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -67,7 +67,7 @@ To start with GitLab download the [GitLab Development Kit](https://gitlab.com/gi If you can, please submit a merge request with the fix or improvements including tests. If you don't know how to fix the issue but can write a test that exposes the issue we will accept that as well. In general bug fixes that include a regression test are merged quickly while new features without proper tests are least likely to receive timely feedback. The workflow to make a merge request is as follows: -1. Fork the project on GitLab Cloud +1. Fork the project into your personal space on GitLab.com 1. Create a feature branch 1. Write [tests](https://gitlab.com/gitlab-org/gitlab-development-kit#running-the-tests) and code 1. Add your changes to the [CHANGELOG](CHANGELOG) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a657d3c54ee..63fc146f1d1 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -56,7 +56,7 @@ class ApplicationController < ActionController::Base def authenticate_user!(*args) # If user is not signed-in and tries to access root_path - redirect him to landing page if current_application_settings.home_page_url.present? - if current_user.nil? && controller_name == 'dashboard' && action_name == 'show' + if current_user.nil? && root_path == request.path redirect_to current_application_settings.home_page_url and return end end diff --git a/doc/api/users.md b/doc/api/users.md index 8b04282f160..5dca77b5c7b 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -396,3 +396,31 @@ Parameters: - `id` (required) - SSH key ID Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found. + +## Block user + +Blocks the specified user. Available only for admin. + +``` +PUT /users/:uid/block +``` + +Parameters: + +- `uid` (required) - id of specified user + +Will return `200 OK` on success, or `404 User Not Found` is user cannot be found. + +## Unblock user + +Unblocks the specified user. Available only for admin. + +``` +PUT /users/:uid/unblock +``` + +Parameters: + +- `uid` (required) - id of specified user + +Will return `200 OK` on success, or `404 User Not Found` is user cannot be found. diff --git a/lib/api/users.rb b/lib/api/users.rb index 9b268cfe8bc..c468371d3d4 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -199,6 +199,36 @@ module API not_found!('User') end end + + # Block user. Available only for admin + # + # Example Request: + # PUT /users/:id/block + put ':id/block' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + + if user + user.block + else + not_found!('User') + end + end + + # Unblock user. Available only for admin + # + # Example Request: + # PUT /users/:id/unblock + put ':id/unblock' do + authenticated_as_admin! + user = User.find_by(id: params[:id]) + + if user + user.activate + else + not_found!('User') + end + end end resource :user do diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 1a29058f3f1..c4dd1f76cf2 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -527,4 +527,55 @@ describe API::API, api: true do expect(response.status).to eq(401) end end + + describe 'PUT /user/:id/block' do + before { admin } + it 'should block existing user' do + put api("/users/#{user.id}/block", admin) + expect(response.status).to eq(200) + expect(user.reload.state).to eq('blocked') + end + + it 'should not be available for non admin users' do + put api("/users/#{user.id}/block", user) + expect(response.status).to eq(403) + expect(user.reload.state).to eq('active') + end + + it 'should return a 404 error if user id not found' do + put api('/users/9999/block', admin) + expect(response.status).to eq(404) + expect(json_response['message']).to eq('404 User Not Found') + end + end + + describe 'PUT /user/:id/unblock' do + before { admin } + it 'should unblock existing user' do + put api("/users/#{user.id}/unblock", admin) + expect(response.status).to eq(200) + expect(user.reload.state).to eq('active') + end + + it 'should unblock a blocked user' do + put api("/users/#{user.id}/block", admin) + expect(response.status).to eq(200) + expect(user.reload.state).to eq('blocked') + put api("/users/#{user.id}/unblock", admin) + expect(response.status).to eq(200) + expect(user.reload.state).to eq('active') + end + + it 'should not be available for non admin users' do + put api("/users/#{user.id}/unblock", user) + expect(response.status).to eq(403) + expect(user.reload.state).to eq('active') + end + + it 'should return a 404 error if user id not found' do + put api('/users/9999/block', admin) + expect(response.status).to eq(404) + expect(json_response['message']).to eq('404 User Not Found') + end + end end |