From 6e7db8e23e169bcbf0847ece27b9e44e00ae572b Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Wed, 30 Dec 2015 16:52:02 -0200
Subject: Prevent ldap_blocked users from being blocked/unblocked by the API

---
 lib/api/users.rb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/api/users.rb b/lib/api/users.rb
index 0d7813428e2..01fd90139b0 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -284,10 +284,12 @@ module API
         authenticated_as_admin!
         user = User.find_by(id: params[:id])
 
-        if user
+        if !user
+          not_found!('User')
+        elsif !user.ldap_blocked?
           user.block
         else
-          not_found!('User')
+          forbidden!('LDAP blocked users cannot be modified by the API')
         end
       end
 
@@ -299,10 +301,12 @@ module API
         authenticated_as_admin!
         user = User.find_by(id: params[:id])
 
-        if user
+        if !user
+          not_found!('User')
+        elsif !user.ldap_blocked?
           user.activate
         else
-          not_found!('User')
+          forbidden!('LDAP blocked users cannot be unblocked by the API')
         end
       end
     end
-- 
cgit v1.2.1