Merge branch 'api-user-blocking' into 'master'

Allow user to be blocked and activated via the API When authenticating against LDAP if a user has been disabled in LDAP they can no longer log on to the website or commit over http(s) but will be able to commit using any ssh keys. This functionality allows us to look for users in GitLab that no longer exist in LDAP and disable then in GitLab. Closes Feedback item: [Add administrative API call to block users](http://feedback.gitlab.com/forums/176466-general/suggestions/4098632-add-administrative-api-call-to-block-users) See merge request !587

Merge branch 'api-user-blocking' into 'master'
Allow user to be blocked and activated via the API When authenticating against LDAP if a user has been disabled in LDAP they can no longer log on to the website or commit over http(s) but will be able to commit using any ssh keys. This functionality allows us to look for users in GitLab that no longer exist in LDAP and disable then in GitLab. Closes Feedback item: [Add administrative API call to block users](http://feedback.gitlab.com/forums/176466-general/suggestions/4098632-add-administrative-api-call-to-block-users) See merge request !587
50a04bdc · Stan Hu · 49749169 · b3a75111 · 50a04bdc · 50a04bdc
Commit 50a04bdc authored Jul 03, 2015 by Stan Hu
Showing with 110 additions and 0 deletions

CHANGELOG CHANGELOG +1 -0

doc/api/users.md doc/api/users.md +28 -0

lib/api/users.rb lib/api/users.rb +30 -0

spec/requests/api/users_spec.rb spec/requests/api/users_spec.rb +51 -0

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -35,6 +35,7 @@ v 7.13.0 (unreleased)
  - Faster automerge check and merge itself when source and target branches are in same repository 
  - Correctly show anonymous authorized applications under Profile > Applications.
  - Query Optimization in MySQL.
+  - Allow users to be blocked and unblocked via the API

 v 7.12.1
  - Fix error when deleting a user who has projects (Stan Hu)

--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -396,3 +396,31 @@ Parameters:
 - `id` (required)  - SSH key ID

 Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found.
+
+## Block user
+
+Blocks the specified user.  Available only for admin.
+
+```
+PUT /users/:uid/block
+```
+
+Parameters:
+
+- `uid` (required) - id of specified user
+
+Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
+
+## Unblock user
+
+Unblocks the specified user.  Available only for admin.
+
+```
+PUT /users/:uid/unblock
+```
+
+Parameters:
+
+- `uid` (required) - id of specified user
+
+Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -199,6 +199,36 @@ module API
          not_found!('User')
        end
      end
+
+      # Block user. Available only for admin
+      #
+      # Example Request:
+      #   PUT /users/:id/block
+      put ':id/block' do
+        authenticated_as_admin!
+        user = User.find_by(id: params[:id])
+
+        if user
+          user.block
+        else
+          not_found!('User')
+        end
+      end
+
+      # Unblock user. Available only for admin
+      #
+      # Example Request:
+      #   PUT /users/:id/unblock
+      put ':id/unblock' do
+        authenticated_as_admin!
+        user = User.find_by(id: params[:id])
+
+        if user
+          user.activate
+        else
+          not_found!('User')
+        end
+      end
    end

    resource :user do

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -527,4 +527,55 @@ describe API::API, api: true  do
      expect(response.status).to eq(401)
    end
  end
+
+  describe 'PUT /user/:id/block' do
+    before { admin }
+    it 'should block existing user' do
+      put api("/users/#{user.id}/block", admin)
+      expect(response.status).to eq(200)
+      expect(user.reload.state).to eq('blocked')
+    end
+
+    it 'should not be available for non admin users' do
+      put api("/users/#{user.id}/block", user)
+      expect(response.status).to eq(403)
+      expect(user.reload.state).to eq('active')
+    end
+
+    it 'should return a 404 error if user id not found' do
+      put api('/users/9999/block', admin)
+      expect(response.status).to eq(404)
+      expect(json_response['message']).to eq('404 User Not Found')
+    end
+  end
+
+  describe 'PUT /user/:id/unblock' do
+    before { admin }
+    it 'should unblock existing user' do
+      put api("/users/#{user.id}/unblock", admin)
+      expect(response.status).to eq(200)
+      expect(user.reload.state).to eq('active')
+    end
+
+    it 'should unblock a blocked user' do
+      put api("/users/#{user.id}/block", admin)
+      expect(response.status).to eq(200)
+      expect(user.reload.state).to eq('blocked')
+      put api("/users/#{user.id}/unblock", admin)
+      expect(response.status).to eq(200)
+      expect(user.reload.state).to eq('active')
+    end
+
+    it 'should not be available for non admin users' do
+      put api("/users/#{user.id}/unblock", user)
+      expect(response.status).to eq(403)
+      expect(user.reload.state).to eq('active')
+    end
+
+    it 'should return a 404 error if user id not found' do
+      put api('/users/9999/block', admin)
+      expect(response.status).to eq(404)
+      expect(json_response['message']).to eq('404 User Not Found')
+    end
+  end
 end