Disable API access when login is disabled (#7289)

2018-04-30 09:13:14 +02:00 · 2018-04-30 09:13:14 +02:00 · f62ee1ddb0
commit f62ee1ddb0
parent 295e3ef02b
1 changed files with 3 additions and 1 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -66,8 +66,10 @@ class Api::BaseController < ApplicationController
  end

  def require_user!
-    if current_user
+    if current_user && !current_user.disabled?
      set_user_activity
+    elsif current_user
+      render json: { error: 'Your login is currently disabled' }, status: 403
    else
      render json: { error: 'This method requires an authenticated user' }, status: 422
    end