Commit 26172aee authored by Jacob Vosmaer's avatar Jacob Vosmaer
Browse files

Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce

parents 6646a04d 50a04bdc
Please view this file on the master branch, on stable branches it's out of date.
v 7.13.0 (unreleased)
- Fix redirection to home page URL for unauthorized users (Daniel Gerhardt)
- Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt)
- Remove link leading to a 404 error in Deploy Keys page (Stan Hu)
- Add support for unlocking users in admin settings (Stan Hu)
......@@ -34,6 +35,7 @@ v 7.13.0 (unreleased)
- Faster automerge check and merge itself when source and target branches are in same repository
- Correctly show anonymous authorized applications under Profile > Applications.
- Query Optimization in MySQL.
- Allow users to be blocked and unblocked via the API
v 7.12.1
- Fix error when deleting a user who has projects (Stan Hu)
......
......@@ -67,7 +67,7 @@ To start with GitLab download the [GitLab Development Kit](https://gitlab.com/gi
If you can, please submit a merge request with the fix or improvements including tests. If you don't know how to fix the issue but can write a test that exposes the issue we will accept that as well. In general bug fixes that include a regression test are merged quickly while new features without proper tests are least likely to receive timely feedback. The workflow to make a merge request is as follows:
1. Fork the project on GitLab Cloud
1. Fork the project into your personal space on GitLab.com
1. Create a feature branch
1. Write [tests](https://gitlab.com/gitlab-org/gitlab-development-kit#running-the-tests) and code
1. Add your changes to the [CHANGELOG](CHANGELOG)
......
......@@ -56,7 +56,7 @@ def authenticate_user_from_token!
def authenticate_user!(*args)
# If user is not signed-in and tries to access root_path - redirect him to landing page
if current_application_settings.home_page_url.present?
if current_user.nil? && controller_name == 'dashboard' && action_name == 'show'
if current_user.nil? && root_path == request.path
redirect_to current_application_settings.home_page_url and return
end
end
......
......@@ -396,3 +396,31 @@ Parameters:
- `id` (required) - SSH key ID
Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found.
## Block user
Blocks the specified user. Available only for admin.
```
PUT /users/:uid/block
```
Parameters:
- `uid` (required) - id of specified user
Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
## Unblock user
Unblocks the specified user. Available only for admin.
```
PUT /users/:uid/unblock
```
Parameters:
- `uid` (required) - id of specified user
Will return `200 OK` on success, or `404 User Not Found` is user cannot be found.
......@@ -199,6 +199,36 @@ class Users < Grape::API
not_found!('User')
end
end
# Block user. Available only for admin
#
# Example Request:
# PUT /users/:id/block
put ':id/block' do
authenticated_as_admin!
user = User.find_by(id: params[:id])
if user
user.block
else
not_found!('User')
end
end
# Unblock user. Available only for admin
#
# Example Request:
# PUT /users/:id/unblock
put ':id/unblock' do
authenticated_as_admin!
user = User.find_by(id: params[:id])
if user
user.activate
else
not_found!('User')
end
end
end
resource :user do
......
......@@ -527,4 +527,55 @@
expect(response.status).to eq(401)
end
end
describe 'PUT /user/:id/block' do
before { admin }
it 'should block existing user' do
put api("/users/#{user.id}/block", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('blocked')
end
it 'should not be available for non admin users' do
put api("/users/#{user.id}/block", user)
expect(response.status).to eq(403)
expect(user.reload.state).to eq('active')
end
it 'should return a 404 error if user id not found' do
put api('/users/9999/block', admin)
expect(response.status).to eq(404)
expect(json_response['message']).to eq('404 User Not Found')
end
end
describe 'PUT /user/:id/unblock' do
before { admin }
it 'should unblock existing user' do
put api("/users/#{user.id}/unblock", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('active')
end
it 'should unblock a blocked user' do
put api("/users/#{user.id}/block", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('blocked')
put api("/users/#{user.id}/unblock", admin)
expect(response.status).to eq(200)
expect(user.reload.state).to eq('active')
end
it 'should not be available for non admin users' do
put api("/users/#{user.id}/unblock", user)
expect(response.status).to eq(403)
expect(user.reload.state).to eq('active')
end
it 'should return a 404 error if user id not found' do
put api('/users/9999/block', admin)
expect(response.status).to eq(404)
expect(json_response['message']).to eq('404 User Not Found')
end
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment