diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2018-04-30 09:13:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-30 09:13:14 +0200 |
| commit | f62ee1ddb0364d749e9df5559a243ebe3570cd2a (patch) | |
| tree | cac884afda6c35fc553fc544362e941dc9823b61 | |
| parent | 295e3ef02bb3fcdd4d8992ad6105c0ada2b3db0c (diff) | |
Disable API access when login is disabled (#7289)
| -rw-r--r-- | app/controllers/api/base_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 7b5168b31..b5c084e14 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -66,8 +66,10 @@ class Api::BaseController < ApplicationController end def require_user! - if current_user + if current_user && !current_user.disabled? set_user_activity + elsif current_user + render json: { error: 'Your login is currently disabled' }, status: 403 else render json: { error: 'This method requires an authenticated user' }, status: 422 end |