about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-04-30 09:13:14 +0200
committerGitHub <noreply@github.com>2018-04-30 09:13:14 +0200
commitf62ee1ddb0364d749e9df5559a243ebe3570cd2a (patch)
treecac884afda6c35fc553fc544362e941dc9823b61
parent295e3ef02bb3fcdd4d8992ad6105c0ada2b3db0c (diff)
Disable API access when login is disabled (#7289)
-rw-r--r--app/controllers/api/base_controller.rb4
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 7b5168b31..b5c084e14 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -66,8 +66,10 @@ class Api::BaseController < ApplicationController
   end
 
   def require_user!
-    if current_user
+    if current_user && !current_user.disabled?
       set_user_activity
+    elsif current_user
+      render json: { error: 'Your login is currently disabled' }, status: 403
     else
       render json: { error: 'This method requires an authenticated user' }, status: 422
     end