Disable API access when login is disabled (#7289)

lolsob-rspec
Eugen Rochko 2018-04-30 09:13:14 +02:00 committed by GitHub
parent aa54b99f3f
commit af240ff13c
1 changed files with 3 additions and 1 deletions

View File

@ -66,8 +66,10 @@ class Api::BaseController < ApplicationController
end
def require_user!
if current_user
if current_user && !current_user.disabled?
set_user_activity
elsif current_user
render json: { error: 'Your login is currently disabled' }, status: 403
else
render json: { error: 'This method requires an authenticated user' }, status: 422
end