Commit c1286fc2 authored by Gabriel Mazetto's avatar Gabriel Mazetto

Merge branch 'sk/250667-fix-block-user-api' into 'master'

Fix 500 error in block user API for internal user

See merge request gitlab-org/gitlab!43461
parents 9ae29f76 5bf8a77e
...@@ -7,6 +7,8 @@ module Users ...@@ -7,6 +7,8 @@ module Users
end end
def execute(user) def execute(user)
return error('An internal user cannot be blocked', 403) if user.internal?
if user.block if user.block
after_block_hook(user) after_block_hook(user)
success success
......
...@@ -182,7 +182,7 @@ ...@@ -182,7 +182,7 @@
%li Access Git repositories %li Access Git repositories
%br %br
= link_to 'Unblock user', unblock_admin_user_path(@user), method: :put, class: "btn gl-button btn-info", data: { confirm: 'Are you sure?' } = link_to 'Unblock user', unblock_admin_user_path(@user), method: :put, class: "btn gl-button btn-info", data: { confirm: 'Are you sure?' }
- else - elsif !@user.internal?
.card.border-warning .card.border-warning
.card-header.bg-warning.text-white .card-header.bg-warning.text-white
Block this user Block this user
......
---
title: Fix 500 error in block user API for internal user
merge_request: 43461
author: Sashi Kumar
type: fixed
...@@ -1210,7 +1210,9 @@ Returns: ...@@ -1210,7 +1210,9 @@ Returns:
- `201 OK` on success. - `201 OK` on success.
- `404 User Not Found` if user cannot be found. - `404 User Not Found` if user cannot be found.
- `403 Forbidden` when trying to block an already blocked user by LDAP synchronization. - `403 Forbidden` when trying to block:
- A user that is blocked through LDAP.
- An internal user.
## Unblock user ## Unblock user
......
...@@ -2524,6 +2524,15 @@ RSpec.describe API::Users, :do_not_mock_admin_mode do ...@@ -2524,6 +2524,15 @@ RSpec.describe API::Users, :do_not_mock_admin_mode do
expect(json_response['message']).to eq('404 User Not Found') expect(json_response['message']).to eq('404 User Not Found')
end end
it 'returns a 403 error if user is internal' do
internal_user = create(:user, :bot)
post api("/users/#{internal_user.id}/block", admin)
expect(response).to have_gitlab_http_status(:forbidden)
expect(json_response['message']).to eq('An internal user cannot be blocked')
end
it 'returns a 201 if user is already blocked' do it 'returns a 201 if user is already blocked' do
post api("/users/#{blocked_user.id}/block", admin) post api("/users/#{blocked_user.id}/block", admin)
......
...@@ -34,5 +34,15 @@ RSpec.describe Users::BlockService do ...@@ -34,5 +34,15 @@ RSpec.describe Users::BlockService do
expect { operation }.not_to change { user.state } expect { operation }.not_to change { user.state }
end end
end end
context 'when internal user' do
let(:user) { create(:user, :bot) }
it 'returns error result' do
expect(operation[:status]).to eq(:error)
expect(operation[:message]).to eq('An internal user cannot be blocked')
expect(operation[:http_status]).to eq(403)
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment