Disable API access when login is disabled (#7289)
This commit is contained in:
parent
295e3ef02b
commit
f62ee1ddb0
1 changed files with 3 additions and 1 deletions
|
@ -66,8 +66,10 @@ class Api::BaseController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def require_user!
|
def require_user!
|
||||||
if current_user
|
if current_user && !current_user.disabled?
|
||||||
set_user_activity
|
set_user_activity
|
||||||
|
elsif current_user
|
||||||
|
render json: { error: 'Your login is currently disabled' }, status: 403
|
||||||
else
|
else
|
||||||
render json: { error: 'This method requires an authenticated user' }, status: 422
|
render json: { error: 'This method requires an authenticated user' }, status: 422
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue