Skip to content

The changes have made to prevent to block the API initiating user.

The problem is that users are able to block themselves via the API. This situation is prevented in UI. The code changes are made create a consistent backend-frontend.

  1. Controlling the IDs to understand if the current user is also the user that wants to be blocked: (in lib/api/users.rb).
    elsif current_user.id == user.id
           forbidden!('The API initiating user cannot be blocked by the API')
  2. spec/requests/api/users_spec.rb file has been organised accordingly.
Edited by Ela Doğruyol

Merge request reports

Loading