Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Check user state, only allow db changes for confirmed and active users #284

Merged
merged 1 commit into from
Jan 28, 2023
Merged

Check user state, only allow db changes for confirmed and active users #284

merged 1 commit into from
Jan 28, 2023

Conversation

mmd-osm
Copy link
Collaborator

@mmd-osm mmd-osm commented Dec 25, 2022

Fixes #283

tomhughes
tomhughes reviewed Dec 26, 2022
View reviewed changes
src/process_request.cpp
// to change the database will be rejected
if (!selection.is_user_active(*user_id))
throw http::forbidden (
"You have not permitted the application access to this facility");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's not really an accurate description is it? This would occur when there was an authorization but the user account had been closed or suspended.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That’s exactly what Rails returned in that case, I’m only trying to replicate the same response here. I agree, the description isn’t all that helpful.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

api_controller.rb deny_access is where this error message originates from:

  def deny_access(_exception)
    if doorkeeper_token || current_token
      set_locale
      report_error t("oauth.permissions.missing"), :forbidden

@mmd-osm mmd-osm merged commit 3482ee8 into zerebubuth:master Jan 28, 2023
@mmd-osm mmd-osm deleted the patch/issue_283 branch July 13, 2024 08:18
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@tomhughes tomhughes tomhughes left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cgimap should check the user state
2 participants
@mmd-osm @tomhughes