summaryrefslogtreecommitdiff
path: root/app/controllers/v1
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-01-31 14:43:19 -0800
committerelijah <elijah@riseup.net>2016-01-31 15:10:10 -0800
commite7e16318d056dbd9ec272085487cce6039627b09 (patch)
tree6ff86c1ae638da1ad620924037ccd41f9418b4b8 /app/controllers/v1
parent16fb1c2bf33ca418a6db06217e286964077a730f (diff)
remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690
Diffstat (limited to 'app/controllers/v1')
-rw-r--r--app/controllers/v1/certs_controller.rb7
-rw-r--r--app/controllers/v1/smtp_certs_controller.rb5
2 files changed, 12 insertions, 0 deletions
diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index 99aec16..ffa6e35 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -1,6 +1,7 @@
class V1::CertsController < ApiController
before_filter :require_login, :unless => :anonymous_access_allowed?
+ before_filter :require_enabled
# GET /cert
# deprecated - we actually create a new cert and that can
@@ -18,6 +19,12 @@ class V1::CertsController < ApiController
protected
+ def require_enabled
+ if !current_user.is_anonymous? && !current_user.enabled?
+ access_denied
+ end
+ end
+
def service_level
current_user.effective_service_level
end
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
index 75f524c..5760645 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -3,6 +3,7 @@ class V1::SmtpCertsController < ApiController
before_filter :require_login
before_filter :require_email_account
before_filter :fetch_identity
+ before_filter :require_enabled
# POST /1/smtp_cert
def create
@@ -22,6 +23,10 @@ class V1::SmtpCertsController < ApiController
access_denied unless service_level.provides? 'email'
end
+ def require_enabled
+ access_denied unless current_user.enabled?
+ end
+
def fetch_identity
@identity = current_user.identity
end