From e7e16318d056dbd9ec272085487cce6039627b09 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Sun, 31 Jan 2016 14:43:19 -0800
Subject: remove cert fingerprints for disabled users, so that they cannot send
 email anymore. closes #7690

---
 app/controllers/v1/certs_controller.rb      | 7 +++++++
 app/controllers/v1/smtp_certs_controller.rb | 5 +++++
 2 files changed, 12 insertions(+)

(limited to 'app/controllers/v1')

diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index 99aec16..ffa6e35 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -1,6 +1,7 @@
 class V1::CertsController < ApiController
 
   before_filter :require_login, :unless => :anonymous_access_allowed?
+  before_filter :require_enabled
 
   # GET /cert
   # deprecated - we actually create a new cert and that can
@@ -18,6 +19,12 @@ class V1::CertsController < ApiController
 
   protected
 
+  def require_enabled
+    if !current_user.is_anonymous? && !current_user.enabled?
+      access_denied
+    end
+  end
+
   def service_level
     current_user.effective_service_level
   end
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
index 75f524c..5760645 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -3,6 +3,7 @@ class V1::SmtpCertsController < ApiController
   before_filter :require_login
   before_filter :require_email_account
   before_filter :fetch_identity
+  before_filter :require_enabled
 
   # POST /1/smtp_cert
   def create
@@ -22,6 +23,10 @@ class V1::SmtpCertsController < ApiController
     access_denied unless service_level.provides? 'email'
   end
 
+  def require_enabled
+    access_denied unless current_user.enabled?
+  end
+
   def fetch_identity
     @identity = current_user.identity
   end
-- 
cgit v1.2.3