Block user through HTTP API (#846)

The new functionality allows blocking a user in the Management service. Blocked users lose access to the Dashboard, aren't able to modify the network map, and all of their connected devices disconnect and are set to the "login expired" state. Technically all above was achieved with the updated PUT /api/users endpoint, that was extended with the is_blocked field.
2026-04-20 17:26:40 +00:00 · 2023-05-11 18:09:36 +02:00
parent 9f758b2015
commit e3d2b6a408
13 changed files with 505 additions and 155 deletions
--- a/management/server/http/users_handler.go
+++ b/management/server/http/users_handler.go
@@ -61,6 +61,11 @@ func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if req.AutoGroups == nil {
+		util.WriteErrorResponse("auto_groups field can't be absent", http.StatusBadRequest, w)
+		return
+	}
+
 	userRole := server.StrRoleToUserRole(req.Role)
 	if userRole == server.UserRoleUnknown {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid user role"), w)
@@ -71,7 +76,9 @@ func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 		Id:         userID,
 		Role:       userRole,
 		AutoGroups: req.AutoGroups,
+		Blocked:    req.IsBlocked,
 	})
+
 	if err != nil {
 		util.WriteError(err, w)
 		return
@@ -214,7 +221,11 @@ func toUserResponse(user *server.UserInfo, currenUserID string) *api.User {
 	case "invited":
 		userStatus = api.UserStatusInvited
 	default:
-		userStatus = api.UserStatusDisabled
+		userStatus = api.UserStatusBlocked
+	}
+
+	if user.IsBlocked {
+		userStatus = api.UserStatusBlocked
 	}

 	isCurrent := user.ID == currenUserID
@@ -227,5 +238,6 @@ func toUserResponse(user *server.UserInfo, currenUserID string) *api.User {
 		Status:        userStatus,
 		IsCurrent:     &isCurrent,
 		IsServiceUser: &user.IsServiceUser,
+		IsBlocked:     user.IsBlocked,
 	}
 }