From b66d6b34492cb92701d472d9ba7ad796f3a9d7d8 Mon Sep 17 00:00:00 2001 From: Lauris BH Date: Wed, 2 May 2018 16:22:56 +0300 Subject: Do not allow inactive users to access repositories using private keys (#3887) --- cmd/serv.go | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'cmd/serv.go') diff --git a/cmd/serv.go b/cmd/serv.go index 0326656f2a..5d567e6d64 100644 --- a/cmd/serv.go +++ b/cmd/serv.go @@ -230,6 +230,12 @@ func runServ(c *cli.Context) error { fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) } + if !user.IsActive || user.ProhibitLogin { + fail("Your account is not active or has been disabled by Administrator", + "User %s is disabled and have no access to repository %s", + user.Name, repoPath) + } + mode, err := models.AccessLevel(user.ID, repo) if err != nil { fail("Internal error", "Failed to check access: %v", err) -- cgit v1.2.3