From: Tom Hughes <tom@compton.nu>
Date: Sat, 15 Feb 2025 11:15:25 +0000 (+0000)
Subject: Merge remote-tracking branch 'upstream/pull/5452'
X-Git-Tag: live~177
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/5ca24de0d04bef18353d3f0ecdd069d0bca34ce2?ds=sidebyside;hp=-c

Merge remote-tracking branch 'upstream/pull/5452'
---

5ca24de0d04bef18353d3f0ecdd069d0bca34ce2
diff --combined app/controllers/api_controller.rb
index 0fe1ba18d,acf64c6e2..9b2ee9b53
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@@ -49,9 -49,9 +49,9 @@@ class ApiController < ApplicationContro
      end
    end
  
-   def authorize(errormessage: "Couldn't authenticate you", skip_terms: false)
+   def authorize(errormessage: "Couldn't authenticate you", skip_blocks: false, skip_terms: false)
      # make the current_user object from any auth sources we have
-     setup_user_auth(:skip_terms => skip_terms)
+     setup_user_auth(:skip_blocks => skip_blocks, :skip_terms => skip_terms)
  
      # handle authenticate pass/fail
      unless current_user
@@@ -82,6 -82,8 +82,6 @@@
      if doorkeeper_token
        set_locale
        report_error t("oauth.permissions.missing"), :forbidden
 -    elsif current_user
 -      head :forbidden
      else
        head :unauthorized
      end
@@@ -97,7 -99,7 +97,7 @@@
    # sets up the current_user for use by other methods. this is mostly called
    # from the authorize method, but can be called elsewhere if authorisation
    # is optional.
-   def setup_user_auth(skip_terms: false)
+   def setup_user_auth(skip_blocks: false, skip_terms: false)
      logger.info " setup_user_auth"
      # try and setup using OAuth
      self.current_user = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token&.accessible?
@@@ -105,13 -107,15 +105,15 @@@
      # have we identified the user?
      if current_user
        # check if the user has been banned
-       user_block = current_user.blocks.active.take
-       unless user_block.nil?
-         set_locale
-         if user_block.zero_hour?
-           report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
-         else
-           report_error t("application.setup_user_auth.blocked"), :forbidden
+       unless skip_blocks
+         user_block = current_user.blocks.active.take
+         unless user_block.nil?
+           set_locale
+           if user_block.zero_hour?
+             report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
+           else
+             report_error t("application.setup_user_auth.blocked"), :forbidden
+           end
          end
        end