support setting user disabled

pkg/api/authorizations.go

@@ -43,6 +43,11 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (interface{}, *err
 		return nil, errs.ErrLoginNameOrPasswordWrong
 	}
 
+	if user.Disabled {
+		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user is disabled", credential.LoginName)
+		return nil, errs.ErrUserIsDisabled
+	}
+
 	err = a.users.UpdateUserLastLoginTime(user.Uid)
 
 	if err != nil {

pkg/cli/user_data.go

@@ -161,6 +161,40 @@ func (l *UserDataCli) ModifyUserPassword(c *cli.Context, username string, passwo
 	return nil
 }
 
+// EnableUser sets user enabled according to the specified user name
+func (l *UserDataCli) EnableUser(c *cli.Context, username string) error {
+	if username == "" {
+		log.BootErrorf("[user_data.EnableUser] user name is empty")
+		return errs.ErrUsernameIsEmpty
+	}
+
+	err := l.users.EnableUser(username)
+
+	if err != nil {
+		log.BootErrorf("[user_data.EnableUser] failed to set user enabled by user name \"%s\", because %s", username, err.Error())
+		return err
+	}
+
+	return nil
+}
+
+// DisableUser sets user disabled according to the specified user name
+func (l *UserDataCli) DisableUser(c *cli.Context, username string) error {
+	if username == "" {
+		log.BootErrorf("[user_data.DisableUser] user name is empty")
+		return errs.ErrUsernameIsEmpty
+	}
+
+	err := l.users.DisableUser(username)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUser] failed to set user disabled by user name \"%s\", because %s", username, err.Error())
+		return err
+	}
+
+	return nil
+}
+
 // DeleteUser deletes user according to the specified user name
 func (l *UserDataCli) DeleteUser(c *cli.Context, username string) error {
 	if username == "" {

pkg/errs/user.go

@@ -22,4 +22,5 @@ var (
 	ErrUserEmailAlreadyExists       = NewNormalError(NormalSubcategoryUser, 13, http.StatusBadRequest, "email already exists")
 	ErrUserRegistrationNotAllowed   = NewNormalError(NormalSubcategoryUser, 14, http.StatusBadRequest, "user registration not allowed")
 	ErrUserDefaultAccountIsInvalid  = NewNormalError(NormalSubcategoryUser, 15, http.StatusBadRequest, "user default account is invalid")
+	ErrUserIsDisabled               = NewNormalError(NormalSubcategoryUser, 16, http.StatusBadRequest, "user is disabled")
 )

pkg/models/user.go

@@ -63,6 +63,7 @@ type User struct {
 	ShortDateFormat      ShortDateFormat      `xorm:"TINYINT"`
 	LongTimeFormat       LongTimeFormat       `xorm:"TINYINT"`
 	ShortTimeFormat      ShortTimeFormat      `xorm:"TINYINT"`
+	Disabled             bool                 `xorm:"NOT NULL"`
 	Deleted              bool                 `xorm:"NOT NULL"`
 	EmailVerified        bool                 `xorm:"NOT NULL"`
 	CreatedUnixTime      int64

pkg/services/users.go

@@ -256,6 +256,52 @@ func (s *UserService) UpdateUserLastLoginTime(uid int64) error {
 	})
 }
 
+// EnableUser sets user enabled
+func (s *UserService) EnableUser(username string) error {
+	if username == "" {
+		return errs.ErrUsernameIsEmpty
+	}
+
+	now := time.Now().Unix()
+
+	updateModel := &models.User{
+		Disabled:        false,
+		UpdatedUnixTime: now,
+	}
+
+	updatedRows, err := s.UserDB().Cols("disabled", "updated_unix_time").Where("username=? AND deleted=?", username, false).Update(updateModel)
+
+	if err != nil {
+		return err
+	} else if updatedRows < 1 {
+		return errs.ErrUserNotFound
+	}
+	return nil
+}
+
+// DisableUser sets user disabled
+func (s *UserService) DisableUser(username string) error {
+	if username == "" {
+		return errs.ErrUsernameIsEmpty
+	}
+
+	now := time.Now().Unix()
+
+	updateModel := &models.User{
+		Disabled:        true,
+		UpdatedUnixTime: now,
+	}
+
+	updatedRows, err := s.UserDB().Cols("disabled", "updated_unix_time").Where("username=? AND deleted=?", username, false).Update(updateModel)
+
+	if err != nil {
+		return err
+	} else if updatedRows < 1 {
+		return errs.ErrUserNotFound
+	}
+	return nil
+}
+
 // DeleteUser deletes an existed user from database
 func (s *UserService) DeleteUser(username string) error {
 	if username == "" {