add blocked filter in users list to filter banned users

fixes #2914

4 files changed, 71 insertions, 10 deletions

diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index c8e9eaeaa..839431afb 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -18,6 +18,7 @@ import {
   setDefaultPagination,
   setDefaultSort,
   userAutocompleteValidator,
+  usersListValidator,
   usersAddValidator,
   usersGetValidator,
   usersRegisterValidator,
@@ -85,6 +86,7 @@ usersRouter.get('/',
   usersSortValidator,
   setDefaultSort,
   setDefaultPagination,
+  asyncMiddleware(usersListValidator),
   asyncMiddleware(listUsers)
 )
 
@@ -282,7 +284,13 @@ async function autocompleteUsers (req: express.Request, res: express.Response) {
 }
 
 async function listUsers (req: express.Request, res: express.Response) {
-  const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort, req.query.search)
+  const resultList = await UserModel.listForApi({
+    start: req.query.start,
+    count: req.query.count,
+    sort: req.query.sort,
+    search: req.query.search,
+    blocked: req.query.blocked
+  })
 
   return res.json(getFormattedObjects(resultList.data, resultList.total, { withAdminFlags: true }))
 }
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 4a9ed6830..6860a3bed 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -38,6 +38,21 @@ import { UserRole } from '../../../shared/models/users'
 import { MUserDefault } from '@server/types/models'
 import { Hooks } from '@server/lib/plugins/hooks'
 
+const usersListValidator = [
+  query('blocked')
+    .optional()
+    .customSanitizer(toBooleanOrNull)
+    .isBoolean().withMessage('Should be a valid boolean banned state'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersList parameters', { parameters: req.query })
+
+    if (areValidationErrors(req, res)) return
+
+    return next()
+  }
+]
+
 const usersAddValidator = [
   body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
   body('password').custom(isUserPasswordValidOrEmpty).withMessage('Should have a valid password'),
@@ -444,6 +459,7 @@ const ensureCanManageUser = [
 // ---------------------------------------------------------------------------
 
 export {
+  usersListValidator,
   usersAddValidator,
   deleteMeValidator,
   usersRegisterValidator,
diff --git a/server/models/account/user.ts b/server/models/account/user.ts
index 3bde1e744..de193131a 100644
--- a/server/models/account/user.ts
+++ b/server/models/account/user.ts
@@ -412,11 +412,18 @@ export class UserModel extends Model<UserModel> {
     return this.count()
   }
 
-  static listForApi (start: number, count: number, sort: string, search?: string) {
-    let where: WhereOptions
+  static listForApi (parameters: {
+    start: number
+    count: number
+    sort: string
+    search?: string
+    blocked?: boolean
+  }) {
+    const { start, count, sort, search, blocked } = parameters
+    const where: WhereOptions = {}
 
     if (search) {
-      where = {
+      Object.assign(where, {
         [Op.or]: [
           {
             email: {
@@ -429,7 +436,13 @@ export class UserModel extends Model<UserModel> {
             }
           }
         ]
-      }
+      })
+    }
+
+    if (blocked !== undefined) {
+      Object.assign(where, {
+        blocked: blocked
+      })
     }
 
     const query: FindOptions = {
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index cad954fcb..0a66bd1ce 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -819,12 +819,12 @@ describe('Test users', function () {
   describe('User blocking', function () {
     let user16Id
     let user16AccessToken
+    const user16 = {
+      username: 'user_16',
+      password: 'my super password'
+    }
 
-    it('Should block and unblock a user', async function () {
-      const user16 = {
-        username: 'user_16',
-        password: 'my super password'
-      }
+    it('Should block a user', async function () {
       const resUser = await createUser({
         url: server.url,
         accessToken: server.accessToken,
@@ -840,7 +840,31 @@ describe('Test users', function () {
 
       await getMyUserInformation(server.url, user16AccessToken, 401)
       await userLogin(server, user16, 400)
+    })
+
+    it('Should search user by banned status', async function () {
+      {
+        const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, true)
+        const users = res.body.data as User[]
+
+        expect(res.body.total).to.equal(1)
+        expect(users.length).to.equal(1)
+
+        expect(users[0].username).to.equal(user16.username)
+      }
+
+      {
+        const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, false)
+        const users = res.body.data as User[]
+
+        expect(res.body.total).to.equal(1)
+        expect(users.length).to.equal(1)
+
+        expect(users[0].username).to.not.equal(user16.username)
+      }
+    })
 
+    it('Should unblock a user', async function () {
       await unblockUser(server.url, user16Id, server.accessToken)
       user16AccessToken = await userLogin(server, user16)
       await getMyUserInformation(server.url, user16AccessToken, 200)