From 364b94c8abd1d5cc43ae759ddd19eb8d2e741994 Mon Sep 17 00:00:00 2001
From: canove <cassio@economicros.com.br>
Date: Fri, 4 Sep 2020 10:56:47 -0300
Subject: [PATCH] feat: block user creation if userCreation setting is disabled

---
 backend/src/controllers/UserController.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/backend/src/controllers/UserController.js b/backend/src/controllers/UserController.js
index 0a88394..359cdf3 100644
--- a/backend/src/controllers/UserController.js
+++ b/backend/src/controllers/UserController.js
@@ -3,6 +3,7 @@ const Yup = require("yup");
 const { Op } = require("sequelize");
 
 const User = require("../models/User");
+const Setting = require("../models/Setting");
 
 const { getIO } = require("../libs/socket");
 
@@ -55,6 +56,14 @@ exports.store = async (req, res, next) => {
 		password: Yup.string().required().min(5),
 	});
 
+	const { value: userCreation } = await Setting.findByPk("userCreation");
+
+	if (userCreation === "disabled") {
+		return res
+			.status(403)
+			.json({ error: "User creation is disabled by administrator" });
+	}
+
 	await schema.validate(req.body);
 
 	const io = getIO();