From cb963780312edca5445f075d516eecd6955856a7 Mon Sep 17 00:00:00 2001
From: Ferran Marcet <fmarcet@2byte.es>
Date: Wed, 18 Jan 2023 10:48:18 +0100
Subject: [PATCH] FIX: API access for deactivated users

---
 htdocs/api/class/api_access.class.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php
index 5a4097b089b..09bb46ed98e 100644
--- a/htdocs/api/class/api_access.class.php
+++ b/htdocs/api/class/api_access.class.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2015   Jean-François Ferry     <jfefe@aternatik.fr>
  * Copyright (C) 2016	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2023	Ferran Marcet			<fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -147,6 +148,9 @@ class DolibarrApiAccess implements iAuthenticate
 			if ($result <= 0) {
 				throw new RestException(503, 'Error when fetching user :'.$fuser->error.' (conf->entity='.$conf->entity.')');
 			}
+			if ($fuser->statut == 0) {
+				throw new RestException(503, 'Error when fetching user. This user has been locked or disabled');
+			}
 
 			$fuser->getrights();