Deny user API access if they're not ACTIVE #119

app/Http/Middleware/ApiAuth.php

@@ -5,6 +5,7 @@
 
 namespace App\Http\Middleware;
 
+use App\Models\Enums\UserState;
 use Auth;
 use Log;
 use Closure;
@@ -36,6 +37,10 @@ class ApiAuth
             return $this->unauthorized('User not found with key "'.$api_key.'"');
         }
 
+        if($user->state !== UserState::ACTIVE) {
+            return $this->unauthorized('User is not ACTIVE, please contact an administrator');
+        }
+
         // Set the user to the request
         Auth::setUser($user);
         $request->merge(['user' => $user]);