Skip to content

Restrict suspending orgs to admins (#5173)#5181

Open
johha wants to merge 1 commit into
mainfrom
issue-5173
Open

Restrict suspending orgs to admins (#5173)#5181
johha wants to merge 1 commit into
mainfrom
issue-5173

Conversation

@johha

@johha johha commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Mutating the suspended field is now admin-only on:

  • POST /v3/organizations
  • PATCH /v3/organizations/:guid
  • POST /v2/organizations (status: 'suspended')
  • PUT /v2/organizations/:guid (status: 'suspended')

Non-admins receive 403; sending the current value (no-op echo) remains allowed so GET-modify-PATCH clients are not broken. Fixes issue #5173

  • I have reviewed the contributing guide

  • I have viewed, signed, and submitted the Contributor License Agreement

  • I have made this pull request to the main branch

  • I have run all the unit tests using bundle exec rake

  • I have run CF Acceptance Tests

@johha
Restrict suspending orgs to admins (#5173)
fd03d2a 
Mutating the `suspended` field is now admin-only on:
 - POST /v3/organizations
 - PATCH /v3/organizations/:guid
 - POST /v2/organizations (status: 'suspended')
 - PUT /v2/organizations/:guid (status: 'suspended')

Non-admins receive 403; sending the current value (no-op echo) remains allowed so GET-modify-PATCH clients are not broken.
Fixes issue #5173
@johha johha marked this pull request as ready for review June 12, 2026 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs_review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johha