From 4ad97cd58ea78485650dee803b879ecc3f04e4b1 Mon Sep 17 00:00:00 2001
From: Ryan Wang <i@ryanc.cc>
Date: Mon, 10 Mar 2025 23:15:02 +0800
Subject: [PATCH] feat: add support for disabling/enabling user accounts
 (#7273)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#### What type of PR is this?

/kind feature
/area ui
/milestone 2.20.x

#### What this PR does / why we need it:

Add support for disabling/enabling user accounts

<img width="1207" alt="image" src="https://github.com/user-attachments/assets/a298e6f7-21a1-4b1c-86c3-1064a136e28c" />

#### Which issue(s) this PR fixes:

Fixes https://github.com/halo-dev/halo/issues/7250

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

```release-note
支持在管理控制台禁用指定用户
```
---
 api-docs/openapi/v3_0/aggregated.json         |  64 +++++
 .../v3_0/apis_console.api_v1alpha1.json       |  64 +++++
 .../app/core/user/service/UserService.java    |   5 +
 .../app/security/device/DeviceService.java    |   2 +
 .../endpoint/console/ConsoleUserEndpoint.java | 109 +++++++++
 .../user/service/impl/UserServiceImpl.java    |  26 ++
 .../run/halo/app/infra/SchemeInitializer.java |   8 +
 .../login/UsernamePasswordHandler.java        |   6 +-
 .../security/device/DeviceServiceImpl.java    |  17 ++
 .../templates/gateway_fragments/login.html    |   3 +
 .../gateway_fragments/login.properties        |   1 +
 .../gateway_fragments/login_en.properties     |   1 +
 .../gateway_fragments/login_es.properties     |   1 +
 .../gateway_fragments/login_zh_TW.properties  |   1 +
 .../modules/system/users/UserDetail.vue       |  46 +++-
 .../modules/system/users/UserList.vue         | 191 +--------------
 .../system/users/components/UserListItem.vue  | 224 ++++++++++++++++++
 .../system/users/composables/use-user.ts      |  63 ++++-
 .../src/api/user-v1alpha1-console-api.ts      | 174 ++++++++++++++
 ui/src/locales/_missing_translations_es.yaml  |   9 +
 ui/src/locales/en.yaml                        |  10 +
 ui/src/locales/zh-CN.yaml                     |   8 +
 ui/src/locales/zh-TW.yaml                     |   8 +
 23 files changed, 850 insertions(+), 191 deletions(-)
 create mode 100644 application/src/main/java/run/halo/app/core/endpoint/console/ConsoleUserEndpoint.java
 create mode 100644 ui/console-src/modules/system/users/components/UserListItem.vue

diff --git a/api-docs/openapi/v3_0/aggregated.json b/api-docs/openapi/v3_0/aggregated.json
index b44e99c40..7a721359d 100644
--- a/api-docs/openapi/v3_0/aggregated.json
+++ b/api-docs/openapi/v3_0/aggregated.json
@@ -7556,6 +7556,70 @@
         ]
       }
     },
+    "/apis/console.api.security.halo.run/v1alpha1/users/{username}/disable": {
+      "post": {
+        "description": "Disable user by username",
+        "operationId": "DisableUser",
+        "parameters": [
+          {
+            "description": "Username",
+            "in": "path",
+            "name": "username",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "default": {
+            "content": {
+              "*/*": {
+                "schema": {
+                  "$ref": "#/components/schemas/User"
+                }
+              }
+            },
+            "description": "The user has been disabled."
+          }
+        },
+        "tags": [
+          "UserV1alpha1Console"
+        ]
+      }
+    },
+    "/apis/console.api.security.halo.run/v1alpha1/users/{username}/enable": {
+      "post": {
+        "description": "Enable user by username",
+        "operationId": "EnableUser",
+        "parameters": [
+          {
+            "description": "Username",
+            "in": "path",
+            "name": "username",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "default": {
+            "content": {
+              "*/*": {
+                "schema": {
+                  "$ref": "#/components/schemas/User"
+                }
+              }
+            },
+            "description": "The user has been enabled."
+          }
+        },
+        "tags": [
+          "UserV1alpha1Console"
+        ]
+      }
+    },
     "/apis/content.halo.run/v1alpha1/categories": {
       "get": {
         "description": "List Category",
diff --git a/api-docs/openapi/v3_0/apis_console.api_v1alpha1.json b/api-docs/openapi/v3_0/apis_console.api_v1alpha1.json
index c24c2614c..4db59be07 100644
--- a/api-docs/openapi/v3_0/apis_console.api_v1alpha1.json
+++ b/api-docs/openapi/v3_0/apis_console.api_v1alpha1.json
@@ -3374,6 +3374,70 @@
           "NotifierV1alpha1Console"
         ]
       }
+    },
+    "/apis/console.api.security.halo.run/v1alpha1/users/{username}/disable": {
+      "post": {
+        "description": "Disable user by username",
+        "operationId": "DisableUser",
+        "parameters": [
+          {
+            "description": "Username",
+            "in": "path",
+            "name": "username",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "default": {
+            "content": {
+              "*/*": {
+                "schema": {
+                  "$ref": "#/components/schemas/User"
+                }
+              }
+            },
+            "description": "The user has been disabled."
+          }
+        },
+        "tags": [
+          "UserV1alpha1Console"
+        ]
+      }
+    },
+    "/apis/console.api.security.halo.run/v1alpha1/users/{username}/enable": {
+      "post": {
+        "description": "Enable user by username",
+        "operationId": "EnableUser",
+        "parameters": [
+          {
+            "description": "Username",
+            "in": "path",
+            "name": "username",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "default": {
+            "content": {
+              "*/*": {
+                "schema": {
+                  "$ref": "#/components/schemas/User"
+                }
+              }
+            },
+            "description": "The user has been enabled."
+          }
+        },
+        "tags": [
+          "UserV1alpha1Console"
+        ]
+      }
     }
   },
   "components": {
diff --git a/api/src/main/java/run/halo/app/core/user/service/UserService.java b/api/src/main/java/run/halo/app/core/user/service/UserService.java
index 58039c2f2..cc603378b 100644
--- a/api/src/main/java/run/halo/app/core/user/service/UserService.java
+++ b/api/src/main/java/run/halo/app/core/user/service/UserService.java
@@ -26,4 +26,9 @@ public interface UserService {
     Flux<User> listByEmail(String email);
 
     String encryptPassword(String rawPassword);
+
+    Mono<User> disable(String username);
+
+    Mono<User> enable(String username);
+
 }
diff --git a/api/src/main/java/run/halo/app/security/device/DeviceService.java b/api/src/main/java/run/halo/app/security/device/DeviceService.java
index ba52cd2c4..42a55b443 100644
--- a/api/src/main/java/run/halo/app/security/device/DeviceService.java
+++ b/api/src/main/java/run/halo/app/security/device/DeviceService.java
@@ -11,4 +11,6 @@ public interface DeviceService {
     Mono<Void> changeSessionId(ServerWebExchange exchange);
 
     Mono<Void> revoke(String principalName, String deviceId);
+
+    Mono<Void> revoke(String username);
 }
diff --git a/application/src/main/java/run/halo/app/core/endpoint/console/ConsoleUserEndpoint.java b/application/src/main/java/run/halo/app/core/endpoint/console/ConsoleUserEndpoint.java
new file mode 100644
index 000000000..fc78da838
--- /dev/null
+++ b/application/src/main/java/run/halo/app/core/endpoint/console/ConsoleUserEndpoint.java
@@ -0,0 +1,109 @@
+package run.halo.app.core.endpoint.console;
+
+import static org.springdoc.core.fn.builders.apiresponse.Builder.responseBuilder;
+
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
+import java.util.Objects;
+import org.springdoc.core.fn.builders.parameter.Builder;
+import org.springdoc.webflux.core.fn.SpringdocRouteBuilder;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.stereotype.Component;
+import org.springframework.web.reactive.function.server.RequestPredicates;
+import org.springframework.web.reactive.function.server.RouterFunction;
+import org.springframework.web.reactive.function.server.RouterFunctions;
+import org.springframework.web.reactive.function.server.ServerRequest;
+import org.springframework.web.reactive.function.server.ServerResponse;
+import org.springframework.web.server.ServerWebInputException;
+import reactor.core.publisher.Mono;
+import run.halo.app.core.extension.User;
+import run.halo.app.core.extension.endpoint.CustomEndpoint;
+import run.halo.app.core.user.service.UserService;
+import run.halo.app.extension.GroupVersion;
+
+/**
+ * User endpoint for console.
+ *
+ * @author johnniang
+ */
+@Component
+class ConsoleUserEndpoint implements CustomEndpoint {
+
+    private final UserService userService;
+
+    ConsoleUserEndpoint(UserService userService) {
+        this.userService = userService;
+    }
+
+    @Override
+    public RouterFunction<ServerResponse> endpoint() {
+        var tag = "UserV1alpha1Console";
+        return RouterFunctions.nest(RequestPredicates.path("/users"), SpringdocRouteBuilder.route()
+            .POST("/{username}/disable", this::handleDisableUser, ops -> {
+                ops.operationId("DisableUser")
+                    .tag(tag)
+                    .description("Disable user by username")
+                    .parameter(Builder.parameterBuilder()
+                        .name("username")
+                        .in(ParameterIn.PATH)
+                        .description("Username")
+                        .required(true)
+                        .implementation(String.class)
+                    )
+                    .response(responseBuilder()
+                        .implementation(User.class)
+                        .description("The user has been disabled.")
+                    );
+            })
+            .POST("/{username}/enable", this::handleEnableUser, ops -> {
+                ops.operationId("EnableUser")
+                    .tag(tag)
+                    .description("Enable user by username")
+                    .parameter(Builder.parameterBuilder()
+                        .name("username")
+                        .in(ParameterIn.PATH)
+                        .description("Username")
+                        .required(true)
+                        .implementation(String.class)
+                    )
+                    .response(responseBuilder()
+                        .implementation(User.class)
+                        .description("The user has been enabled.")
+                    );
+            })
+            .build());
+    }
+
+    private Mono<ServerResponse> handleEnableUser(ServerRequest request) {
+        return userService.enable(request.pathVariable("username"))
+            .switchIfEmpty(Mono.error(
+                () -> new ServerWebInputException("The user was not found or has been enabled."))
+            )
+            .flatMap(user -> ServerResponse.ok().bodyValue(user));
+    }
+
+    private Mono<ServerResponse> handleDisableUser(ServerRequest request) {
+        var username = request.pathVariable("username");
+        return ReactiveSecurityContextHolder.getContext()
+            .map(SecurityContext::getAuthentication)
+            .map(Authentication::getName)
+            .switchIfEmpty(Mono.error(
+                () -> new ServerWebInputException("The current user is not authenticated."))
+            )
+            .filter(currentUsername -> !Objects.equals(currentUsername, username))
+            .switchIfEmpty(Mono.error(() -> new ServerWebInputException(
+                "The user is the current user, can't disable it."
+            )))
+            .then(Mono.defer(() -> userService.disable(username)))
+            .switchIfEmpty(Mono.error(
+                () -> new ServerWebInputException("The user was not found or has been disabled."))
+            )
+            .flatMap(user -> ServerResponse.ok().bodyValue(user));
+    }
+
+    @Override
+    public GroupVersion groupVersion() {
+        return new GroupVersion("console.api.security.halo.run", "v1alpha1");
+    }
+}
diff --git a/application/src/main/java/run/halo/app/core/user/service/impl/UserServiceImpl.java b/application/src/main/java/run/halo/app/core/user/service/impl/UserServiceImpl.java
index 86a441424..389eb0c69 100644
--- a/application/src/main/java/run/halo/app/core/user/service/impl/UserServiceImpl.java
+++ b/application/src/main/java/run/halo/app/core/user/service/impl/UserServiceImpl.java
@@ -15,6 +15,8 @@ import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.dao.OptimisticLockingFailureException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.ReactiveTransactionManager;
+import org.springframework.transaction.reactive.TransactionalOperator;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
@@ -45,6 +47,7 @@ import run.halo.app.infra.exception.EmailVerificationFailed;
 import run.halo.app.infra.exception.UnsatisfiedAttributeValueException;
 import run.halo.app.infra.exception.UserNotFoundException;
 import run.halo.app.plugin.extensionpoint.ExtensionGetter;
+import run.halo.app.security.device.DeviceService;
 
 @Service
 @RequiredArgsConstructor
@@ -66,6 +69,10 @@ public class UserServiceImpl implements UserService {
 
     private final ExtensionGetter extensionGetter;
 
+    private final DeviceService deviceService;
+
+    private final ReactiveTransactionManager transactionManager;
+
     private Clock clock = Clock.systemUTC();
 
     void setClock(Clock clock) {
@@ -276,6 +283,25 @@ public class UserServiceImpl implements UserService {
         return passwordEncoder.encode(rawPassword);
     }
 
+    @Override
+    public Mono<User> disable(String username) {
+        var tx = TransactionalOperator.create(transactionManager);
+        return client.fetch(User.class, username)
+            .filter(user -> !Boolean.TRUE.equals(user.getSpec().getDisabled()))
+            .flatMap(user -> deviceService.revoke(username).thenReturn(user))
+            .doOnNext(user -> user.getSpec().setDisabled(true))
+            .flatMap(client::update)
+            .as(tx::transactional);
+    }
+
+    @Override
+    public Mono<User> enable(String username) {
+        return client.fetch(User.class, username)
+            .filter(user -> Boolean.TRUE.equals(user.getSpec().getDisabled()))
+            .doOnNext(user -> user.getSpec().setDisabled(false))
+            .flatMap(client::update);
+    }
+
     void publishPasswordChangedEvent(String username) {
         eventPublisher.publishEvent(new PasswordChangedEvent(this, username));
     }
diff --git a/application/src/main/java/run/halo/app/infra/SchemeInitializer.java b/application/src/main/java/run/halo/app/infra/SchemeInitializer.java
index fc22f4b47..2737dde1e 100644
--- a/application/src/main/java/run/halo/app/infra/SchemeInitializer.java
+++ b/application/src/main/java/run/halo/app/infra/SchemeInitializer.java
@@ -9,6 +9,7 @@ import static run.halo.app.extension.index.IndexAttributeFactory.simpleAttribute
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import java.time.Instant;
+import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -177,6 +178,13 @@ public class SchemeInitializer implements ApplicationListener<ApplicationContext
                             })
                         )
                         .orElseGet(Set::of))));
+            indexSpecs.add(new IndexSpec()
+                .setName("spec.disabled")
+                .setIndexFunc(simpleAttribute(User.class, user ->
+                    Objects.requireNonNullElse(user.getSpec().getDisabled(), Boolean.FALSE)
+                        .toString())
+                )
+            );
         });
         schemeManager.register(ReverseProxy.class);
         schemeManager.register(Setting.class);
diff --git a/application/src/main/java/run/halo/app/security/authentication/login/UsernamePasswordHandler.java b/application/src/main/java/run/halo/app/security/authentication/login/UsernamePasswordHandler.java
index dd20aa701..60e3c517d 100644
--- a/application/src/main/java/run/halo/app/security/authentication/login/UsernamePasswordHandler.java
+++ b/application/src/main/java/run/halo/app/security/authentication/login/UsernamePasswordHandler.java
@@ -10,6 +10,7 @@ import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.MessageSource;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.CredentialsContainer;
@@ -65,7 +66,10 @@ public class UsernamePasswordHandler implements ServerAuthenticationSuccessHandl
                 .filter(ServerWebExchangeMatcher.MatchResult::isMatch)
                 .switchIfEmpty(Mono.defer(
                     () -> {
-                        URI location = URI.create("/login?error&method=local");
+                        var location = URI.create("/login?error&method=local");
+                        if (exception instanceof DisabledException) {
+                            location = URI.create("/login?error=account-disabled&method=local");
+                        }
                         if (exception instanceof BadCredentialsException) {
                             location = URI.create("/login?error=invalid-credential&method=local");
                         }
diff --git a/application/src/main/java/run/halo/app/security/device/DeviceServiceImpl.java b/application/src/main/java/run/halo/app/security/device/DeviceServiceImpl.java
index cc7a19a01..de2c1b130 100644
--- a/application/src/main/java/run/halo/app/security/device/DeviceServiceImpl.java
+++ b/application/src/main/java/run/halo/app/security/device/DeviceServiceImpl.java
@@ -1,5 +1,6 @@
 package run.halo.app.security.device;
 
+import static run.halo.app.extension.ExtensionUtil.defaultSort;
 import static run.halo.app.infra.utils.IpAddressUtils.getClientIp;
 import static run.halo.app.security.authentication.rememberme.PersistentTokenBasedRememberMeServices.REMEMBER_ME_SERIES_REQUEST_NAME;
 
@@ -24,8 +25,10 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 import reactor.util.retry.Retry;
 import run.halo.app.core.extension.Device;
+import run.halo.app.extension.ListOptions;
 import run.halo.app.extension.Metadata;
 import run.halo.app.extension.ReactiveExtensionClient;
+import run.halo.app.extension.index.query.QueryFactory;
 import run.halo.app.security.authentication.rememberme.PersistentRememberMeTokenRepository;
 
 @Slf4j
@@ -132,6 +135,20 @@ public class DeviceServiceImpl implements DeviceService {
             .flatMap(revoked -> sessionRepository.deleteById(revoked.getSpec().getSessionId()));
     }
 
+    @Override
+    public Mono<Void> revoke(String username) {
+        var listOptions = ListOptions.builder()
+            .andQuery(QueryFactory.equal("spec.principalName", username))
+            .build();
+        return client.listAll(Device.class, listOptions, defaultSort())
+            .flatMap(this::removeRememberMeToken)
+            .flatMap(device -> sessionRepository.deleteById(device.getSpec().getSessionId())
+                .thenReturn(device)
+            )
+            .flatMap(client::delete)
+            .then();
+    }
+
     private Mono<Device> removeRememberMeToken(Device device) {
         var seriesId = device.getSpec().getRememberMeSeriesId();
         if (StringUtils.isBlank(seriesId)) {
diff --git a/application/src/main/resources/templates/gateway_fragments/login.html b/application/src/main/resources/templates/gateway_fragments/login.html
index bf7eda62a..43ef48ebc 100644
--- a/application/src/main/resources/templates/gateway_fragments/login.html
+++ b/application/src/main/resources/templates/gateway_fragments/login.html
@@ -13,6 +13,9 @@
         <strong th:if="${error == 'rate-limit-exceeded'}">
             <span th:text="#{form.error.rateLimitExceeded}"></span>
         </strong>
+        <strong th:if="${error == 'account-disabled'}">
+            <span th:text="#{form.error.accountDisabled}"></span>
+        </strong>
     </div>
     <div class="alert" role="alert" th:if="${param.logout.size() > 0}">
         <strong th:text="#{form.messages.logoutSuccess}"></strong>
diff --git a/application/src/main/resources/templates/gateway_fragments/login.properties b/application/src/main/resources/templates/gateway_fragments/login.properties
index bbd2288b4..80b191a06 100644
--- a/application/src/main/resources/templates/gateway_fragments/login.properties
+++ b/application/src/main/resources/templates/gateway_fragments/login.properties
@@ -4,6 +4,7 @@ form.messages.oauth2Bind=当前登录未绑定账号，请尝试通过其他方
 form.messages.passwordReset=密码重置成功，请立即登录。
 form.error.invalidCredential=无效的凭证。
 form.error.rateLimitExceeded=请求过于频繁，请稍后再试。
+form.error.accountDisabled=账号已被禁用。
 form.rememberMe.label=保持登录会话
 form.submit=登录
 
diff --git a/application/src/main/resources/templates/gateway_fragments/login_en.properties b/application/src/main/resources/templates/gateway_fragments/login_en.properties
index a086d11a9..253c6919c 100644
--- a/application/src/main/resources/templates/gateway_fragments/login_en.properties
+++ b/application/src/main/resources/templates/gateway_fragments/login_en.properties
@@ -4,6 +4,7 @@ form.messages.oauth2Bind=The current login is not bound to an account. Please tr
 form.messages.passwordReset=Password reset successfully, please login now.
 form.error.invalidCredential=Invalid credentials.
 form.error.rateLimitExceeded=Too many requests, please try again later.
+form.error.accountDisabled=Account has been disabled.
 form.rememberMe.label=Remember me
 form.submit=Login
 
diff --git a/application/src/main/resources/templates/gateway_fragments/login_es.properties b/application/src/main/resources/templates/gateway_fragments/login_es.properties
index 461229b3c..b0b6d96a5 100644
--- a/application/src/main/resources/templates/gateway_fragments/login_es.properties
+++ b/application/src/main/resources/templates/gateway_fragments/login_es.properties
@@ -4,6 +4,7 @@ form.messages.oauth2Bind=El inicio de sesión actual no está vinculado a una cu
 form.messages.passwordReset=¡Felicidades! La contraseña se ha restablecido con éxito.
 form.error.invalidCredential=Credenciales inválidas.
 form.error.rateLimitExceeded=Demasiadas solicitudes, por favor intente nuevamente más tarde.
+form.error.accountDisabled=La cuenta ha sido deshabilitada.
 form.rememberMe.label=Mantener sesión iniciada
 form.submit=Iniciar sesión
 
diff --git a/application/src/main/resources/templates/gateway_fragments/login_zh_TW.properties b/application/src/main/resources/templates/gateway_fragments/login_zh_TW.properties
index b485ddd93..c9ec8a08e 100644
--- a/application/src/main/resources/templates/gateway_fragments/login_zh_TW.properties
+++ b/application/src/main/resources/templates/gateway_fragments/login_zh_TW.properties
@@ -4,6 +4,7 @@ form.messages.oauth2Bind=當前登入未綁定至帳戶。請嘗試通過其他
 form.messages.passwordReset=密碼重置成功。請立即登入。
 form.error.invalidCredential=無效的憑證。
 form.error.rateLimitExceeded=請求過於頻繁，請稍後再試。
+form.error.accountDisabled=帳戶已被停用。
 form.form.rememberMe.label=保持登入會話
 form.form.submit=登入
 
diff --git a/ui/console-src/modules/system/users/UserDetail.vue b/ui/console-src/modules/system/users/UserDetail.vue
index d3f0149bc..37ca13c2f 100644
--- a/ui/console-src/modules/system/users/UserDetail.vue
+++ b/ui/console-src/modules/system/users/UserDetail.vue
@@ -10,11 +10,13 @@ import {
   Toast,
   VButton,
   VDropdown,
+  VDropdownDivider,
   VDropdownItem,
   VTabbar,
+  VTag,
 } from "@halo-dev/components";
 import type { UserTab } from "@halo-dev/console-shared";
-import { useQuery } from "@tanstack/vue-query";
+import { useQuery, useQueryClient } from "@tanstack/vue-query";
 import { useRouteQuery } from "@vueuse/router";
 import {
   computed,
@@ -30,8 +32,10 @@ import { useRoute, useRouter } from "vue-router";
 import GrantPermissionModal from "./components/GrantPermissionModal.vue";
 import UserEditingModal from "./components/UserEditingModal.vue";
 import UserPasswordChangeModal from "./components/UserPasswordChangeModal.vue";
+import { useUserEnableDisable } from "./composables/use-user";
 import DetailTab from "./tabs/Detail.vue";
 
+const queryClient = useQueryClient();
 const { currentUserHasPermission } = usePermission();
 const { t } = useI18n();
 const { currentUser } = useUserStore();
@@ -134,6 +138,8 @@ function onGrantPermissionModalClose() {
   grantPermissionModal.value = false;
   refetch();
 }
+
+const { handleEnableOrDisableUser } = useUserEnableDisable();
 </script>
 <template>
   <UserEditingModal
@@ -162,9 +168,14 @@ function onGrantPermissionModalClose() {
             <UserAvatar :name="user?.user.metadata.name" />
           </div>
           <div class="block">
-            <h1 class="truncate text-lg font-bold text-gray-900">
-              {{ user?.user.spec.displayName }}
-            </h1>
+            <div class="flex items-center gap-2">
+              <h1 class="truncate text-lg font-bold text-gray-900">
+                {{ user?.user.spec.displayName }}
+              </h1>
+              <VTag v-if="user?.user.spec.disabled">
+                {{ $t("core.user.fields.disabled") }}
+              </VTag>
+            </div>
             <span v-if="!isLoading" class="text-sm text-gray-600">
               @{{ user?.user.metadata.name }}
             </span>
@@ -195,6 +206,33 @@ function onGrantPermissionModalClose() {
               >
                 {{ $t("core.user.detail.actions.grant_permission.title") }}
               </VDropdownItem>
+              <VDropdownDivider
+                v-if="currentUser?.metadata.name !== user?.user.metadata.name"
+              />
+              <VDropdownItem
+                v-if="
+                  !!user &&
+                  currentUser?.metadata.name !== user?.user.metadata.name
+                "
+                type="danger"
+                @click="
+                  handleEnableOrDisableUser({
+                    name: user.user.metadata.name,
+                    operation: user.user.spec.disabled ? 'enable' : 'disable',
+                    onSuccess: () => {
+                      queryClient.invalidateQueries({
+                        queryKey: ['user-detail'],
+                      });
+                    },
+                  })
+                "
+              >
+                {{
+                  user.user.spec.disabled
+                    ? $t("core.user.operations.enable.title")
+                    : $t("core.user.operations.disable.title")
+                }}
+              </VDropdownItem>
               <VDropdownItem
                 v-if="
                   user &&
diff --git a/ui/console-src/modules/system/users/UserList.vue b/ui/console-src/modules/system/users/UserList.vue
index 9c70eb1c1..89a3fbf9a 100644
--- a/ui/console-src/modules/system/users/UserList.vue
+++ b/ui/console-src/modules/system/users/UserList.vue
@@ -2,7 +2,6 @@
 import { useFetchRole } from "@/composables/use-role";
 import { rbacAnnotations } from "@/constants/annotations";
 import { useUserStore } from "@/stores/user";
-import { formatDatetime } from "@/utils/date";
 import { usePermission } from "@/utils/permission";
 import type { ListedUser, User } from "@halo-dev/api-client";
 import { consoleApiClient, coreApiClient } from "@halo-dev/api-client";
@@ -14,40 +13,28 @@ import {
   IconShieldUser,
   IconUserSettings,
   Toast,
-  VAvatar,
   VButton,
   VCard,
-  VDropdownItem,
   VEmpty,
-  VEntity,
-  VEntityField,
   VLoading,
   VPageHeader,
   VPagination,
   VSpace,
-  VStatusDot,
-  VTag,
 } from "@halo-dev/components";
 import { useQuery } from "@tanstack/vue-query";
 import { useRouteQuery } from "@vueuse/router";
 import { computed, onMounted, ref, watch } from "vue";
 import { useI18n } from "vue-i18n";
-import GrantPermissionModal from "./components/GrantPermissionModal.vue";
 import UserCreationModal from "./components/UserCreationModal.vue";
-import UserEditingModal from "./components/UserEditingModal.vue";
-import UserPasswordChangeModal from "./components/UserPasswordChangeModal.vue";
+import UserListItem from "./components/UserListItem.vue";
 
 const { currentUserHasPermission } = usePermission();
 const { t } = useI18n();
 
 const checkedAll = ref(false);
-const editingModal = ref<boolean>(false);
 const creationModal = ref<boolean>(false);
-const passwordChangeModal = ref<boolean>(false);
-const grantPermissionModal = ref<boolean>(false);
 
 const selectedUserNames = ref<string[]>([]);
-const selectedUser = ref<User>();
 const keyword = useRouteQuery<string>("keyword", "");
 
 const userStore = useUserStore();
@@ -122,34 +109,8 @@ const {
 
     return hasDeletingData ? 1000 : false;
   },
-  onSuccess() {
-    selectedUser.value = undefined;
-  },
 });
 
-const handleDelete = async (user: User) => {
-  Dialog.warning({
-    title: t("core.user.operations.delete.title"),
-    description: t("core.common.dialog.descriptions.cannot_be_recovered"),
-    confirmType: "danger",
-    confirmText: t("core.common.buttons.confirm"),
-    cancelText: t("core.common.buttons.cancel"),
-    onConfirm: async () => {
-      try {
-        await coreApiClient.user.deleteUser({
-          name: user.metadata.name,
-        });
-
-        Toast.success(t("core.common.toast.delete_success"));
-      } catch (e) {
-        console.error("Failed to delete user", e);
-      } finally {
-        await refetch();
-      }
-    },
-  });
-};
-
 const handleDeleteInBatch = async () => {
   Dialog.warning({
     title: t("core.user.operations.delete_in_batch.title"),
@@ -184,10 +145,7 @@ watch(selectedUserNames, (newValue) => {
 });
 
 const checkSelection = (user: User) => {
-  return (
-    user.metadata.name === selectedUser.value?.metadata.name ||
-    selectedUserNames.value.includes(user.metadata.name)
-  );
+  return selectedUserNames.value.includes(user.metadata.name);
 };
 
 const handleCheckAllChange = (e: Event) => {
@@ -209,21 +167,6 @@ const handleCheckAllChange = (e: Event) => {
   }
 };
 
-const handleOpenCreateModal = (user: User) => {
-  selectedUser.value = user;
-  editingModal.value = true;
-};
-
-const handleOpenPasswordChangeModal = (user: User) => {
-  selectedUser.value = user;
-  passwordChangeModal.value = true;
-};
-
-const handleOpenGrantPermissionModal = (user: User) => {
-  selectedUser.value = user;
-  grantPermissionModal.value = true;
-};
-
 // Route query action
 const routeQueryAction = useRouteQuery<string | undefined>("action");
 
@@ -237,44 +180,10 @@ function onCreationModalClose() {
   creationModal.value = false;
   routeQueryAction.value = undefined;
 }
-
-function onEditingModalClose() {
-  editingModal.value = false;
-  selectedUser.value = undefined;
-}
-
-function onPasswordChangeModalClose() {
-  passwordChangeModal.value = false;
-  refetch();
-}
-
-function onGrantPermissionModalClose() {
-  grantPermissionModal.value = false;
-  selectedUser.value = undefined;
-  refetch();
-}
 </script>
 <template>
-  <UserEditingModal
-    v-if="editingModal && selectedUser"
-    :user="selectedUser"
-    @close="onEditingModalClose"
-  />
-
   <UserCreationModal v-if="creationModal" @close="onCreationModalClose" />
 
-  <UserPasswordChangeModal
-    v-if="passwordChangeModal"
-    :user="selectedUser"
-    @close="onPasswordChangeModalClose"
-  />
-
-  <GrantPermissionModal
-    v-if="grantPermissionModal"
-    :user="selectedUser"
-    @close="onGrantPermissionModalClose"
-  />
-
   <VPageHeader :title="$t('core.user.title')">
     <template #icon>
       <IconUserSettings class="mr-2 self-center" />
@@ -413,7 +322,7 @@ function onGrantPermissionModalClose() {
               <VButton
                 v-permission="['system:users:manage']"
                 type="secondary"
-                @click="editingModal = true"
+                @click="creationModal = true"
               >
                 <template #icon>
                   <IconAddCircle class="h-full w-full" />
@@ -431,7 +340,7 @@ function onGrantPermissionModalClose() {
           role="list"
         >
           <li v-for="(user, index) in users" :key="index">
-            <VEntity :is-selected="checkSelection(user.user)">
+            <UserListItem :user="user" :is-selected="checkSelection(user.user)">
               <template
                 v-if="currentUserHasPermission(['system:users:manage'])"
                 #checkbox
@@ -439,7 +348,7 @@ function onGrantPermissionModalClose() {
                 <input
                   v-model="selectedUserNames"
                   :value="user.user.metadata.name"
-                  name="post-checkbox"
+                  name="user-checkbox"
                   type="checkbox"
                   :disabled="
                     user.user.metadata.name ===
@@ -447,95 +356,7 @@ function onGrantPermissionModalClose() {
                   "
                 />
               </template>
-              <template #start>
-                <VEntityField>
-                  <template #description>
-                    <VAvatar
-                      :alt="user.user.spec.displayName"
-                      :src="user.user.spec.avatar"
-                      size="md"
-                    ></VAvatar>
-                  </template>
-                </VEntityField>
-                <VEntityField
-                  :title="user.user.spec.displayName"
-                  :description="user.user.metadata.name"
-                  :route="{
-                    name: 'UserDetail',
-                    params: { name: user.user.metadata.name },
-                  }"
-                />
-              </template>
-              <template #end>
-                <VEntityField>
-                  <template #description>
-                    <VSpace>
-                      <VTag
-                        v-for="role in user.roles"
-                        :key="role.metadata.name"
-                      >
-                        <template #leftIcon>
-                          <IconShieldUser />
-                        </template>
-                        {{
-                          role.metadata.annotations?.[
-                            rbacAnnotations.DISPLAY_NAME
-                          ] || role.metadata.name
-                        }}
-                      </VTag>
-                    </VSpace>
-                  </template>
-                </VEntityField>
-                <VEntityField v-if="user.user.metadata.deletionTimestamp">
-                  <template #description>
-                    <VStatusDot
-                      v-tooltip="$t('core.common.status.deleting')"
-                      state="warning"
-                      animate
-                    />
-                  </template>
-                </VEntityField>
-                <VEntityField>
-                  <template #description>
-                    <span class="truncate text-xs tabular-nums text-gray-500">
-                      {{ formatDatetime(user.user.metadata.creationTimestamp) }}
-                    </span>
-                  </template>
-                </VEntityField>
-              </template>
-              <template
-                v-if="currentUserHasPermission(['system:users:manage'])"
-                #dropdownItems
-              >
-                <VDropdownItem @click="handleOpenCreateModal(user.user)">
-                  {{ $t("core.user.operations.update_profile.title") }}
-                </VDropdownItem>
-                <VDropdownItem
-                  @click="handleOpenPasswordChangeModal(user.user)"
-                >
-                  {{ $t("core.user.operations.change_password.title") }}
-                </VDropdownItem>
-                <VDropdownItem
-                  v-if="
-                    userStore.currentUser?.metadata.name !==
-                    user.user.metadata.name
-                  "
-                  @click="handleOpenGrantPermissionModal(user.user)"
-                >
-                  {{ $t("core.user.operations.grant_permission.title") }}
-                </VDropdownItem>
-                <VDropdownItem
-                  v-if="
-                    userStore.currentUser?.metadata.name !==
-                    user.user.metadata.name
-                  "
-                  type="danger"
-                  @click="handleDelete(user.user)"
-                >
-                  {{ $t("core.common.buttons.delete") }}
-                </VDropdownItem>
-              </template>
-            </VEntity>
+            </UserListItem>
           </li>
         </ul>
       </Transition>
diff --git a/ui/console-src/modules/system/users/components/UserListItem.vue b/ui/console-src/modules/system/users/components/UserListItem.vue
new file mode 100644
index 000000000..dd8c46880
--- /dev/null
+++ b/ui/console-src/modules/system/users/components/UserListItem.vue
@@ -0,0 +1,224 @@
+<script setup lang="ts">
+import { rbacAnnotations } from "@/constants/annotations";
+import { useUserStore } from "@/stores/user";
+import { formatDatetime } from "@/utils/date";
+import { usePermission } from "@/utils/permission";
+import { coreApiClient, type ListedUser } from "@halo-dev/api-client";
+import {
+  Dialog,
+  IconShieldUser,
+  Toast,
+  VAvatar,
+  VDropdownDivider,
+  VDropdownItem,
+  VEntity,
+  VEntityField,
+  VSpace,
+  VStatusDot,
+  VTag,
+} from "@halo-dev/components";
+import { useQueryClient } from "@tanstack/vue-query";
+import { storeToRefs } from "pinia";
+import { ref } from "vue";
+import { useI18n } from "vue-i18n";
+import { useUserEnableDisable } from "../composables/use-user";
+import GrantPermissionModal from "./GrantPermissionModal.vue";
+import UserEditingModal from "./UserEditingModal.vue";
+import UserPasswordChangeModal from "./UserPasswordChangeModal.vue";
+
+const props = withDefaults(
+  defineProps<{
+    user: ListedUser;
+    isSelected?: boolean;
+  }>(),
+  { isSelected: false }
+);
+
+const queryClient = useQueryClient();
+const { currentUserHasPermission } = usePermission();
+const { t } = useI18n();
+const { currentUser } = storeToRefs(useUserStore());
+
+const handleDelete = async () => {
+  Dialog.warning({
+    title: t("core.user.operations.delete.title"),
+    description: t("core.common.dialog.descriptions.cannot_be_recovered"),
+    confirmType: "danger",
+    confirmText: t("core.common.buttons.confirm"),
+    cancelText: t("core.common.buttons.cancel"),
+    onConfirm: async () => {
+      try {
+        await coreApiClient.user.deleteUser({
+          name: props.user.user.metadata.name,
+        });
+
+        Toast.success(t("core.common.toast.delete_success"));
+      } catch (e) {
+        console.error("Failed to delete user", e);
+      } finally {
+        queryClient.invalidateQueries({
+          queryKey: ["users"],
+        });
+      }
+    },
+  });
+};
+
+const grantPermissionModal = ref(false);
+
+function onGrantPermissionModalClose() {
+  grantPermissionModal.value = false;
+  queryClient.invalidateQueries({
+    queryKey: ["users"],
+  });
+}
+
+const passwordChangeModal = ref<boolean>(false);
+
+function onPasswordChangeModalClose() {
+  passwordChangeModal.value = false;
+  queryClient.invalidateQueries({
+    queryKey: ["users"],
+  });
+}
+
+const editingModal = ref<boolean>(false);
+
+function onEditingModalClose() {
+  editingModal.value = false;
+  queryClient.invalidateQueries({
+    queryKey: ["users"],
+  });
+}
+
+const { handleEnableOrDisableUser } = useUserEnableDisable();
+</script>
+
+<template>
+  <UserEditingModal
+    v-if="editingModal"
+    :user="user.user"
+    @close="onEditingModalClose"
+  />
+  <GrantPermissionModal
+    v-if="grantPermissionModal"
+    :user="user.user"
+    @close="onGrantPermissionModalClose"
+  />
+  <UserPasswordChangeModal
+    v-if="passwordChangeModal"
+    :user="user.user"
+    @close="onPasswordChangeModalClose"
+  />
+  <VEntity :is-selected="isSelected">
+    <template #checkbox>
+      <slot name="checkbox" />
+    </template>
+    <template #start>
+      <VEntityField>
+        <template #description>
+          <VAvatar
+            :alt="user.user.spec.displayName"
+            :src="user.user.spec.avatar"
+            size="md"
+          ></VAvatar>
+        </template>
+      </VEntityField>
+      <VEntityField
+        :title="user.user.spec.displayName"
+        :description="user.user.metadata.name"
+        :route="{
+          name: 'UserDetail',
+          params: { name: user.user.metadata.name },
+        }"
+      >
+        <template v-if="user.user.spec.disabled" #extra>
+          <VTag>
+            {{ $t("core.user.fields.disabled") }}
+          </VTag>
+        </template>
+      </VEntityField>
+    </template>
+    <template #end>
+      <VEntityField>
+        <template #description>
+          <VSpace>
+            <VTag v-for="role in user.roles" :key="role.metadata.name">
+              <template #leftIcon>
+                <IconShieldUser />
+              </template>
+              {{
+                role.metadata.annotations?.[rbacAnnotations.DISPLAY_NAME] ||
+                role.metadata.name
+              }}
+            </VTag>
+          </VSpace>
+        </template>
+      </VEntityField>
+      <VEntityField v-if="user.user.metadata.deletionTimestamp">
+        <template #description>
+          <VStatusDot
+            v-tooltip="$t('core.common.status.deleting')"
+            state="warning"
+            animate
+          />
+        </template>
+      </VEntityField>
+      <VEntityField>
+        <template #description>
+          <span class="truncate text-xs tabular-nums text-gray-500">
+            {{ formatDatetime(user.user.metadata.creationTimestamp) }}
+          </span>
+        </template>
+      </VEntityField>
+    </template>
+    <template
+      v-if="currentUserHasPermission(['system:users:manage'])"
+      #dropdownItems
+    >
+      <VDropdownItem @click="editingModal = true">
+        {{ $t("core.user.operations.update_profile.title") }}
+      </VDropdownItem>
+      <VDropdownItem @click="passwordChangeModal = true">
+        {{ $t("core.user.operations.change_password.title") }}
+      </VDropdownItem>
+      <VDropdownItem
+        v-if="currentUser?.metadata.name !== user.user.metadata.name"
+        @click="grantPermissionModal = true"
+      >
+        {{ $t("core.user.operations.grant_permission.title") }}
+      </VDropdownItem>
+      <VDropdownDivider
+        v-if="currentUser?.metadata.name !== user.user.metadata.name"
+      />
+      <VDropdownItem
+        v-if="currentUser?.metadata.name !== user.user.metadata.name"
+        type="danger"
+        @click="
+          handleEnableOrDisableUser({
+            name: user.user.metadata.name,
+            operation: user.user.spec.disabled ? 'enable' : 'disable',
+            onSuccess: () => {
+              queryClient.invalidateQueries({
+                queryKey: ['users'],
+              });
+            },
+          })
+        "
+      >
+        {{
+          user.user.spec.disabled
+            ? $t("core.user.operations.enable.title")
+            : $t("core.user.operations.disable.title")
+        }}
+      </VDropdownItem>
+      <VDropdownItem
+        v-if="currentUser?.metadata.name !== user.user.metadata.name"
+        type="danger"
+        @click="handleDelete"
+      >
+        {{ $t("core.common.buttons.delete") }}
+      </VDropdownItem>
+    </template>
+  </VEntity>
+</template>
diff --git a/ui/console-src/modules/system/users/composables/use-user.ts b/ui/console-src/modules/system/users/composables/use-user.ts
index b35a24613..ea9838d48 100644
--- a/ui/console-src/modules/system/users/composables/use-user.ts
+++ b/ui/console-src/modules/system/users/composables/use-user.ts
@@ -1,7 +1,9 @@
 import type { User } from "@halo-dev/api-client";
-import { coreApiClient } from "@halo-dev/api-client";
+import { consoleApiClient, coreApiClient } from "@halo-dev/api-client";
+import { Dialog, Toast } from "@halo-dev/components";
 import type { Ref } from "vue";
 import { onMounted, ref } from "vue";
+import { useI18n } from "vue-i18n";
 
 interface useUserFetchReturn {
   users: Ref<User[]>;
@@ -43,3 +45,62 @@ export function useUserFetch(options?: {
     handleFetchUsers,
   };
 }
+
+export function useUserEnableDisable() {
+  const { t } = useI18n();
+
+  const handleEnableOrDisableUser = ({
+    name,
+    operation,
+    onSuccess,
+  }: {
+    name: string;
+    operation: "enable" | "disable";
+    onSuccess?: () => void;
+  }) => {
+    const operations = {
+      enable: {
+        title: t("core.user.operations.enable.title"),
+        description: t("core.user.operations.enable.description"),
+        value: false,
+      },
+      disable: {
+        title: t("core.user.operations.disable.title"),
+        description: t("core.user.operations.disable.description"),
+        value: true,
+      },
+    };
+
+    const operationConfig = operations[operation];
+
+    Dialog.warning({
+      title: operationConfig.title,
+      description: operationConfig.description,
+      confirmType: "danger",
+      confirmText: t("core.common.buttons.confirm"),
+      cancelText: t("core.common.buttons.cancel"),
+      onConfirm: async () => {
+        try {
+          if (operation == "enable") {
+            await consoleApiClient.user.enableUser({
+              username: name,
+            });
+          } else {
+            await consoleApiClient.user.disableUser({
+              username: name,
+            });
+          }
+
+          Toast.success(t("core.common.toast.operation_success"));
+          onSuccess?.();
+        } catch (e) {
+          console.error("Failed to enable or disable user", e);
+        }
+      },
+    });
+  };
+
+  return {
+    handleEnableOrDisableUser,
+  };
+}
diff --git a/ui/packages/api-client/src/api/user-v1alpha1-console-api.ts b/ui/packages/api-client/src/api/user-v1alpha1-console-api.ts
index d2c03e2ba..7413115c2 100644
--- a/ui/packages/api-client/src/api/user-v1alpha1-console-api.ts
+++ b/ui/packages/api-client/src/api/user-v1alpha1-console-api.ts
@@ -212,6 +212,88 @@ export const UserV1alpha1ConsoleApiAxiosParamCreator = function (configuration?:
 
 
     
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                options: localVarRequestOptions,
+            };
+        },
+        /**
+         * Disable user by username
+         * @param {string} username Username
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        disableUser: async (username: string, options: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'username' is not null or undefined
+            assertParamExists('disableUser', 'username', username)
+            const localVarPath = `/apis/console.api.security.halo.run/v1alpha1/users/{username}/disable`
+                .replace(`{${"username"}}`, encodeURIComponent(String(username)));
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication basicAuth required
+            // http basic authentication required
+            setBasicAuthToObject(localVarRequestOptions, configuration)
+
+            // authentication bearerAuth required
+            // http bearer authentication required
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
+
+
+    
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                options: localVarRequestOptions,
+            };
+        },
+        /**
+         * Enable user by username
+         * @param {string} username Username
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        enableUser: async (username: string, options: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'username' is not null or undefined
+            assertParamExists('enableUser', 'username', username)
+            const localVarPath = `/apis/console.api.security.halo.run/v1alpha1/users/{username}/enable`
+                .replace(`{${"username"}}`, encodeURIComponent(String(username)));
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication basicAuth required
+            // http basic authentication required
+            setBasicAuthToObject(localVarRequestOptions, configuration)
+
+            // authentication bearerAuth required
+            // http bearer authentication required
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
+
+
+    
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
@@ -699,6 +781,30 @@ export const UserV1alpha1ConsoleApiFp = function(configuration?: Configuration)
             const localVarOperationServerBasePath = operationServerMap['UserV1alpha1ConsoleApi.deleteUserAvatar']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
+        /**
+         * Disable user by username
+         * @param {string} username Username
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        async disableUser(username: string, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<User>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.disableUser(username, options);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['UserV1alpha1ConsoleApi.disableUser']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
+        /**
+         * Enable user by username
+         * @param {string} username Username
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        async enableUser(username: string, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<User>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.enableUser(username, options);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['UserV1alpha1ConsoleApi.enableUser']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
         /**
          * Get current user detail
          * @param {*} [options] Override http request option.
@@ -860,6 +966,24 @@ export const UserV1alpha1ConsoleApiFactory = function (configuration?: Configura
         deleteUserAvatar(requestParameters: UserV1alpha1ConsoleApiDeleteUserAvatarRequest, options?: RawAxiosRequestConfig): AxiosPromise<User> {
             return localVarFp.deleteUserAvatar(requestParameters.name, options).then((request) => request(axios, basePath));
         },
+        /**
+         * Disable user by username
+         * @param {UserV1alpha1ConsoleApiDisableUserRequest} requestParameters Request parameters.
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        disableUser(requestParameters: UserV1alpha1ConsoleApiDisableUserRequest, options?: RawAxiosRequestConfig): AxiosPromise<User> {
+            return localVarFp.disableUser(requestParameters.username, options).then((request) => request(axios, basePath));
+        },
+        /**
+         * Enable user by username
+         * @param {UserV1alpha1ConsoleApiEnableUserRequest} requestParameters Request parameters.
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        enableUser(requestParameters: UserV1alpha1ConsoleApiEnableUserRequest, options?: RawAxiosRequestConfig): AxiosPromise<User> {
+            return localVarFp.enableUser(requestParameters.username, options).then((request) => request(axios, basePath));
+        },
         /**
          * Get current user detail
          * @param {*} [options] Override http request option.
@@ -1006,6 +1130,34 @@ export interface UserV1alpha1ConsoleApiDeleteUserAvatarRequest {
     readonly name: string
 }
 
+/**
+ * Request parameters for disableUser operation in UserV1alpha1ConsoleApi.
+ * @export
+ * @interface UserV1alpha1ConsoleApiDisableUserRequest
+ */
+export interface UserV1alpha1ConsoleApiDisableUserRequest {
+    /**
+     * Username
+     * @type {string}
+     * @memberof UserV1alpha1ConsoleApiDisableUser
+     */
+    readonly username: string
+}
+
+/**
+ * Request parameters for enableUser operation in UserV1alpha1ConsoleApi.
+ * @export
+ * @interface UserV1alpha1ConsoleApiEnableUserRequest
+ */
+export interface UserV1alpha1ConsoleApiEnableUserRequest {
+    /**
+     * Username
+     * @type {string}
+     * @memberof UserV1alpha1ConsoleApiEnableUser
+     */
+    readonly username: string
+}
+
 /**
  * Request parameters for getPermissions operation in UserV1alpha1ConsoleApi.
  * @export
@@ -1225,6 +1377,28 @@ export class UserV1alpha1ConsoleApi extends BaseAPI {
         return UserV1alpha1ConsoleApiFp(this.configuration).deleteUserAvatar(requestParameters.name, options).then((request) => request(this.axios, this.basePath));
     }
 
+    /**
+     * Disable user by username
+     * @param {UserV1alpha1ConsoleApiDisableUserRequest} requestParameters Request parameters.
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof UserV1alpha1ConsoleApi
+     */
+    public disableUser(requestParameters: UserV1alpha1ConsoleApiDisableUserRequest, options?: RawAxiosRequestConfig) {
+        return UserV1alpha1ConsoleApiFp(this.configuration).disableUser(requestParameters.username, options).then((request) => request(this.axios, this.basePath));
+    }
+
+    /**
+     * Enable user by username
+     * @param {UserV1alpha1ConsoleApiEnableUserRequest} requestParameters Request parameters.
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof UserV1alpha1ConsoleApi
+     */
+    public enableUser(requestParameters: UserV1alpha1ConsoleApiEnableUserRequest, options?: RawAxiosRequestConfig) {
+        return UserV1alpha1ConsoleApiFp(this.configuration).enableUser(requestParameters.username, options).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * Get current user detail
      * @param {*} [options] Override http request option.
diff --git a/ui/src/locales/_missing_translations_es.yaml b/ui/src/locales/_missing_translations_es.yaml
index 562298788..7d99577de 100644
--- a/ui/src/locales/_missing_translations_es.yaml
+++ b/ui/src/locales/_missing_translations_es.yaml
@@ -242,6 +242,13 @@ core:
     actions:
       extension-point-settings: Extension settings
   user:
+    operations:
+      enable:
+        title: Enable
+        description: Are you sure you want to enable this user?
+      disable:
+        title: Disable
+        description: Are you sure you want to disable this user? This user will not be able to log in after being disabled
     grant_permission_modal:
       roles_preview:
         all: The currently selected role contains all permissions
@@ -257,6 +264,8 @@ core:
           tooltip: Verified
         email_not_verified:
           tooltip: Not verified
+    fields:
+      disabled: Disabled
   role:
     editing_modal:
       fields:
diff --git a/ui/src/locales/en.yaml b/ui/src/locales/en.yaml
index d6c5652ed..baad38d93 100644
--- a/ui/src/locales/en.yaml
+++ b/ui/src/locales/en.yaml
@@ -1018,6 +1018,14 @@ core:
         title: Change password
       grant_permission:
         title: Grant permission
+      enable:
+        title: Enable
+        description: Are you sure you want to enable this user?
+      disable:
+        title: Disable
+        description: >-
+          Are you sure you want to disable this user? This user will not be able
+          to log in after being disabled
     filters:
       role:
         label: Role
@@ -1091,6 +1099,8 @@ core:
           tooltip: Verified
         email_not_verified:
           tooltip: Not verified
+    fields:
+      disabled: Disabled
   role:
     title: Roles
     common:
diff --git a/ui/src/locales/zh-CN.yaml b/ui/src/locales/zh-CN.yaml
index 2096b94bd..23fb73cec 100644
--- a/ui/src/locales/zh-CN.yaml
+++ b/ui/src/locales/zh-CN.yaml
@@ -951,6 +951,12 @@ core:
         title: 修改密码
       grant_permission:
         title: 分配角色
+      enable:
+        title: 取消禁用
+        description: 确定取消禁用该用户吗？
+      disable:
+        title: 禁用
+        description: 确定禁用该用户吗？禁用之后该用户将无法登录系统
     filters:
       role:
         label: 角色
@@ -1021,6 +1027,8 @@ core:
           tooltip: 已验证
         email_not_verified:
           tooltip: 未验证
+    fields:
+      disabled: 已禁用
   role:
     title: 角色
     common:
diff --git a/ui/src/locales/zh-TW.yaml b/ui/src/locales/zh-TW.yaml
index 5d15ac13b..2307e140d 100644
--- a/ui/src/locales/zh-TW.yaml
+++ b/ui/src/locales/zh-TW.yaml
@@ -936,6 +936,12 @@ core:
         title: 修改密碼
       grant_permission:
         title: 分配角色
+      enable:
+        title: 取消停用
+        description: 確定要取消停用該用戶嗎？
+      disable:
+        title: 停用
+        description: 確定要停用該用戶嗎？停用後該用戶將無法登入系統
     filters:
       role:
         label: 角色
@@ -1006,6 +1012,8 @@ core:
           tooltip: 已驗證
         email_not_verified:
           tooltip: 未驗證
+    fields:
+      disabled: 已停用
   role:
     title: 角色
     common: