list of peole works, user enabled move to people

apiV1Avatar.go

 			avatar = defaultAvatar // production mode
 		}
 	}
+	if avatar == "" { // to prevent empty avatar  in case of db error
+		avatar = defaultAvatar
+	}
 
 	// Data is the base64 encoded image
 	// The actual image starts after the ","

apiV1BrokerList.go

 
 	ue := UserExtra{}
 	ue.Login = ""
-	ue.Enabled = false
 	ue.License = ""
 	ue.Organization = ""
 	ue.BSB = ""
 
 	ue := UserExtra{}
 	ue.Login = b.Login
-	ue.Enabled = b.Enabled
 	ue.Role = "broker"
 	ue.License = b.License
 	ue.Organization = b.Organization

apiV1PeopleList.go

 	p.First = input.First
 	p.Last = input.Last
 	p.Display = input.Display
+	p.Enabled = input.Enabled
 
 	if ss.GetRole() == "admin" {
 		p.Title = input.Title
 		u := loan.User{}
 		e := u.Read(id)
 		ret.Login = u.Login
-		ret.Enabled = u.Enabled
 
 		if e != nil {
 			log.Error("cannot find user by id", id)
 			return
 		}
 		ret.Login = b.Login
-		ret.Enabled = b.Enabled
 		ret.BSB = b.BSB
 		ret.ACC = b.ACC
 		ret.Organization = b.Organization
 		u := loan.User{}
 		e := u.Read(id)
 		ret.Login = u.Login
-		ret.Enabled = u.Enabled
 
 		if e != nil {
 			log.Error("cannot find admin by id", id)

apiV1User.go

 	"encoding/json"
 	"github.com/brianvoe/gofakeit/v6"
 	log "github.com/sirupsen/logrus"
+	"io/ioutil"
 	"net/http"
 )
 
 type UserExtra struct {
-	Enabled      bool
 	Login        string
 	BSB          string
 	ACC          string
 
 	ue := UserExtra{}
 	ue.Login = u.Login
-	ue.Enabled = u.Enabled
 	ue.Role = "user"
 	ue.License = ""
 	ue.Organization = ""
 
 	ue := UserExtra{}
 	ue.Login = ""
-	ue.Enabled = false
 	ue.Role = "people"
 	ue.License = ""
 	ue.Organization = ""
 			return
 		}
 
-		u.Enabled = input.Enabled
 		u.Login = input.Login
 
 		e = u.Write()
 		}
 	}
 }
+
+func apiV1UserEnable(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
+	id := r.URL.Path[len(apiV1Prefix+"user-enable/"):] //remove prefix
+	p := loan.People{}
+
+	body, e := ioutil.ReadAll(r.Body)
+	if e != nil {
+		log.Error("invalid request body for enable/disable people ", id, " err= ", e.Error())
+		apiV1Client403Error(w, r, ss)
+		return
+	}
+
+	e = p.Read(id)
+	if e != nil {
+		log.Error("failed to read user by id ", id, e.Error())
+		apiV1Client403Error(w, r, ss)
+		return
+	}
+
+	p.Enabled = string(body) == "true"
+	if id == "0" {
+		p.Enabled = true
+	} // can not disable default admin
+
+	e = p.Write()
+	if e != nil {
+		log.Error("failed to enable user ", id, e.Error())
+		apiV1Client403Error(w, r, ss)
+		return
+	}
+	apiV1SendJson(p.Enabled, w, r, ss)
+}

apiV1login.go

 func getUserExtraForLogin(u loan.User, ss *loan.Session) (ret UserExtra) {
 	if ss.GetRole() == "user" {
 		ret = UserExtra{
-			Enabled:      true,
 			Login:        u.Login,
 			BSB:          "",
 			ACC:          "",
 			log.Error("fail to retrieve broker for session ", ss, e.Error())
 		} else {
 			ret = UserExtra{
-				Enabled:      broker.Enabled,
 				Login:        broker.Login,
 				BSB:          broker.BSB,
 				ACC:          broker.ACC,
 
 	if ss.GetRole() == "admin" {
 		ret = UserExtra{
-			Enabled:      true,
 			Login:        u.Login,
 			BSB:          "",
 			ACC:          "",

apiv1.go

 			{"POST", "user/", apiV1UserPost},
 			{"PUT", "user/", apiV1UserPut},
 			{"DELETE", "user/", apiV1UserDelete},
+			{"POST", "user-enable/", apiV1UserEnable},
 
 			{"GET", "broker/", apiV1BrokerGet},
 			{"POST", "broker/", apiV1BrokerPost},
 			{"POST", "user/", apiV1UserPost},
 			{"PUT", "user/", apiV1UserPut},
 			{"DELETE", "user/", apiV1UserDelete},
+			{"POST", "user-enable/", apiV1UserEnable},
 
 			{"GET", "broker/", apiV1BrokerGet},
 			{"POST", "broker/", apiV1BrokerPost},