From 24f2ad47f4e7591ff1619154c81d856200b6d5ec Mon Sep 17 00:00:00 2001 From: Deimos Date: Tue, 13 Nov 2018 18:15:12 -0700 Subject: [PATCH] Prevent sending private messages to banned users --- tildes/tildes/models/user/user.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tildes/tildes/models/user/user.py b/tildes/tildes/models/user/user.py index 2302fb8..2ffd55f 100644 --- a/tildes/tildes/models/user/user.py +++ b/tildes/tildes/models/user/user.py @@ -137,9 +137,11 @@ class User(DatabaseModel): acl.append((Allow, Everyone, "view")) # message: - # - anyone can message a user except themself - acl.append((Deny, self.user_id, "message")) - acl.append((Allow, Authenticated, "message")) + # - banned users can't be messaged + # - otherwise, anyone can message a user except themself + if not self.is_banned: + acl.append((Deny, self.user_id, "message")) + acl.append((Allow, Authenticated, "message")) # grant the user all other permissions on themself acl.append((Allow, self.user_id, ALL_PERMISSIONS))