From 24f2ad47f4e7591ff1619154c81d856200b6d5ec Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Tue, 13 Nov 2018 18:15:12 -0700
Subject: [PATCH] Prevent sending private messages to banned users

---
 tildes/tildes/models/user/user.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tildes/tildes/models/user/user.py b/tildes/tildes/models/user/user.py
index 2302fb8..2ffd55f 100644
--- a/tildes/tildes/models/user/user.py
+++ b/tildes/tildes/models/user/user.py
@@ -137,9 +137,11 @@ class User(DatabaseModel):
         acl.append((Allow, Everyone, "view"))
 
         # message:
-        #  - anyone can message a user except themself
-        acl.append((Deny, self.user_id, "message"))
-        acl.append((Allow, Authenticated, "message"))
+        #  - banned users can't be messaged
+        #  - otherwise, anyone can message a user except themself
+        if not self.is_banned:
+            acl.append((Deny, self.user_id, "message"))
+            acl.append((Allow, Authenticated, "message"))
 
         # grant the user all other permissions on themself
         acl.append((Allow, self.user_id, ALL_PERMISSIONS))