Browse Source

Prevent sending private messages to banned users

merge-requests/53/head
Deimos 6 years ago
parent
commit
24f2ad47f4
  1. 8
      tildes/tildes/models/user/user.py

8
tildes/tildes/models/user/user.py

@ -137,9 +137,11 @@ class User(DatabaseModel):
acl.append((Allow, Everyone, "view")) acl.append((Allow, Everyone, "view"))
# message: # message:
# - anyone can message a user except themself
acl.append((Deny, self.user_id, "message"))
acl.append((Allow, Authenticated, "message"))
# - banned users can't be messaged
# - otherwise, anyone can message a user except themself
if not self.is_banned:
acl.append((Deny, self.user_id, "message"))
acl.append((Allow, Authenticated, "message"))
# grant the user all other permissions on themself # grant the user all other permissions on themself
acl.append((Allow, self.user_id, ALL_PERMISSIONS)) acl.append((Allow, self.user_id, ALL_PERMISSIONS))

Loading…
Cancel
Save