Prevent sending private messages to banned users

tildes/tildes/models/user/user.py

@@ -137,7 +137,9 @@ class User(DatabaseModel):
         acl.append((Allow, Everyone, "view"))
 
         # message:
-        #  - anyone can message a user except themself
+        #  - banned users can't be messaged
+        #  - otherwise, anyone can message a user except themself
+        if not self.is_banned:
             acl.append((Deny, self.user_id, "message"))
             acl.append((Allow, Authenticated, "message"))