From c9833dd065c77a76ba174f3a7833fb8232db703a Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Mon, 25 Mar 2019 19:44:54 -0600
Subject: [PATCH] Hide user info (reg. date, bio) if deleted/banned

---
 tildes/tildes/models/user/user.py   | 8 ++++++++
 tildes/tildes/templates/user.jinja2 | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/tildes/tildes/models/user/user.py b/tildes/tildes/models/user/user.py
index 0c575b2..f2ee7e8 100644
--- a/tildes/tildes/models/user/user.py
+++ b/tildes/tildes/models/user/user.py
@@ -177,6 +177,14 @@ class User(DatabaseModel):
         #  - only allow logged-in users to look through user history
         acl.append((Allow, Authenticated, "view_history"))
 
+        # view_info:
+        #  - can't view info (registration date, bio, etc.) for deleted/banned users
+        #  - otherwise, everyone can view
+        if self.is_banned or self.is_deleted:
+            acl.append((Deny, Everyone, "view_info"))
+
+        acl.append((Allow, Everyone, "view_info"))
+
         # message:
         #  - deleted and banned users can't be messaged
         #  - otherwise, logged-in users can message anyone except themselves
diff --git a/tildes/tildes/templates/user.jinja2 b/tildes/tildes/templates/user.jinja2
index 9a75569..4e05c24 100644
--- a/tildes/tildes/templates/user.jinja2
+++ b/tildes/tildes/templates/user.jinja2
@@ -116,6 +116,7 @@
 <hr>
 {% endif %}
 
+{% if request.has_permission("view_info", user) %}
 <h2>User info</h2>
 <dl>
   <dt>Registered</dt>
@@ -128,6 +129,7 @@
     </div>
   {% endif %}
 </dl>
+{% endif %}
 
 {% if request.has_permission('message', user) %}
   <a href="/user/{{ user.username }}/new_message" class="btn btn-primary">Send a private message</a>