framework/banned.py

# Copyright 2016 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

"""A class to display the a message explaining that the user has been banned.

We can ban a user for anti-social behavior.  We indicate that the user is
banned by adding a 'banned' field to their User PB in the DB.  Whenever
a user with a banned indicator visits any page, AssertBasePermission()
checks has_banned and redirects to this page.
"""
from __future__ import print_function
from __future__ import division
from __future__ import absolute_import

import logging

import ezt

from framework import permissions
from framework import servlet


class Banned(servlet.Servlet):
  """The Banned page shows a message explaining that the user is banned."""

  _PAGE_TEMPLATE = 'framework/banned-page.ezt'

  def AssertBasePermission(self, mr):
    """Allow banned users to see this page, and prevent non-banned users."""
    # Note, we do not call Servlet.AssertBasePermission because
    # that would redirect banned users here again in an endless loop.

    # We only show this page to users who are banned.  If a non-banned user
    # follows a link to this URL, don't show the banned message, because that
    # would lead to a big misunderstanding.
    if not permissions.IsBanned(mr.auth.user_pb, mr.auth.user_view):
      logging.info('non-banned user: %s', mr.auth.user_pb)
      self.abort(404)

  def GatherPageData(self, mr):
    """Build up a dictionary of data values to use when rendering the page."""
    # Aside from plus-addresses, we do not display the specific
    # reason for banning.
    is_plus_address = '+' in (mr.auth.user_pb.email or '')

    return {
        'is_plus_address': ezt.boolean(is_plus_address),

        # Make the "Sign Out" link just sign out, don't try to bring the
        # user back to this page after they sign out.
        'currentPageURLEncoded': None,
        }

  def GetNoAccessPage(self, **kwargs):
    return self.handler(**kwargs)