| Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 1 | # Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style |
| 3 | # license that can be found in the LICENSE file or at |
| 4 | # https://developers.google.com/open-source/licenses/bsd |
| 5 | |
| 6 | """A class to display the a message explaining that the user has been banned. |
| 7 | |
| 8 | We can ban a user for anti-social behavior. We indicate that the user is |
| 9 | banned by adding a 'banned' field to their User PB in the DB. Whenever |
| 10 | a user with a banned indicator visits any page, AssertBasePermission() |
| 11 | checks has_banned and redirects to this page. |
| 12 | """ |
| 13 | from __future__ import print_function |
| 14 | from __future__ import division |
| 15 | from __future__ import absolute_import |
| 16 | |
| 17 | import logging |
| 18 | |
| 19 | import ezt |
| 20 | |
| Adrià Vilanova Martínez | de94280 | 2022-07-15 14:06:55 +0200 | [diff] [blame^] | 21 | from framework import flaskservlet, permissions |
| Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 22 | from framework import servlet |
| 23 | |
| 24 | |
| 25 | class Banned(servlet.Servlet): |
| 26 | """The Banned page shows a message explaining that the user is banned.""" |
| 27 | |
| 28 | _PAGE_TEMPLATE = 'framework/banned-page.ezt' |
| 29 | |
| 30 | def AssertBasePermission(self, mr): |
| 31 | """Allow banned users to see this page, and prevent non-banned users.""" |
| 32 | # Note, we do not call Servlet.AssertBasePermission because |
| 33 | # that would redirect banned users here again in an endless loop. |
| 34 | |
| 35 | # We only show this page to users who are banned. If a non-banned user |
| 36 | # follows a link to this URL, don't show the banned message, because that |
| 37 | # would lead to a big misunderstanding. |
| 38 | if not permissions.IsBanned(mr.auth.user_pb, mr.auth.user_view): |
| 39 | logging.info('non-banned user: %s', mr.auth.user_pb) |
| 40 | self.abort(404) |
| 41 | |
| 42 | def GatherPageData(self, mr): |
| 43 | """Build up a dictionary of data values to use when rendering the page.""" |
| 44 | # Aside from plus-addresses, we do not display the specific |
| 45 | # reason for banning. |
| 46 | is_plus_address = '+' in (mr.auth.user_pb.email or '') |
| 47 | |
| 48 | return { |
| 49 | 'is_plus_address': ezt.boolean(is_plus_address), |
| 50 | |
| 51 | # Make the "Sign Out" link just sign out, don't try to bring the |
| 52 | # user back to this page after they sign out. |
| 53 | 'currentPageURLEncoded': None, |
| 54 | } |
| Adrià Vilanova Martínez | de94280 | 2022-07-15 14:06:55 +0200 | [diff] [blame^] | 55 | |
| 56 | # def GetNoAccessPage(self, **kwargs): |
| 57 | # return self.handler(**kwargs) |