def ban(event):
r = event.request
ip_ban = queries.list_bans(ip = r.remote_addr)
if 'logged_in' in r.session:
username_ban = queries.list_bans(username = queries.get_user_by_id(r.session['users.id']).name)
else:
username_ban = False
if ip_ban or username_ban:
raise httpexceptions.HTTPForbidden
def ban(request):
r = request
s = request.session
p = s['safe_post']
if 'logged_in_admin' not in s:
return HTTPNotFound()
if 'ip' in p:
if p['ip'].strip() == '':
ip = None
else:
ip = p['ip']
if p['username'].strip() == '':
username = None
user_id = None
else:
username = p['username']
if p['duration'].strip() == 'infinite':
duration = None
else:
duration = "timedelta({0})".format(p['duration'])
duration = eval(duration)
if username:
user_id = queries.get_user_by_name(username).id
b = Ban(ip = ip, username = username, duration = duration, user_id = user_id, added_by = s['users.id'])
dbsession = DBSession()
dbsession.add(b)
bans = queries.list_bans()
return {'bans': bans}