def unban_user(user_id=None): if not can_ban_user(current_user): flash(_("You do not have the permissions to unban this user."), "danger") return redirect(url_for("management.overview")) # ajax request if request.is_xhr: ids = request.get_json()["ids"] data = [] for user in jnt_models.User.query.filter(jnt_models.User.id.in_(ids)).all(): if user.unban(): data.append( { "id": user.id, "type": "unban", "reverse": "ban", "reverse_name": _("Ban"), "reverse_url": url_for("management.ban_user", user_id=user.id), } ) return jsonify(message="{} Users unbanned.".format(len(data)), category="success", data=data, status=200) user = jnt_models.User.query.filter_by(id=user_id).first_or_404() if user.unban(): flash(_("User is now unbanned."), "success") else: flash(_("Could not unban user."), "danger") return redirect(url_for("management.banned_users"))
def ban_user(user_id=None): if not can_ban_user(current_user): flash(_("You do not have the permissions to ban this user."), "danger") return redirect(url_for("management.overview")) # ajax request if request.is_xhr: ids = request.get_json()["ids"] data = [] users = jnt_models.User.query.filter(jnt_models.User.id.in_(ids)).all() for user in users: # don't let a user ban himself and do not allow a moderator to ban # a admin user if ( current_user.id == user.id or user.get_permissions()["admin"] and (current_user.permissions["mod"] or current_user.permissions["super_mod"]) ): continue elif user.ban(): data.append( { "id": user.id, "type": "ban", "reverse": "unban", "reverse_name": _("Unban"), "reverse_url": url_for("management.unban_user", user_id=user.id), } ) return jsonify(message="{} Users banned.".format(len(data)), category="success", data=data, status=200) user = jnt_models.User.query.filter_by(id=user_id).first_or_404() # Do not allow moderators to ban admins if user.get_permissions()["admin"] and (current_user.permissions["mod"] or current_user.permissions["super_mod"]): flash(_("A moderator cannot ban an admin user."), "danger") return redirect(url_for("management.overview")) if not current_user.id == user.id and user.ban(): flash(_("User is now banned."), "success") else: flash(_("Could not ban user."), "danger") return redirect(url_for("management.banned_users"))