def ban(event):
r = event.request
ip_ban = general.list_bans(ip = r.remote_addr)
if 'logged_in' in r.session:
username_ban = general.list_bans(username = users.get_user_by_id(r.session['users.id']).name)
else:
username_ban = False
if ip_ban or username_ban:
raise httpexceptions.HTTPForbidden
def ban(request):
r = request
s = request.session
p = s['safe_post']
if 'logged_in_admin' not in s or s['logged_in_admin'] == False:
return HTTPNotFound()
if 'ip' in p:
if p['ip'].strip() == '':
ip = None
else:
ip = p['ip']
if p['username'].strip() == '':
username = None
user_id = None
else:
username = p['username']
if p['duration'].strip() == 'infinite':
duration = None
else:
duration = "timedelta({0})".format(p['duration'])
duration = eval(duration)
if username:
user_id = users.get_user_by_name(username).id
b = Ban(ip=ip,
username=username,
duration=duration,
user_id=user_id,
added_by=s['users.id'])
dbsession = DBSession()
dbsession.add(b)
bans = general.list_bans()
return {'bans': bans}