mitsuhiko  committed ffdbfa9

Added separate column for user ban status in the user table. Also
improved the unittests to not log out from the admin panel when traversing
the links.

  • Participants
  • Parent commits 9a87fea

Comments (0)

Files changed (10)


 later be integrated into a proper update script:
 alter table user_messages add column type varchar(10) after text;
+alter table users add column type boolean after is_admin;

File solace/

         form = OpenIDRegistrationForm()
         if request.method == 'POST' and form.validate():
-            user = User(form['username'], form['email'], '!')
+            user = User(form['username'], form['email'])
             self.after_register(request, user)

File solace/default_settings.cfg

 #: in the LANGUAGE_SECTIONS list.
+#: if a user is unbanned, should he pick a new password?
 #: the languages for which sections exist.  Ideally we also have
 #: translations of the application for these languages, but if a
 #: language is missing in the UI it falls back to english.

File solace/

         return self.filter([ua.user_id],
                                               ua.locale == str(locale))))
-    def banned(self):
-        """Returns all the banned users."""
-        return self.filter_by(pw_hash=None)
 class User(RemoteObject):
     """Represents a user on the system."""
         self.real_name = u''
         self.is_admin = is_admin
         self.is_active = True
+        self.is_banned = False
         self.last_login = None
         if password is not None:
-    def is_banned(self):
-        """If the user does not have a password he's marked as banned."""
-        return self.pw_hash is None
-    @property
     def display_name(self):
         return self.real_name or self.username

File solace/

     # the email of the user.  If an external auth system is used, the
     # login code should update that information automatically on login
     Column('email', String(200), index=True),
-    # the password hash.  Probably only used for the builtin auth system.
+    # the password hash.  This might not be used by every auth system.
+    # the OpenID auth for example does not use it at all.  But also
+    # external auth systems might not store the password here.
     Column('pw_hash', String(60)),
     # the realname of the user
     Column('real_name', String(200)),
     Column('platin_badges', Integer, nullable=False),
     # true if the user is an administrator
     Column('is_admin', Boolean, nullable=False),
+    # true if the user is banned
+    Column('is_banned', Boolean, nullable=False),
     # the date of the last login
     Column('last_login', DateTime),
     # the user's activation key.  If this is NULL, the user is already

File solace/templates/admin/bans.html

   <ul class="userlist">
   {%- for user in banned_users %}
     <li>{{ render_user(user, avatar_size=26) }}
-      <span class="action">[<a href="{{ url_for('admin.unban', user=user.username)
+      <span class="action">[<a href="{{ url_for('admin.unban_user', user=user.username)
         }}">{{ _('lift the ban') }}</a>]</span>
   {%- else %}
     <li>{{ _('No users are currently banned.') }}

File solace/templates/mails/user_unbanned.txt

 Hi {{ user }}!
 Your ban on {{ site }} was lifted.
+{%- endtrans %}
+{%- if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN %}{% trans %}
 In order to login again you have to follow the following
 link and pick a new password:
-{{ reset_url }}
+{{ reset_url }}{% endtrans %}{% endif %}
-See you soon on {{ site }}
+{% trans site=settings.WEBSITE_TITLE %}See you soon on {{ site }}
 {%- endtrans %}{% endblock %}

File solace/utils/

     :copyright: (c) 2009 by Plurk Inc., see AUTHORS for more details.
     :license: BSD, see LICENSE for more details.
+from solace import settings
 from solace.i18n import _
 from solace.application import url_for
 from solace.templating import render_template
     if user.is_banned:
-    user.pw_hash = None
+    user.is_banned = True
     send_email(_(u'User account banned'),
                render_template('mails/user_banned.txt', user=user),
     if not user.is_banned:
-    # special password value that will never validate but does not
-    # trigger a "user is deativated".
-    user.pw_hash = '!'
+        user.is_active = False
+    user.is_banned = False
     reset_url = url_for('core.reset_password',,
                         key=user.password_reset_key, _external=True)
     send_email(_(u'Your ban was lifted'),

File solace/views/

 def bans(request):
     """Manages banned users"""
     form = BanUserForm()
-    query = User.query.banned()
+    query = User.query.filter_by(is_banned=True)
     pagination = Pagination(request, query, request.args.get('page', type=int))
     if request.method == 'POST' and form.validate():