Need a better ban hammer

Author: JasonBarnabe

app/controllers/application_controller.rb

@@ -17,7 +17,7 @@ def refresh_user_from_cookie
 		return unless session[:user_id].nil?
 		user = User.where(:token => cookies[:login]).first
 		if !user.nil?
-			session[:user_id] = user.id
+			sign_in(user)
 			#restart the clock
 			cookies[:login] = { :value => cookies[:login], :expires => 2.weeks.from_now, :domain => COOKIE_DOMAIN}
 		end
@@ -93,6 +93,14 @@ def fake_style(style)
 		return style
 	end
 
+	def sign_in(user)
+		if user.banned
+			flash[:alert] = 'You have been banned.'
+		else
+			session[:user_id] = user.id
+		end
+	end
+
 private
 
 	# User authentication. Controllers are expected to define the following methods:
@@ -115,13 +123,21 @@ def authenticate
 			end
 			return
 		end
-		
+
+		user = User.find(session[:user_id])
+		if user.banned
+			flash[:alert] = 'You have been banned.'
+			session[:user_id] = nil
+			redirect_to '/'
+			return
+		end
+
 		# admin only stuff
 		if admin_action?
 			handle_access_denied unless verify_admin_action
 			return
 		end
-		
+
 		# regular user stuff
 		if !verify_private_action(session[:user_id]) and !verify_admin_action
 			handle_access_denied

app/controllers/login_controller.rb

@@ -22,7 +22,7 @@ def forum
 	end
 
 	def login_as
-		session[:user_id] = User.find(params[:id]).id
+		sign_in(User.find(params[:id]))
 		redirect_to '/'
 	end
 
@@ -31,7 +31,7 @@ def authenticate_normal
 			# Only validate if the user was previously valid. some people may have bad data and if we
 			# validate them, they can't log in.
 			user_was_valid = user.valid?
-			session[:user_id] = user.id
+			sign_in(user)
 			remember = params[:remember] == "true"
 			if remember
 				if user.token.nil?
@@ -110,7 +110,7 @@ def authenticate_openid_complete
 					end
 					cookies[:login] = { :value => user.token, :expires => 2.weeks.from_now, :domain => COOKIE_DOMAIN}
 				end
-				session[:user_id] = user.id
+				sign_in(user.id)
 				go_to_return_to()
 			else
 				session[:temp_login_details] = {:provider_identifier => ua.provider_identifier, :email => sreg['email'], :name => sreg['nickname'], :provider => ua.provider, :url => ua.url}
@@ -159,7 +159,7 @@ def authenticate_openid_complete
 		end
 		user.ip = request.remote_ip()
 		user.save(:validate => user_was_valid)
-		session[:user_id] = user.id
+		sign_in(user)
 		go_to_return_to
 	end
 
@@ -199,7 +199,7 @@ def resolve_name_conflict
 
 		if @user.save
 			session[:temp_login_details] = nil
-			session[:user_id] = @user.id
+			sign_in(@user)
 			go_to_return_to()
 			return
 		end
@@ -235,7 +235,7 @@ def resolve_name_required
 
 		if @user.save
 			session[:temp_login_details] = nil
-			session[:user_id] = @user.id
+			sign_in(@user)
 			go_to_return_to()
 			return
 		end
@@ -371,7 +371,7 @@ def omniauth_callback
 				end
 				return
 			end
-			session[:user_id] = user.id
+			sign_in(user)
 			if !return_to.nil?
 				redirect_to return_to
 			else
@@ -421,7 +421,7 @@ def omniauth_callback
 			handle_omniauth_failure(user.errors.full_messages.join(', '))
 			return
 		end
-		session[:user_id] = user.id
+		sign_in(user)
 		if !return_to.nil?
 			redirect_to return_to
 		else
@@ -471,10 +471,12 @@ def go_to_return_to
 			return_to = params[:return_to]
 		end
 		if return_to.nil?
-			logger.info("No return to URL, going to user page")
-			redirect_to(:controller => "users", :action => "show", :id => session[:user_id]) 
+			if session[:user_id]
+				redirect_to(:controller => "users", :action => "show", :id => session[:user_id]) 
+			else
+				redirect_to('/') 
+			end
 		else
-			logger.info("Going to return to URL - " + return_to)
 			session[:return_to] = nil
 			redirect_to(return_to)
 		end

app/controllers/styles_controller.rb

@@ -467,6 +467,7 @@ def admin_delete_save
 		end
 		@style.obsoleting_style_id = params[:style][:obsoleting_style_id]
 		@style.save(validate: false)
+		@style.user.update_attribute(:banned, true) if params['ban_user'] == '1'
 		redirect_to(:action => "show", :id => @style.id, :r => Time.now.to_i)
 	end
 

app/controllers/users_controller.rb

@@ -112,7 +112,7 @@ def create
 		if @return_to.nil?
 			@return_to = session[:return_to]
 		end
-		session[:user_id] = @user.id
+		sign_in(@user)
 		if @return_to.nil?
 			redirect_to(:action => "show", :id => @user.id)
 		else

app/views/styles/admin_delete.html.erb

@@ -20,7 +20,12 @@
 		<label for="obsoleting-style-id">Superceded by (ID)</label>
 		<input id="obsoleting-style-id" name="style[obsoleting_style_id]" value="<%=h @style.obsoleting_style_id%>">
 	</p>
-	
+
+	<p>
+		<label for="ban-user">Ban user?</label>
+		<input type="checkbox" id="ban-user" name="ban_user" value="1">
+	</p>
+
 	<p>
 		<input type="hidden" name="id" value="<%=@style.id%>">
 		<input type="submit" value="Delete">

db/migrate/20150926003535_add_user_ban_flag.rb

@@ -0,0 +1,5 @@
+class AddUserBanFlag < ActiveRecord::Migration
+	def change
+		add_column :users, :banned, :boolean, default: false, null: false
+	end
+end