---
todosrht/access.py | 6 ++++--
todosrht/blueprints/html.py | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/todosrht/access.py b/todosrht/access.py
index 085500b..40d6f1a 100644
--- a/todosrht/access.py
+++ b/todosrht/access.py
@@ -1,5 +1,5 @@
from flask import abort
-from srht.oauth import current_user
+from srht.oauth import current_user, UserType
from todosrht.types import TicketAccess, UserAccess, Participant
from todosrht.types import User, Tracker, Ticket, Visibility
@@ -35,7 +35,9 @@ def get_tracker(owner, name, with_for_update=False, user=None):
if owner[0] == "~":
owner = owner[1:]
if not isinstance(owner, User):
- owner = User.query.filter(User.username == owner).one_or_none()
+ owner = (User.query
+ .filter(User.username == owner)
+ .filter(User.user_type != UserType.suspended)).one_or_none()
if not owner:
return None, None
else:
diff --git a/todosrht/blueprints/html.py b/todosrht/blueprints/html.py
index de628ca..31499f4 100644
--- a/todosrht/blueprints/html.py
+++ b/todosrht/blueprints/html.py
@@ -6,7 +6,7 @@ from todosrht.types import Event, EventNotification, EventType
from todosrht.types import User, Participant
from srht.config import cfg
from srht.database import db
-from srht.oauth import current_user, loginrequired
+from srht.oauth import current_user, loginrequired, UserType
from srht.flask import paginate_query, session
from srht.validation import Validation
from sqlalchemy import and_, or_
@@ -63,7 +63,9 @@ def index_POST():
@html.route("/~<username>")
def user_GET(username):
- user = User.query.filter(User.username == username.lower()).first()
+ user = (User.query
+ .filter(User.username == username.lower())
+ .filter(User.user_type != UserType.suspended)).first()
if not user:
abort(404)
--
2.46.0