From 2966203653c16013281af5bc1e6260e73fff4571 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Mon, 16 Aug 2021 16:51:08 -0400 Subject: [PATCH] Don't allow deleted users to do actions. Fixes #1656 (#1704) --- crates/api_common/src/lib.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crates/api_common/src/lib.rs b/crates/api_common/src/lib.rs index 4e3cd751..1f62a8f3 100644 --- a/crates/api_common/src/lib.rs +++ b/crates/api_common/src/lib.rs @@ -272,6 +272,11 @@ pub async fn get_local_user_view_from_jwt( return Err(ApiError::err("site_ban").into()); } + // Check for user deletion + if local_user_view.person.deleted { + return Err(ApiError::err("deleted").into()); + } + check_validator_time(&local_user_view.local_user.validator_time, &claims)?; Ok(local_user_view) -- 2.44.1