User account needs flag to prevent login/activity (user ban)

[alainna]

Is your feature request related to a problem? Please describe. As a Janeway administrator, I need a convenient method to prevent a user from logging in or making new submissions to a Janeway journal or repository.

Describe the solution you'd like Add new toggle option to user profile, visible in Django admin and user table: Is banned

When ticked true:

• User cannot log in
• User cannot make new submissions

When user tries to log in, they should receive a relevant message, e.g. Unable to log in. Please contact administrator.

Mockup

dev notes We also want to rename "Is Active" to "Email Validated", which is what that field is being used for. Since we want to record the reason for a ban, consider not using a bool flag, but rather a m2m to a new model that stores:

• Reason: TextField
• enforced: Boolfield.
• actor: ForeignKey to account who created the ban (optional)
• date_created: DateField with autocreate=True
• site: A GenericForeign key to a child of AbstractSiteModel (ban at journal/preprint/press level)

• Consider using a different name other than "ban" (e.g suspended) When a user is banned, active sessions will need to be deleted. Users shouldn't be able to self-ban Superusers/admins cannot not be banned. Add a setting that controls if editors have access to user ban powers (default to journal managers)

We can then implement an is_banned() method like:

def is_banned(self, site):
   return any(self.banreason_set.filter(enforced=True, site=site))

[mauromsl]

Thanks @alainna

We have triaged this issue and added some development notes, open to comments if you want to expand on them.