Is your feature request related to a problem? Please describe.
As a Janeway administrator, I need a convenient method to prevent a user from logging in or making new submissions to a Janeway journal or repository.
Describe the solution you'd like
Add new toggle option to user profile, visible in Django admin and user table: Is banned
When ticked true:
User cannot log in
User cannot make new submissions
When user tries to log in, they should receive a relevant message, e.g. Unable to log in. Please contact administrator.
Mockup
dev notes
We also want to rename "Is Active" to "Email Validated", which is what that field is being used for.
Since we want to record the reason for a ban, consider not using a bool flag, but rather a m2m to a new model that stores:
Reason: TextField
enforced: Boolfield.
actor: ForeignKey to account who created the ban (optional)
date_created: DateField with autocreate=True
site: A GenericForeign key to a child of AbstractSiteModel (ban at journal/preprint/press level)
Consider using a different name other than "ban" (e.g suspended)
When a user is banned, active sessions will need to be deleted.
Users shouldn't be able to self-ban
Superusers/admins cannot not be banned.
Add a setting that controls if editors have access to user ban powers (default to journal managers)
Is your feature request related to a problem? Please describe. As a Janeway administrator, I need a convenient method to prevent a user from logging in or making new submissions to a Janeway journal or repository.
Describe the solution you'd like Add new toggle option to user profile, visible in Django admin and user table:
Is banned
When ticked
true
:When user tries to log in, they should receive a relevant message, e.g.
Unable to log in. Please contact administrator.
Mockup
dev notes We also want to rename "Is Active" to "Email Validated", which is what that field is being used for. Since we want to record the reason for a ban, consider not using a bool flag, but rather a m2m to a new model that stores:
Consider using a different name other than "ban" (e.g suspended) When a user is banned, active sessions will need to be deleted. Users shouldn't be able to self-ban Superusers/admins cannot not be banned. Add a setting that controls if editors have access to user ban powers (default to journal managers)
We can then implement an
is_banned()
method like: