4 files changed, 40 insertions, 17 deletions

diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index 49667017e..ca4dd9045 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: admin_user_controller.rb,v 1.9 2009-01-29 12:10:10 francis Exp $
+# $Id: admin_user_controller.rb,v 1.10 2009-03-09 01:17:04 francis Exp $
 
 class AdminUserController < AdminController
     def index
@@ -34,6 +34,7 @@ class AdminUserController < AdminController
         @admin_user.name = params[:admin_user][:name]
         @admin_user.email = params[:admin_user][:email]
         @admin_user.admin_level = params[:admin_user][:admin_level]
+        @admin_user.ban_text = params[:admin_user][:ban_text]
 
         if @admin_user.valid?
             @admin_user.save!
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index 26c475569..dfa31f9ef 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: comment_controller.rb,v 1.8 2008-11-17 17:08:33 francis Exp $
+# $Id: comment_controller.rb,v 1.9 2009-03-09 01:17:04 francis Exp $
 
 class CommentController < ApplicationController
     
@@ -22,6 +22,13 @@ class CommentController < ApplicationController
             raise "Unknown type " + params[:type]
         end
 
+        # Banned from adding comments?
+        if !authenticated_user.nil? && !authenticated_user.can_make_comments?
+            @details = authenticated_user.can_fail_html
+            render :template => 'user/banned'
+            return
+        end
+
         if params[:comment]
             # XXX this check should theoretically be a validation rule in the model
             @existing_comment = Comment.find_by_existing_comment(@info_request.id, params[:comment][:body])
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index e2b57b90d..34e6d1aa6 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: request_controller.rb,v 1.150 2009-03-07 01:16:18 francis Exp $
+# $Id: request_controller.rb,v 1.151 2009-03-09 01:17:04 francis Exp $
 
 class RequestController < ApplicationController
     
@@ -124,6 +124,13 @@ class RequestController < ApplicationController
             end
         end
 
+        # Banned from making new requests?
+        if !authenticated_user.nil? && !authenticated_user.can_file_requests?
+            @details = authenticated_user.can_fail_html
+            render :template => 'user/banned'
+            return
+        end
+
         # First time we get to the page, just display it
         if params[:submitted_new_request].nil? || params[:reedit]
             # Read parameters in - public body must be passed in
@@ -199,25 +206,26 @@ class RequestController < ApplicationController
             return
         end
 
-        if authenticated?(
+        if !authenticated?(
                 :web => "To send your FOI request",
                 :email => "Then your FOI request to " + @info_request.public_body.name + " will be sent.",
                 :email_subject => "Confirm your FOI request to " + @info_request.public_body.name
             )
-            @info_request.user = authenticated_user
-            # This automatically saves dependent objects, such as @outgoing_message, in the same transaction
-            @info_request.save!
-            # XXX send_message needs the database id, so we send after saving, which isn't ideal if the request broke here.
-            @outgoing_message.send_message
-            flash[:notice] = "<p>Your " + @info_request.law_used_full + " request has been <strong>sent on its way</strong>!</p>
-                <p><strong>We will email you</strong> when there is a response, or after 20 working days if the authority still hasn't
-                replied by then.</p>
-                <p>If you write about this request (for example in a forum or a blog) please link to this page, and add an 
-                annotation below telling people about your writing.</p>"
-            redirect_to request_url(@info_request)
-        else
             # do nothing - as "authenticated?" has done the redirect to signin page for us
+            return
         end
+
+        @info_request.user = authenticated_user
+        # This automatically saves dependent objects, such as @outgoing_message, in the same transaction
+        @info_request.save!
+        # XXX send_message needs the database id, so we send after saving, which isn't ideal if the request broke here.
+        @outgoing_message.send_message
+        flash[:notice] = "<p>Your " + @info_request.law_used_full + " request has been <strong>sent on its way</strong>!</p>
+            <p><strong>We will email you</strong> when there is a response, or after 20 working days if the authority still hasn't
+            replied by then.</p>
+            <p>If you write about this request (for example in a forum or a blog) please link to this page, and add an 
+            annotation below telling people about your writing.</p>"
+        redirect_to request_url(@info_request)
     end
 
     # Submitted to the describing state of messages form
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index a443d3e7d..38ebd076f 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: user_controller.rb,v 1.62 2009-03-05 19:09:47 francis Exp $
+# $Id: user_controller.rb,v 1.63 2009-03-09 01:17:04 francis Exp $
 
 class UserController < ApplicationController
     # Show page about a user
@@ -219,6 +219,13 @@ class UserController < ApplicationController
     def contact
         @recipient_user = User.find(params[:id])
 
+        # Banned from messaging users?
+        if !authenticated_user.nil? && !authenticated_user.can_contact_other_users?
+            @details = authenticated_user.can_fail_html
+            render :template => 'user/banned'
+            return
+        end
+
         # You *must* be logged into send a message to another user. (This is
         # partly to avoid spam, and partly to have some equanimity of openess
         # between the two users)