First version of blocking feature. Allows both time-based (for map protection) and notice-based (for education) blocks on users. Also introduces user roles and a simple UI for displaying and administering these.

app/models/user.rb

@@ -14,6 +14,9 @@ class User < ActiveRecord::Base
   has_many :client_applications
   has_many :oauth_tokens, :class_name => "OauthToken", :order => "authorized_at desc", :include => [:client_application]
 
+  has_many :blocks, :class_name => "UserBlock", :conditions => ["user_blocks.end_at > now() or user_blocks.needs_view"]
+  has_many :roles, :class_name => "UserRole"
+
   validates_presence_of :email, :display_name
   validates_confirmation_of :email#, :message => ' addresses must match'
   validates_confirmation_of :pass_crypt#, :message => ' must match the confirmation password'
@@ -125,6 +128,31 @@ class User < ActiveRecord::Base
     return false
   end
 
+  ##
+  # returns true if the user has the moderator role, false otherwise
+  def moderator?
+    has_role? 'moderator'
+  end
+
+  ##
+  # returns true if the user has the moderator role, false otherwise
+  def administrator?
+    has_role? 'administrator'
+  end
+
+  ##
+  # returns true if the user has the requested role
+  def has_role?(role)
+    roles.inject(false) { |x, r| x or r.role == role }
+  end
+
+  ##
+  # returns the first active block which would require users to view 
+  # a message, or nil if there are none.
+  def blocked_on_view
+    blocks.inject(nil) { |s,x| s || (x.needs_view? ? x : nil) }
+  end
+
   def delete
     self.active = false
     self.display_name = "user_#{self.id}"

app/models/user_block.rb

@@ -0,0 +1,36 @@
+class UserBlock < ActiveRecord::Base
+  validate :moderator_permissions
+
+  belongs_to :user, :class_name => "User", :foreign_key => :user_id
+  belongs_to :moderator, :class_name => "User", :foreign_key => :moderator_id
+  belongs_to :revoker, :class_name => "User", :foreign_key => :revoker_id
+  
+  PERIODS = [0, 1, 3, 6, 12, 24, 48, 96]
+
+  ##
+  # returns true if the block is currently active (i.e: the user can't
+  # use the API).
+  def active?
+    needs_view or end_at > Time.now.getutc
+  end
+
+  ##
+  # revokes the block, allowing the user to use the API again. the argument
+  # is the user object who is revoking the ban.
+  def revoke!(revoker)
+    attrs = { :end_at => Time.now.getutc(),
+              :revoker_id => @user.id,
+              :needs_view => false }
+    revoker.moderator? and update_attributes(attrs)
+  end
+
+  private
+  ##
+  # validate that only moderators are allowed to change the
+  # block. this should be caught and dealt with in the controller,
+  # but i've also included it here just in case.
+  def moderator_permissions
+    errors.add_to_base("Must be a moderator to create or update a block.") if moderator_id_changed? and !moderator.moderator?
+    errors.add_to_base("Must be a moderator to revoke a block.") unless revoker_id.nil? or revoker.moderator?
+  end
+end

app/models/user_role.rb

@@ -0,0 +1,8 @@
+class UserRole < ActiveRecord::Base
+
+  ALL_ROLES = ['administrator', 'moderator']
+
+  validates_inclusion_of :role, :in => ALL_ROLES
+  belongs_to :user
+
+end