refactor(projects): remove project membership access model
This commit is contained in:
@@ -1,11 +1,9 @@
|
||||
from rest_framework import permissions
|
||||
|
||||
from apps.projects.models import ProjectMembership
|
||||
from apps.workspaces.services import (
|
||||
PROJECTS_EDIT,
|
||||
PROJECTS_VIEW,
|
||||
PROJECT_MEMBERS_CHANGE_ROLE,
|
||||
has_project_capability,
|
||||
has_workspace_capability,
|
||||
)
|
||||
|
||||
|
||||
@@ -17,9 +15,9 @@ def get_project_from_obj(obj):
|
||||
|
||||
|
||||
class IsProjectMember(permissions.BasePermission):
|
||||
"""
|
||||
Allows access only to users who have an active membership in the project.
|
||||
"""
|
||||
"""
|
||||
Allows access to users who can view projects in the parent workspace.
|
||||
"""
|
||||
message = "شما عضو این پروژه نیستید."
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
@@ -27,13 +25,13 @@ class IsProjectMember(permissions.BasePermission):
|
||||
return False
|
||||
|
||||
project = get_project_from_obj(obj)
|
||||
return has_project_capability(request.user, project, PROJECTS_VIEW)
|
||||
return has_workspace_capability(request.user, project.workspace, PROJECTS_VIEW)
|
||||
|
||||
|
||||
class IsProjectManager(permissions.BasePermission):
|
||||
"""
|
||||
Allows access only to users who are active MANAGERs of the project.
|
||||
"""
|
||||
"""
|
||||
Allows access to users who can manage projects in the parent workspace.
|
||||
"""
|
||||
message = "فقط مدیران پروژه مجاز به انجام این عملیات هستند."
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
@@ -41,19 +39,4 @@ class IsProjectManager(permissions.BasePermission):
|
||||
return False
|
||||
|
||||
project = get_project_from_obj(obj)
|
||||
return has_project_capability(request.user, project, PROJECTS_EDIT)
|
||||
|
||||
|
||||
class CanManageProjectMembers(permissions.BasePermission):
|
||||
message = "Only authorized users can manage project memberships."
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if not request.user or not request.user.is_authenticated:
|
||||
return False
|
||||
|
||||
project = get_project_from_obj(obj)
|
||||
return has_project_capability(
|
||||
request.user,
|
||||
project,
|
||||
PROJECT_MEMBERS_CHANGE_ROLE,
|
||||
)
|
||||
return has_workspace_capability(request.user, project.workspace, PROJECTS_EDIT)
|
||||
|
||||
@@ -1,97 +1,42 @@
|
||||
from rest_framework import serializers
|
||||
from core.serializers.base import BaseModelSerializer
|
||||
from apps.projects.models import (
|
||||
Project,
|
||||
ProjectMembership,
|
||||
)
|
||||
from core.serializers.mini import UserMiniSerializer
|
||||
|
||||
|
||||
class ProjectMemberInputSerializer(serializers.Serializer):
|
||||
user_id = serializers.UUIDField()
|
||||
role = serializers.ChoiceField(choices=ProjectMembership.Role.choices, default=ProjectMembership.Role.MEMBER)
|
||||
|
||||
|
||||
class ProjectSerializer(BaseModelSerializer):
|
||||
my_role = serializers.SerializerMethodField()
|
||||
members = serializers.SerializerMethodField()
|
||||
|
||||
class Meta:
|
||||
model = Project
|
||||
fields = BaseModelSerializer.Meta.fields + (
|
||||
"workspace",
|
||||
"name",
|
||||
"client",
|
||||
"description",
|
||||
"is_archived",
|
||||
"color",
|
||||
"my_role",
|
||||
"members",
|
||||
)
|
||||
read_only_fields = fields
|
||||
|
||||
def get_my_role(self, obj):
|
||||
request = self.context.get("request")
|
||||
if not request or not request.user.is_authenticated:
|
||||
return None
|
||||
membership = obj.memberships.filter(user=request.user, is_active=True, is_deleted=False).first()
|
||||
return getattr(membership, "role", None)
|
||||
|
||||
def get_members(self, obj):
|
||||
"""
|
||||
Returns active project members in the response
|
||||
"""
|
||||
active_memberships = obj.memberships.filter(is_active=True, is_deleted=False)
|
||||
return ProjectMembershipSerializer(active_memberships, many=True).data
|
||||
|
||||
def to_representation(self, instance):
|
||||
representation = super().to_representation(instance)
|
||||
if instance.client:
|
||||
representation['client'] = {
|
||||
from apps.projects.models import Project
|
||||
|
||||
|
||||
class ProjectSerializer(BaseModelSerializer):
|
||||
class Meta:
|
||||
model = Project
|
||||
fields = BaseModelSerializer.Meta.fields + (
|
||||
"workspace",
|
||||
"name",
|
||||
"client",
|
||||
"description",
|
||||
"is_archived",
|
||||
"color",
|
||||
)
|
||||
read_only_fields = fields
|
||||
|
||||
def to_representation(self, instance):
|
||||
representation = super().to_representation(instance)
|
||||
if instance.client:
|
||||
representation['client'] = {
|
||||
'id': instance.client.id,
|
||||
'name': instance.client.name
|
||||
}
|
||||
return representation
|
||||
|
||||
|
||||
class ProjectCreateSerializer(serializers.Serializer):
|
||||
workspace = serializers.UUIDField()
|
||||
name = serializers.CharField(max_length=255)
|
||||
client = serializers.UUIDField(required=False, allow_null=True)
|
||||
description = serializers.CharField(required=False, allow_blank=True, default="")
|
||||
color = serializers.CharField(max_length=7, required=False, allow_blank=True, default="")
|
||||
members = ProjectMemberInputSerializer(many=True, required=False)
|
||||
|
||||
|
||||
class ProjectUpdateSerializer(serializers.Serializer):
|
||||
name = serializers.CharField(max_length=255, required=False)
|
||||
client = serializers.UUIDField(required=False, allow_null=True)
|
||||
description = serializers.CharField(required=False, allow_blank=True)
|
||||
color = serializers.CharField(max_length=7, required=False, allow_blank=True)
|
||||
is_archived = serializers.BooleanField(required=False)
|
||||
members = ProjectMemberInputSerializer(many=True, required=False)
|
||||
|
||||
class ProjectMembershipSerializer(BaseModelSerializer):
|
||||
user_details = UserMiniSerializer(read_only=True)
|
||||
|
||||
class Meta:
|
||||
model = ProjectMembership
|
||||
fields = BaseModelSerializer.Meta.fields + (
|
||||
"project",
|
||||
"user",
|
||||
"user_details",
|
||||
"role",
|
||||
"is_active",
|
||||
)
|
||||
read_only_fields = fields
|
||||
|
||||
|
||||
class ProjectMembershipCreateSerializer(serializers.Serializer):
|
||||
project_id = serializers.UUIDField()
|
||||
user_id = serializers.UUIDField()
|
||||
role = serializers.ChoiceField(choices=ProjectMembership.Role.choices)
|
||||
|
||||
|
||||
class ProjectMembershipUpdateSerializer(serializers.Serializer):
|
||||
role = serializers.ChoiceField(choices=ProjectMembership.Role.choices, required=False)
|
||||
is_active = serializers.BooleanField(required=False)
|
||||
class ProjectCreateSerializer(serializers.Serializer):
|
||||
workspace = serializers.UUIDField()
|
||||
name = serializers.CharField(max_length=255)
|
||||
client = serializers.UUIDField(required=False, allow_null=True)
|
||||
description = serializers.CharField(required=False, allow_blank=True, default="")
|
||||
color = serializers.CharField(max_length=7, required=False, allow_blank=True, default="")
|
||||
|
||||
|
||||
class ProjectUpdateSerializer(serializers.Serializer):
|
||||
name = serializers.CharField(max_length=255, required=False)
|
||||
client = serializers.UUIDField(required=False, allow_null=True)
|
||||
description = serializers.CharField(required=False, allow_blank=True)
|
||||
color = serializers.CharField(max_length=7, required=False, allow_blank=True)
|
||||
is_archived = serializers.BooleanField(required=False)
|
||||
|
||||
@@ -1,16 +1,12 @@
|
||||
from django.urls import path, include
|
||||
from rest_framework.routers import DefaultRouter
|
||||
|
||||
from apps.projects.api.views import (
|
||||
ProjectViewSet,
|
||||
ProjectMembershipViewSet,
|
||||
)
|
||||
from django.urls import path, include
|
||||
from rest_framework.routers import DefaultRouter
|
||||
|
||||
from apps.projects.api.views import ProjectViewSet
|
||||
|
||||
app_name = "projects"
|
||||
|
||||
router = DefaultRouter()
|
||||
router.register(r"projects", ProjectViewSet, basename="project")
|
||||
router.register(r"memberships", ProjectMembershipViewSet, basename="membership")
|
||||
|
||||
urlpatterns = [
|
||||
path("", include(router.urls)),
|
||||
|
||||
@@ -1,49 +1,33 @@
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
||||
from rest_framework import status
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.exceptions import PermissionDenied
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework.filters import SearchFilter, OrderingFilter
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
||||
from rest_framework import status
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework.filters import SearchFilter, OrderingFilter
|
||||
from django_filters.rest_framework import DjangoFilterBackend
|
||||
|
||||
from core.paginations.limit_offset import CustomLimitOffsetPagination
|
||||
|
||||
from apps.notifications.services import (
|
||||
notify_project_membership_added,
|
||||
notify_project_membership_deactivated,
|
||||
notify_project_membership_removed,
|
||||
notify_project_membership_role_changed,
|
||||
)
|
||||
from apps.workspaces.models import Workspace
|
||||
from apps.clients.models import Client
|
||||
from apps.projects.models import (
|
||||
Project,
|
||||
ProjectMembership,
|
||||
)
|
||||
from apps.projects.models import Project
|
||||
from apps.projects.api.serializers import (
|
||||
ProjectSerializer, ProjectCreateSerializer, ProjectUpdateSerializer,
|
||||
ProjectMembershipSerializer, ProjectMembershipCreateSerializer, ProjectMembershipUpdateSerializer,
|
||||
)
|
||||
from apps.projects.api.permissions import IsProjectMember, IsProjectManager
|
||||
from apps.projects.services.projects import (
|
||||
create_project,
|
||||
update_project,
|
||||
create_project,
|
||||
update_project,
|
||||
toggle_project_archive
|
||||
)
|
||||
from apps.projects.services.memberships import add_project_member, update_project_member
|
||||
from apps.workspaces.services import (
|
||||
PROJECTS_ARCHIVE,
|
||||
PROJECTS_CREATE,
|
||||
PROJECTS_DELETE,
|
||||
PROJECTS_EDIT,
|
||||
PROJECT_MEMBERS_ADD,
|
||||
PROJECT_MEMBERS_CHANGE_ROLE,
|
||||
PROJECT_MEMBERS_REMOVE,
|
||||
can_delete_workspace_object,
|
||||
has_project_capability,
|
||||
has_workspace_capability,
|
||||
)
|
||||
|
||||
@@ -60,13 +44,13 @@ class ProjectViewSet(ModelViewSet):
|
||||
ordering_fields = ["name", "created_at", "updated_at"]
|
||||
ordering = ["-updated_at", "-created_at"]
|
||||
|
||||
def get_permissions(self):
|
||||
"""
|
||||
Instantiates and returns the list of permissions that this view requires.
|
||||
- Managers can update, delete, or archive.
|
||||
- Members can retrieve/view.
|
||||
- Any authenticated user can list (filtered to their memberships) or attempt to create.
|
||||
"""
|
||||
def get_permissions(self):
|
||||
"""
|
||||
Instantiates and returns the list of permissions that this view requires.
|
||||
- Workspace-authorized users can update, delete, or archive.
|
||||
- Workspace members can retrieve/view.
|
||||
- Any authenticated user can list their workspace projects or attempt to create.
|
||||
"""
|
||||
if self.action in ["update", "partial_update", "destroy", "archive"]:
|
||||
permission_classes = [IsAuthenticated, IsProjectManager]
|
||||
elif self.action in ["retrieve"]:
|
||||
@@ -76,10 +60,10 @@ class ProjectViewSet(ModelViewSet):
|
||||
|
||||
return [permission() for permission in permission_classes]
|
||||
|
||||
def get_queryset(self):
|
||||
"""
|
||||
Returns active projects where the current user is an active member.
|
||||
"""
|
||||
def get_queryset(self):
|
||||
"""
|
||||
Returns active projects in workspaces where the current user is an active member.
|
||||
"""
|
||||
if getattr(self, "swagger_fake_view", False) or not self.request.user.is_authenticated:
|
||||
return Project.objects.none()
|
||||
|
||||
@@ -100,14 +84,12 @@ class ProjectViewSet(ModelViewSet):
|
||||
return ProjectSerializer
|
||||
|
||||
def create(self, request, *args, **kwargs):
|
||||
"""
|
||||
Creates a new project using the project service layer.
|
||||
"""
|
||||
serializer = self.get_serializer(data=request.data)
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
||||
members_data = serializer.validated_data.pop("members", [])
|
||||
|
||||
"""
|
||||
Creates a new project using the project service layer.
|
||||
"""
|
||||
serializer = self.get_serializer(data=request.data)
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
||||
workspace = get_object_or_404(Workspace, id=serializer.validated_data["workspace"], is_deleted=False)
|
||||
if not has_workspace_capability(request.user, workspace, PROJECTS_CREATE):
|
||||
return Response(
|
||||
@@ -122,101 +104,30 @@ class ProjectViewSet(ModelViewSet):
|
||||
workspace=workspace,
|
||||
name=serializer.validated_data["name"],
|
||||
client=client,
|
||||
description=serializer.validated_data.get("description", ""),
|
||||
color=serializer.validated_data.get("color", "")
|
||||
)
|
||||
|
||||
for member in members_data:
|
||||
membership = add_project_member(
|
||||
project=project,
|
||||
user_id=member["user_id"],
|
||||
role=member["role"]
|
||||
)
|
||||
notify_project_membership_added(
|
||||
actor=request.user,
|
||||
recipient=membership.user,
|
||||
project=project,
|
||||
role=membership.role,
|
||||
)
|
||||
|
||||
output_serializer = ProjectSerializer(project)
|
||||
return Response(output_serializer.data, status=status.HTTP_201_CREATED)
|
||||
description=serializer.validated_data.get("description", ""),
|
||||
color=serializer.validated_data.get("color", "")
|
||||
)
|
||||
|
||||
output_serializer = ProjectSerializer(project)
|
||||
return Response(output_serializer.data, status=status.HTTP_201_CREATED)
|
||||
|
||||
def update(self, request, *args, **kwargs):
|
||||
"""
|
||||
Updates an existing project using the project service layer.
|
||||
"""
|
||||
partial = kwargs.pop("partial", False)
|
||||
project = self.get_object()
|
||||
"""
|
||||
Updates an existing project using the project service layer.
|
||||
"""
|
||||
partial = kwargs.pop("partial", False)
|
||||
project = self.get_object()
|
||||
|
||||
serializer = self.get_serializer(data=request.data, partial=partial)
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
||||
members_data = serializer.validated_data.pop("members", None)
|
||||
|
||||
updated_project = update_project(
|
||||
project=project,
|
||||
**serializer.validated_data
|
||||
)
|
||||
|
||||
# Full sync of project members if array is provided
|
||||
if members_data is not None:
|
||||
current_memberships = {str(m.user_id): m for m in updated_project.memberships.filter(is_deleted=False)}
|
||||
incoming_users = {str(m['user_id']) for m in members_data}
|
||||
|
||||
# Add or Update roles
|
||||
for member in members_data:
|
||||
user_id_str = str(member['user_id'])
|
||||
if user_id_str in current_memberships:
|
||||
membership = current_memberships[user_id_str]
|
||||
previous_role = membership.role
|
||||
previous_is_active = membership.is_active
|
||||
updated_membership = update_project_member(
|
||||
membership,
|
||||
role=member['role'],
|
||||
is_active=True
|
||||
)
|
||||
if not previous_is_active and updated_membership.is_active:
|
||||
notify_project_membership_added(
|
||||
actor=request.user,
|
||||
recipient=updated_membership.user,
|
||||
project=updated_project,
|
||||
role=updated_membership.role,
|
||||
)
|
||||
elif previous_role != updated_membership.role:
|
||||
notify_project_membership_role_changed(
|
||||
actor=request.user,
|
||||
recipient=updated_membership.user,
|
||||
project=updated_project,
|
||||
previous_role=previous_role,
|
||||
new_role=updated_membership.role,
|
||||
)
|
||||
else:
|
||||
membership = add_project_member(
|
||||
project=updated_project,
|
||||
user_id=member['user_id'],
|
||||
role=member['role']
|
||||
)
|
||||
notify_project_membership_added(
|
||||
actor=request.user,
|
||||
recipient=membership.user,
|
||||
project=updated_project,
|
||||
role=membership.role,
|
||||
)
|
||||
|
||||
# Deactivate omitted members
|
||||
for user_id_str, membership in current_memberships.items():
|
||||
if user_id_str not in incoming_users and membership.is_active:
|
||||
update_project_member(membership, is_active=False)
|
||||
notify_project_membership_deactivated(
|
||||
actor=request.user,
|
||||
recipient=membership.user,
|
||||
project=updated_project,
|
||||
role=membership.role,
|
||||
)
|
||||
|
||||
output_serializer = ProjectSerializer(updated_project)
|
||||
return Response(output_serializer.data, status=status.HTTP_200_OK)
|
||||
serializer = self.get_serializer(data=request.data, partial=partial)
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
||||
updated_project = update_project(
|
||||
project=project,
|
||||
**serializer.validated_data
|
||||
)
|
||||
|
||||
output_serializer = ProjectSerializer(updated_project)
|
||||
return Response(output_serializer.data, status=status.HTTP_200_OK)
|
||||
|
||||
def destroy(self, request, *args, **kwargs):
|
||||
"""
|
||||
@@ -238,127 +149,7 @@ class ProjectViewSet(ModelViewSet):
|
||||
Custom endpoint to toggle the archive status of a project.
|
||||
"""
|
||||
project = self.get_object()
|
||||
updated_project = toggle_project_archive(project)
|
||||
|
||||
output_serializer = ProjectSerializer(updated_project)
|
||||
return Response(output_serializer.data, status=status.HTTP_200_OK)
|
||||
|
||||
|
||||
class BaseProjectNestedViewSet(ModelViewSet):
|
||||
"""
|
||||
Base ViewSet for nested project models to share common permission and queryset logic.
|
||||
"""
|
||||
pagination_class = CustomLimitOffsetPagination
|
||||
filter_backends = [DjangoFilterBackend, OrderingFilter]
|
||||
ordering = ["-updated_at", "-created_at"]
|
||||
|
||||
def get_permissions(self):
|
||||
if self.action in ["create", "update", "partial_update", "destroy"]:
|
||||
permission_classes = [IsAuthenticated, IsProjectManager]
|
||||
else:
|
||||
permission_classes = [IsAuthenticated, IsProjectMember]
|
||||
return [permission() for permission in permission_classes]
|
||||
|
||||
def verify_manager_access(self, project_id):
|
||||
"""Helper to verify if the requesting user is a manager of the target project."""
|
||||
project = get_object_or_404(Project, id=project_id, is_deleted=False)
|
||||
if not has_project_capability(self.request.user, project, PROJECT_MEMBERS_ADD):
|
||||
raise PermissionDenied("You must be a project manager to perform this action.")
|
||||
|
||||
|
||||
class ProjectMembershipViewSet(BaseProjectNestedViewSet):
|
||||
filterset_fields = ["project", "user", "role", "is_active"]
|
||||
|
||||
def get_queryset(self):
|
||||
if getattr(self, "swagger_fake_view", False) or not self.request.user.is_authenticated:
|
||||
return ProjectMembership.objects.none()
|
||||
return ProjectMembership.objects.filter(
|
||||
project__memberships__user=self.request.user,
|
||||
project__memberships__is_active=True,
|
||||
is_deleted=False
|
||||
).distinct()
|
||||
|
||||
def get_serializer_class(self):
|
||||
if self.action == "create": return ProjectMembershipCreateSerializer
|
||||
if self.action in ["update", "partial_update"]: return ProjectMembershipUpdateSerializer
|
||||
return ProjectMembershipSerializer
|
||||
|
||||
def create(self, request, *args, **kwargs):
|
||||
serializer = self.get_serializer(data=request.data)
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
||||
project_id = serializer.validated_data["project_id"]
|
||||
self.verify_manager_access(project_id)
|
||||
|
||||
project = get_object_or_404(Project, id=project_id, is_deleted=False)
|
||||
membership = add_project_member(
|
||||
project=project,
|
||||
user_id=serializer.validated_data["user_id"],
|
||||
role=serializer.validated_data["role"]
|
||||
)
|
||||
notify_project_membership_added(
|
||||
actor=request.user,
|
||||
recipient=membership.user,
|
||||
project=project,
|
||||
role=membership.role,
|
||||
)
|
||||
return Response(ProjectMembershipSerializer(membership).data, status=status.HTTP_201_CREATED)
|
||||
|
||||
def update(self, request, *args, **kwargs):
|
||||
membership = self.get_object()
|
||||
if not has_project_capability(
|
||||
request.user,
|
||||
membership.project,
|
||||
PROJECT_MEMBERS_CHANGE_ROLE,
|
||||
):
|
||||
raise PermissionDenied("You do not have permission to update project members.")
|
||||
serializer = self.get_serializer(data=request.data, partial=kwargs.pop("partial", False))
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
||||
previous_role = membership.role
|
||||
previous_is_active = membership.is_active
|
||||
updated_membership = update_project_member(membership, **serializer.validated_data)
|
||||
if not previous_is_active and updated_membership.is_active:
|
||||
notify_project_membership_added(
|
||||
actor=request.user,
|
||||
recipient=updated_membership.user,
|
||||
project=updated_membership.project,
|
||||
role=updated_membership.role,
|
||||
)
|
||||
elif previous_is_active and not updated_membership.is_active:
|
||||
notify_project_membership_deactivated(
|
||||
actor=request.user,
|
||||
recipient=updated_membership.user,
|
||||
project=updated_membership.project,
|
||||
role=previous_role,
|
||||
)
|
||||
elif previous_role != updated_membership.role:
|
||||
notify_project_membership_role_changed(
|
||||
actor=request.user,
|
||||
recipient=updated_membership.user,
|
||||
project=updated_membership.project,
|
||||
previous_role=previous_role,
|
||||
new_role=updated_membership.role,
|
||||
)
|
||||
return Response(ProjectMembershipSerializer(updated_membership).data, status=status.HTTP_200_OK)
|
||||
|
||||
def destroy(self, request, *args, **kwargs):
|
||||
membership = self.get_object()
|
||||
if not has_project_capability(
|
||||
request.user,
|
||||
membership.project,
|
||||
PROJECT_MEMBERS_REMOVE,
|
||||
):
|
||||
raise PermissionDenied("You do not have permission to remove project members.")
|
||||
recipient = membership.user
|
||||
project = membership.project
|
||||
role = membership.role
|
||||
membership.is_deleted = True
|
||||
membership.save(update_fields=["is_deleted", "updated_at"])
|
||||
notify_project_membership_removed(
|
||||
actor=request.user,
|
||||
recipient=recipient,
|
||||
project=project,
|
||||
role=role,
|
||||
)
|
||||
return Response(status=status.HTTP_204_NO_CONTENT)
|
||||
updated_project = toggle_project_archive(project)
|
||||
|
||||
output_serializer = ProjectSerializer(updated_project)
|
||||
return Response(output_serializer.data, status=status.HTTP_200_OK)
|
||||
|
||||
Reference in New Issue
Block a user