From 8479d820ad5bbd89ffc97fb64da10e3666038a5f Mon Sep 17 00:00:00 2001
From: Dessalines <tyhou13@gmx.com>
Date: Sun, 15 Aug 2021 20:16:43 -0400
Subject: [PATCH] Don't allow deleted users to do actions. Fixes #1656

---
 crates/api_common/src/lib.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crates/api_common/src/lib.rs b/crates/api_common/src/lib.rs
index 4e3cd751b..1f62a8f3e 100644
--- a/crates/api_common/src/lib.rs
+++ b/crates/api_common/src/lib.rs
@@ -272,6 +272,11 @@ pub async fn get_local_user_view_from_jwt(
     return Err(ApiError::err("site_ban").into());
   }
 
+  // Check for user deletion
+  if local_user_view.person.deleted {
+    return Err(ApiError::err("deleted").into());
+  }
+
   check_validator_time(&local_user_view.local_user.validator_time, &claims)?;
 
   Ok(local_user_view)