-
Emma authored
There are now two types of global bans: IP bans and user bans: * If logged in and trusted, POST requests will check if the user is user banned. * If logged in and *not* trusted, POST requests will check if the user is user banned *and* IP banned. * If not logged in, only IP bans will be checked on POST. This excludes /login, which is somehow magically exempt from the ban listener (which is exactly what we want anyway). Additonally, many smaller fixes have been applied to vaguely ban-related stuff. For instance, the IP ban form now uses DTOs, and the ban landing page was moved to its own controller class in order to reduce the number @IsGranted annotations.
af8c4886