Check lock_status before logging in

README.md

@@ -32,7 +32,6 @@ Run the tests locally (against development environment):
 
 ## TODOs
 
-1. lock_status isn't doing anything!!
 1. Actions for creating moderators and resetting passwords
 1. CSS
 1. "All new posts flagged" mode (require approval for new posts)

lib/PostText/Model/Moderator.pm

@@ -17,7 +17,9 @@ sub create($self, $name, $email, $password) {
 }
 
 sub check($self, $email, $password) {
-    my $moderator =
+    my ($moderator, $mod_id);
+
+    $moderator =
         $self->pg->db->query(<<~'END_SQL', $email)->hash;
             SELECT moderator_id AS id,
                    password_hash
@@ -25,10 +27,22 @@ sub check($self, $email, $password) {
              WHERE email_addr = ?;
            END_SQL
 
-    return undef unless $moderator->{'id'};
+    $mod_id = $moderator->{'id'};
 
+    if ($mod_id && !$self->lock_status($mod_id)) {
         return $self->authenticator
             ->verify_password($password, $moderator->{'password_hash'});
+    }
+
+    return undef;
+}
+
+sub lock_out($self, $mod_id) {
+    $self->pg->db->query(<<~'END_SQL', $mod_id)
+        UPDATE moderators
+           SET lock_status = TRUE
+         WHERE moderator_id = ?;
+       END_SQL
 }
 
 sub get_id($self, $email) {
@@ -47,6 +61,14 @@ sub get_name($self, $mod_id) {
        END_SQL
 }
 
+sub lock_status($self, $mod_id) {
+    $self->pg->db->query(<<~'END_SQL', $mod_id)->hash->{'lock_status'}
+        SELECT lock_status
+          FROM moderators
+         WHERE moderator_id = ?;
+       END_SQL
+}
+
 sub login_timestamp($self, $mod_id) {
     $self->pg->db->query(<<~'END_SQL', $mod_id);
         UPDATE moderators