From 24f34569905c38bc3f196d273ede17d4ae6c0186 Mon Sep 17 00:00:00 2001
From: John Wang <takatost@users.noreply.github.com>
Date: Sat, 15 Jul 2023 23:58:15 +0800
Subject: [PATCH] fix: account check in runtime (#569)

---
 api/app.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/app.py b/api/app.py
index a281285222..f385e8d378 100644
--- a/api/app.py
+++ b/api/app.py
@@ -2,6 +2,8 @@
 import os
 from datetime import datetime
 
+from werkzeug.exceptions import Forbidden
+
 if not os.environ.get("DEBUG") or os.environ.get("DEBUG").lower() != 'true':
     from gevent import monkey
     monkey.patch_all()
@@ -27,7 +29,7 @@ from events import event_handlers
 import core
 from config import Config, CloudEditionConfig
 from commands import register_commands
-from models.account import TenantAccountJoin
+from models.account import TenantAccountJoin, AccountStatus
 from models.model import Account, EndUser, App
 
 import warnings
@@ -101,6 +103,9 @@ def load_user(user_id):
         account = db.session.query(Account).filter(Account.id == account_id).first()
 
         if account:
+            if account.status == AccountStatus.BANNED.value or account.status == AccountStatus.CLOSED.value:
+                raise Forbidden('Account is banned or closed.')
+
             workspace_id = session.get('workspace_id')
             if workspace_id:
                 tenant_account_join = db.session.query(TenantAccountJoin).filter(