implement account locking/unlocking

app/controllers/account_locks_controller.rb

@@ -0,0 +1,31 @@
+class AccountLocksController < ApplicationController
+  before_action :set_account
+
+  def create
+    authorize :account_lock, :create?
+    @account.update(locked: true)
+    redirect_to admin_accounts_path, notice: 'Account locked'
+  end
+
+  def destroy
+    authorize :account_lock, :destroy?
+    @account.update(locked: false)
+    redirect_to admin_accounts_path, notice: 'Account unlocked'
+  end
+
+  private
+
+  def set_account
+    if params[:id].present?
+      @account = Account.find(params[:id])
+    else
+      failure_redirect
+    end
+  rescue ActiveRecord::RecordNotFound
+    failure_redirect
+  end
+
+  def failure_redirect
+    redirect_to admin_accounts_path, alert: 'Failed to find the account'
+  end
+end

app/controllers/account_sessions_controller.rb

@@ -1,4 +1,5 @@
 class AccountSessionsController < ApplicationController
+  skip_before_action :redirect_locked_accounts
   def update
     authorize :account_session, :update?
     session[:active_account] = account_session_params[:account_id]

app/controllers/application_controller.rb

@@ -13,6 +13,7 @@ class ApplicationController < ActionController::Base
 
   include SetCurrentRequestDetails
   before_action :redirect_accountless
+  before_action :redirect_locked_accounts
 
   private
 
@@ -29,6 +30,12 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def redirect_locked_accounts
+    if Current.user && Current.account.locked?
+      redirect_to locked_account_path
+    end
+  end
+
   def signed_in_as_admin?
     signed_in? && current_user.admin?
   end

app/controllers/locked_accounts_controller.rb

@@ -0,0 +1,10 @@
+class LockedAccountsController < ApplicationController
+  skip_before_action :redirect_locked_accounts
+  skip_after_action :verify_policy_scoped
+
+  def index
+    unless Current.account.locked?
+      redirect_to projects_path
+    end
+  end
+end