impr(server): dont allow banned accounts to reset or delete their data

backend/src/api/controllers/user.ts

@@ -180,6 +180,10 @@ export async function deleteUser(
 
   const userInfo = await UserDAL.getUser(uid, "delete user");
 
+  if (userInfo.banned) {
+    throw new MonkeyError(403, "Banned users cannot delete their account");
+  }
+
   //cleanup database
   await Promise.all([
     UserDAL.deleteUser(uid),
@@ -211,6 +215,10 @@ export async function resetUser(
   const { uid } = req.ctx.decodedToken;
 
   const userInfo = await UserDAL.getUser(uid, "reset user");
+  if (userInfo.banned) {
+    throw new MonkeyError(403, "Banned users cannot reset their account");
+  }
+
   const promises = [
     UserDAL.resetUser(uid),
     deleteAllApeKeys(uid),