Validate LDAP account of the initiating user when a task is started. Closes #663.

Author: alitheg

atr/worker.py

@@ -35,6 +35,7 @@
 import sqlmodel
 
 import atr.db as db
+import atr.ldap as ldap
 import atr.log as log
 import atr.models.results as results
 import atr.models.sql as sql
@@ -229,6 +230,11 @@ async def _task_process(task_id: int, task_type: str, task_args: list[str] | dic
 
     task_results: results.Results | None
     try:
+        if asf_uid != "system":
+            user_account = await ldap.account_lookup(asf_uid)
+            if user_account is None or ldap.is_banned(user_account):
+                raise RuntimeError(f"Account '{asf_uid}' is banned or does not exist")
+
         handler = tasks.resolve(task_type_member)
         sig = inspect.signature(handler)
         params = list(sig.parameters.values())