moderation: add chat bans for groups/channels with web actions

tests/test_chat_message_flow.py

@@ -96,3 +96,31 @@ async def test_private_chat_respects_contacts_only_policy(client, db_session):
         json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [u2_id]},
     )
     assert create_chat_allowed.status_code == 200
+
+
+async def test_group_ban_blocks_rejoin(client, db_session):
+    owner = await _create_verified_user(client, db_session, "ban_owner@example.com", "ban_owner", "strongpass123")
+    member = await _create_verified_user(client, db_session, "ban_member@example.com", "ban_member", "strongpass123")
+
+    me_member = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {member['access_token']}"})
+    member_id = me_member.json()["id"]
+
+    create_group = await client.post(
+        "/api/v1/chats",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={"type": ChatType.GROUP.value, "title": "Test group", "member_ids": [member_id], "is_public": True, "handle": "ban_test_group"},
+    )
+    assert create_group.status_code == 200
+    chat_id = create_group.json()["id"]
+
+    ban_response = await client.post(
+        f"/api/v1/chats/{chat_id}/bans/{member_id}",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+    )
+    assert ban_response.status_code == 204
+
+    rejoin_response = await client.post(
+        f"/api/v1/chats/{chat_id}/join",
+        headers={"Authorization": f"Bearer {member['access_token']}"},
+    )
+    assert rejoin_response.status_code == 403