## Overview
Admins should be able to disable access to an account. This should:
* Make the user's blogs and posts inaccessible to the world
* Prevent the user from creating new posts or blogs
* Still allow the to log in, so they can e.g. export their data
* Update the user count via Write.as Teams API
A suspended user shouldn't count towards an instance's count of active users. So: reflect this in NodeInfo and the count sent to Write.as Teams API.
## Implementation
When an admin suspends another user, we should insert into the `userattributes` table:
* user_id = {suspended user's ID}
* attribute = 'suspended'
* value = '1'
Now, on the viewing side:
> * Make the user's blogs and posts inaccessible to the world
In collection viewing handlers -- via web, API, and ActivityPub -- do this:
```
SELECT 1 FROM userattributes WHERE user_id = {collection.ownerID} AND attribute = 'suspended' AND value = '1'
```
(NOTE: See existing funcs in `database.go` for how we create a helper func for this.) If that returns a row, return a `404` for the collection / collection post.
> * Prevent the user from creating new posts or blogs
When publishing or updating posts, again check if the user is suspended, as above, and return a `403 Forbidden` if they are.
> * Still allow the to log in, so they can e.g. export their data
(No additional development needed here.)