nopaque/app/users/settings/json_routes.py

79 lines
2.6 KiB
Python
Raw Normal View History

from flask import abort, current_app, request
from flask_login import current_user, login_required
from threading import Thread
import os
from app import db
from app.decorators import content_negotiation
2023-03-27 10:22:43 +02:00
from app.models import Avatar, User, ProfilePrivacySettings
from . import bp
2023-03-27 13:56:24 +02:00
@bp.route('/<hashid:user_id>/settings/avatar', methods=['DELETE'])
@content_negotiation(produces='application/json')
def delete_user_avatar(user_id):
def _delete_avatar(app, avatar_id):
with app.app_context():
avatar = Avatar.query.get(avatar_id)
avatar.delete()
db.session.commit()
user = User.query.get_or_404(user_id)
if user.avatar is None:
abort(404)
if not (user == current_user or current_user.is_administrator()):
abort(403)
thread = Thread(
target=_delete_avatar,
args=(current_app._get_current_object(), user.avatar.id)
)
thread.start()
response_data = {
'message': f'Avatar marked for deletion'
}
return response_data, 202
2023-03-27 13:56:24 +02:00
@bp.route('/<hashid:user_id>/settings/profile-privacy/is-public', methods=['PUT'])
@login_required
@content_negotiation(consumes='application/json', produces='application/json')
def update_user_profile_privacy_setting_is_public(user_id):
user = User.query.get_or_404(user_id)
if not (user == current_user or current_user.is_administrator()):
abort(403)
enabled = request.json
if not isinstance(enabled, bool):
abort(400)
user.is_public = enabled
db.session.commit()
response_data = {
2023-03-27 14:01:56 +02:00
'message': 'Profile privacy settings updated',
'category': 'settings'
}
return response_data, 200
2023-03-27 10:22:43 +02:00
@bp.route('/<hashid:user_id>/settings/profile-privacy/<string:profile_privacy_setting_name>', methods=['PUT'])
2023-03-27 13:56:24 +02:00
@login_required
@content_negotiation(consumes='application/json', produces='application/json')
def update_user_profile_privacy_settings(user_id, profile_privacy_setting_name):
2023-03-27 13:56:24 +02:00
user = User.query.get_or_404(user_id)
try:
profile_privacy_setting = ProfilePrivacySettings[profile_privacy_setting_name]
except KeyError:
abort(404)
if not (user == current_user or current_user.is_administrator()):
abort(403)
enabled = request.json
if not isinstance(enabled, bool):
abort(400)
2023-03-27 13:56:24 +02:00
if enabled:
user.add_profile_privacy_setting(profile_privacy_setting)
else:
user.remove_profile_privacy_setting(profile_privacy_setting)
db.session.commit()
response_data = {
'message': 'Profile privacy settings updated',
'category': 'settings'
2023-03-27 13:56:24 +02:00
}
return response_data, 200