nopaque/app/settings/json_routes.py

98 lines
3.0 KiB
Python
Raw Normal View History

from flask import abort, current_app, request
from flask_login import current_user, login_required, logout_user
from threading import Thread
import os
from app import db
from app.decorators import content_negotiation
2023-03-27 08:22:43 +00:00
from app.models import Avatar, User, ProfilePrivacySettings
from . import bp
2023-03-27 11:56:24 +00:00
@bp.route('/<hashid:user_id>', methods=['DELETE'])
@login_required
@content_negotiation(produces='application/json')
def delete_user(user_id):
def _delete_user(app, user_id):
with app.app_context():
user = User.query.get(user_id)
user.delete()
db.session.commit()
user = User.query.get_or_404(user_id)
if not (user == current_user or current_user.is_administrator()):
abort(403)
thread = Thread(
target=_delete_user,
args=(current_app._get_current_object(), user_id)
)
if user == current_user:
logout_user()
thread.start()
response_data = {
'message': f'User "{user.username}" marked for deletion'
}
return response_data, 202
2023-03-27 11:56:24 +00:00
@bp.route('/<hashid:user_id>/avatar', methods=['DELETE'])
@content_negotiation(produces='application/json')
def delete_profile_avatar(user_id):
def _delete_avatar(app, avatar_id):
with app.app_context():
avatar = Avatar.query.get(avatar_id)
avatar.delete()
db.session.commit()
user = User.query.get_or_404(user_id)
if user.avatar is None:
abort(404)
thread = Thread(
target=_delete_avatar,
args=(current_app._get_current_object(), user.avatar.id)
)
thread.start()
response_data = {
'message': f'Avatar marked for deletion'
}
return response_data, 202
2023-03-27 11:56:24 +00:00
@bp.route('/<hashid:user_id>/is-public', methods=['PUT'])
@login_required
@content_negotiation(consumes='application/json', produces='application/json')
def update_user_is_public(user_id):
is_public = request.json
if not isinstance(is_public, bool):
abort(400)
user = User.query.get_or_404(user_id)
user.is_public = is_public
db.session.commit()
response_data = {
2023-03-27 12:01:56 +00:00
'message': 'Profile privacy settings updated',
'category': 'corpus'
}
return response_data, 200
2023-03-27 08:22:43 +00:00
2023-03-27 11:56:24 +00:00
@bp.route('/<hashid:user_id>/profile-privacy-settings/<string:profile_privacy_setting_name>', methods=['PUT'])
@login_required
@content_negotiation(consumes='application/json', produces='application/json')
def add_profile_privacy_settings(user_id, profile_privacy_setting_name):
user = User.query.get_or_404(user_id)
enabled = request.json
if not isinstance(enabled, bool):
abort(400)
try:
profile_privacy_setting = ProfilePrivacySettings[profile_privacy_setting_name]
except KeyError:
abort(404)
if enabled:
user.add_profile_privacy_setting(profile_privacy_setting)
else:
user.remove_profile_privacy_setting(profile_privacy_setting)
db.session.commit()
response_data = {
'message': 'Profile privacy settings updated',
'category': 'corpus'
}
return response_data, 200