Fix some privacy issues

app/users/settings/json_routes.py

@@ -1,5 +1,5 @@
 from flask import abort, request
-from flask_login import current_user, login_required
+from flask_login import current_user
 from app import db
 from app.decorators import content_negotiation
 from app.models import User, ProfilePrivacySettings
@@ -7,7 +7,6 @@ from . import bp
 
 
 @bp.route('/<hashid:user_id>/settings/profile-privacy/is-public', methods=['PUT'])
-@login_required
 @content_negotiation(consumes='application/json', produces='application/json')
 def update_user_profile_privacy_setting_is_public(user_id):
     user = User.query.get_or_404(user_id)
@@ -26,7 +25,6 @@ def update_user_profile_privacy_setting_is_public(user_id):
 
 
 @bp.route('/<hashid:user_id>/settings/profile-privacy/<string:profile_privacy_setting_name>', methods=['PUT'])
-@login_required
 @content_negotiation(consumes='application/json', produces='application/json')
 def update_user_profile_privacy_settings(user_id, profile_privacy_setting_name):
     user = User.query.get_or_404(user_id)

app/users/settings/routes.py

@@ -1,6 +1,6 @@
 from flask import abort, flash, g, redirect, render_template, url_for
 from flask_breadcrumbs import register_breadcrumb
-from flask_login import current_user, login_required
+from flask_login import current_user
 from app import db
 from app.models import Avatar, User
 from ..utils import user_endpoint_arguments_constructor as user_eac
@@ -16,7 +16,6 @@ from .forms import (
 
 @bp.route('/<hashid:user_id>/settings', methods=['GET', 'POST'])
 @register_breadcrumb(bp, '.entity.settings', '<i class="material-icons left">settings</i>Settings', endpoint_arguments_constructor=user_eac)
-@login_required
 def settings(user_id):
     user = User.query.get_or_404(user_id)
     if not (user == current_user or current_user.is_administrator()):