Privacy settings for profile pages

app/profile/forms.py

@@ -1,5 +1,6 @@
 from flask_wtf import FlaskForm
 from wtforms import (
+    BooleanField,
     FileField,
     StringField,
     SubmitField,
@@ -16,9 +17,6 @@ from app.models import User
 from app.auth import USERNAME_REGEX
 
 class EditProfileSettingsForm(FlaskForm):
-    avatar = FileField(
-        'Image File'
-    )
     email = StringField(
         'E-Mail',
         validators=[InputRequired(), Length(max=254), Email()]
@@ -37,6 +35,26 @@ class EditProfileSettingsForm(FlaskForm):
             )
         ]
     )
+    submit = SubmitField()
+    
+    def __init__(self, user, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.user = user
+
+    def validate_email(self, field):
+        if (field.data != self.user.email
+                and User.query.filter_by(email=field.data).first()):
+            raise ValidationError('Email already registered')
+
+    def validate_username(self, field):
+        if (field.data != self.user.username
+                and User.query.filter_by(username=field.data).first()):
+            raise ValidationError('Username already in use')
+
+class EditPublicProfileInformationForm(FlaskForm):
+    avatar = FileField(
+        'Image File'
+    )
     full_name = StringField(
         'Full name',
         validators=[Length(max=128)]
@@ -68,20 +86,13 @@ class EditProfileSettingsForm(FlaskForm):
 
     submit = SubmitField()
 
-    def __init__(self, user, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.user = user
-
-    def validate_email(self, field):
-        if (field.data != self.user.email
-                and User.query.filter_by(email=field.data).first()):
-            raise ValidationError('Email already registered')
-
-    def validate_username(self, field):
-        if (field.data != self.user.username
-                and User.query.filter_by(username=field.data).first()):
-            raise ValidationError('Username already in use')
-   
     def validate_image_file(self, field):
         if not field.data.filename.lower().endswith('.jpg' or '.png' or '.jpeg'):
             raise ValidationError('only .jpg, .png and .jpeg!')
+
+class EditPrivacySettingsForm(FlaskForm):
+    is_public = BooleanField('Public profile')
+    show_email = BooleanField('Show email')
+    show_last_seen = BooleanField('Show last seen')
+    show_member_since = BooleanField('Show member since')
+    submit = SubmitField()

app/profile/routes.py

@@ -1,5 +1,6 @@
 from flask import (
     abort,
+    current_app,
     flash, 
     Markup, 
     redirect, 
@@ -8,12 +9,15 @@ from flask import (
     url_for
 )
 from flask_login import current_user, login_required
+from threading import Thread
 import os
 from app import db
-from app.models import Avatar, User
+from app.models import Avatar, ProfilePrivacySettings, User
 from . import bp
 from .forms import (
-  EditProfileSettingsForm
+  EditPrivacySettingsForm,
+  EditProfileSettingsForm,
+  EditPublicProfileInformationForm
 )
 
 @bp.before_request
@@ -25,8 +29,12 @@ def before_request():
 @bp.route('/<hashid:user_id>')
 def profile(user_id):
     user = User.query.get_or_404(user_id)
+    user_data = user.to_json_serializeable()
+    if not user.is_public and user != current_user:
+        abort(403)
     return render_template('profile/profile_page.html.j2', 
-        user=user)
+        user=user,
+        user_data=user_data)
 
 @bp.route('/<hashid:user_id>/avatars/<hashid:avatar_id>')
 def avatar_download(user_id, avatar_id):
@@ -41,6 +49,21 @@ def avatar_download(user_id, avatar_id):
         mimetype=avatar_file.mimetype
     )
 
+@bp.route('/<hashid:user_id>/avatars/<hashid:avatar_id>', methods=['DELETE'])
+def delete_avatar(avatar_id, user_id):
+    def _delete_avatar(app, avatar_id):
+        with app.app_context():
+            avatar_file = Avatar.query.get(avatar_id)
+            print(avatar_file)
+            avatar_file.delete()
+            db.session.commit()
+    thread = Thread(
+        target=_delete_avatar,
+        args=(current_app._get_current_object(), avatar_id)
+    )
+    thread.start()
+    return {}, 202
+
 @bp.route('/<hashid:user_id>/edit-profile', methods=['GET', 'POST'])
 def edit_profile(user_id):
     user = User.query.get_or_404(user_id)
@@ -49,24 +72,58 @@ def edit_profile(user_id):
         data=current_user.to_json_serializeable(),
         prefix='edit-profile-settings-form'
     )
+    edit_privacy_settings_form = EditPrivacySettingsForm(
+        data=current_user.to_json_serializeable(),
+        prefix='edit-privacy-settings-form'
+    )
+    edit_public_profile_information_form = EditPublicProfileInformationForm(
+        data=current_user.to_json_serializeable(),
+        prefix='edit-public-profile-information-form'
+    )
+
     if edit_profile_settings_form.validate_on_submit():
-        if edit_profile_settings_form.avatar.data:
-            try:
-                Avatar.create(edit_profile_settings_form.avatar.data, user=current_user)
-            except (AttributeError, OSError):
-                abort(500)
         current_user.email = edit_profile_settings_form.email.data
         current_user.username = edit_profile_settings_form.username.data
-        current_user.about_me = edit_profile_settings_form.about_me.data
-        current_user.location = edit_profile_settings_form.location.data
-        current_user.organization = edit_profile_settings_form.organization.data
-        current_user.website = edit_profile_settings_form.website.data
-        current_user.full_name = edit_profile_settings_form.full_name.data
+        db.session.commit()
+        message = Markup(f'Profile settings updated')
+        flash(message, 'success')
+        return redirect(url_for('.profile', user_id=user.id))
+    if (edit_privacy_settings_form.submit.data
+        and edit_privacy_settings_form.validate()):
+        current_user.is_public = edit_privacy_settings_form.is_public.data
+        if edit_privacy_settings_form.show_email.data:
+            current_user.add_profile_privacy_setting(ProfilePrivacySettings.SHOW_EMAIL)
+        else:
+            current_user.remove_profile_privacy_setting(ProfilePrivacySettings.SHOW_EMAIL)
+        if edit_privacy_settings_form.show_last_seen.data:
+            current_user.add_profile_privacy_setting(ProfilePrivacySettings.SHOW_LAST_SEEN)
+        else:
+            current_user.remove_profile_privacy_setting(ProfilePrivacySettings.SHOW_LAST_SEEN)
+        if edit_privacy_settings_form.show_member_since.data:
+            current_user.add_profile_privacy_setting(ProfilePrivacySettings.SHOW_MEMBER_SINCE)
+        else:
+            current_user.remove_profile_privacy_setting(ProfilePrivacySettings.SHOW_MEMBER_SINCE)
+        db.session.commit()
+        flash('Your changes have been saved')
+        return redirect(url_for('.profile', user_id=user.id))
+    if edit_public_profile_information_form.validate_on_submit():
+        if edit_public_profile_information_form.avatar.data:
+            try:
+                Avatar.create(edit_public_profile_information_form.avatar.data, user=current_user)
+            except (AttributeError, OSError):
+                abort(500)
+        current_user.about_me = edit_public_profile_information_form.about_me.data
+        current_user.location = edit_public_profile_information_form.location.data
+        current_user.organization = edit_public_profile_information_form.organization.data
+        current_user.website = edit_public_profile_information_form.website.data
+        current_user.full_name = edit_public_profile_information_form.full_name.data
         db.session.commit()
         message = Markup(f'Profile settings updated')
         flash(message, 'success')
         return redirect(url_for('.profile', user_id=user.id))
     return render_template('profile/edit_profile.html.j2',
         edit_profile_settings_form=edit_profile_settings_form,
+        edit_privacy_settings_form=edit_privacy_settings_form,
+        edit_public_profile_information_form=edit_public_profile_information_form,
         user=user,
         title='Edit Profile')