mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2025-06-15 18:40:40 +00:00
Update settings
This commit is contained in:
Patrick Jentsch
@ -1,18 +1,7 @@
|
||||
from flask import Blueprint
|
||||
from flask_login import login_required
|
||||
|
||||
|
||||
bp = Blueprint('users', __name__)
|
||||
|
||||
|
||||
@bp.before_request
|
||||
@login_required
|
||||
def before_request():
|
||||
'''
|
||||
Ensures that the routes in this package can only be visited by users that
|
||||
are logged in.
|
||||
'''
|
||||
pass
|
||||
|
||||
|
||||
from . import cli, json_routes, routes, settings
|
||||
from . import cli, events, routes
|
||||
|
||||
58
app/blueprints/users/events.py
Normal file
58
app/blueprints/users/events.py
Normal file
@ -0,0 +1,58 @@
|
||||
from flask_login import current_user
|
||||
from flask_socketio import join_room, leave_room
|
||||
from app import hashids, socketio
|
||||
from app.decorators import socketio_login_required
|
||||
from app.models import User
|
||||
|
||||
|
||||
@socketio.on('SUBSCRIBE User')
|
||||
@socketio_login_required
|
||||
def subscribe(user_hashid: str) -> dict:
|
||||
if not isinstance(user_hashid, str):
|
||||
return {'status': 400, 'statusText': 'Bad Request'}
|
||||
|
||||
user_id = hashids.decode(user_hashid)
|
||||
|
||||
if not isinstance(user_id, int):
|
||||
return {'status': 400, 'statusText': 'Bad Request'}
|
||||
|
||||
user = User.query.get(user_id)
|
||||
|
||||
if user is None:
|
||||
return {'status': 404, 'statusText': 'Not Found'}
|
||||
|
||||
if not (
|
||||
user == current_user
|
||||
or current_user.is_administrator
|
||||
):
|
||||
return {'status': 403, 'statusText': 'Forbidden'}
|
||||
|
||||
join_room(f'/users/{user.hashid}')
|
||||
|
||||
return {'status': 200, 'statusText': 'OK'}
|
||||
|
||||
@socketio.on('UNSUBSCRIBE User')
|
||||
@socketio_login_required
|
||||
def unsubscribe(user_hashid: str) -> dict:
|
||||
if not isinstance(user_hashid, str):
|
||||
return {'status': 400, 'statusText': 'Bad Request'}
|
||||
|
||||
user_id = hashids.decode(user_hashid)
|
||||
|
||||
if not isinstance(user_id, int):
|
||||
return {'status': 400, 'statusText': 'Bad Request'}
|
||||
|
||||
user = User.query.get(user_id)
|
||||
|
||||
if user is None:
|
||||
return {'status': 404, 'statusText': 'Not Found'}
|
||||
|
||||
if not (
|
||||
user == current_user
|
||||
or current_user.is_administrator
|
||||
):
|
||||
return {'status': 403, 'statusText': 'Forbidden'}
|
||||
|
||||
leave_room(f'/users/{user.hashid}')
|
||||
|
||||
return {'status': 200, 'statusText': 'OK'}
|
||||
@ -1,69 +0,0 @@
|
||||
from flask import abort, current_app
|
||||
from flask_login import current_user, logout_user
|
||||
from threading import Thread
|
||||
from app import db
|
||||
from app.decorators import content_negotiation
|
||||
from app.models import Avatar, User
|
||||
from . import bp
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>', methods=['DELETE'])
|
||||
@content_negotiation(produces='application/json')
|
||||
def delete_user(user_id):
|
||||
def _delete_user(app, user_id):
|
||||
with app.app_context():
|
||||
user = User.query.get(user_id)
|
||||
user.delete()
|
||||
db.session.commit()
|
||||
|
||||
user = User.query.get_or_404(user_id)
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
abort(403)
|
||||
thread = Thread(
|
||||
target=_delete_user,
|
||||
args=(current_app._get_current_object(), user.id)
|
||||
)
|
||||
if user == current_user:
|
||||
logout_user()
|
||||
thread.start()
|
||||
response_data = {
|
||||
'message': f'User "{user.username}" marked for deletion'
|
||||
}
|
||||
return response_data, 202
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>/avatar', methods=['DELETE'])
|
||||
@content_negotiation(produces='application/json')
|
||||
def delete_user_avatar(user_id):
|
||||
def _delete_avatar(app, avatar_id):
|
||||
with app.app_context():
|
||||
avatar = Avatar.query.get(avatar_id)
|
||||
avatar.delete()
|
||||
db.session.commit()
|
||||
|
||||
user = User.query.get_or_404(user_id)
|
||||
if user.avatar is None:
|
||||
abort(404)
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
abort(403)
|
||||
thread = Thread(
|
||||
target=_delete_avatar,
|
||||
args=(current_app._get_current_object(), user.avatar.id)
|
||||
)
|
||||
thread.start()
|
||||
response_data = {
|
||||
'message': f'Avatar marked for deletion'
|
||||
}
|
||||
return response_data, 202
|
||||
|
||||
@bp.route('/accept-terms-of-use', methods=['POST'])
|
||||
@content_negotiation(produces='application/json')
|
||||
def accept_terms_of_use():
|
||||
if not (current_user.is_authenticated or current_user.confirmed):
|
||||
abort(403)
|
||||
current_user.terms_of_use_accepted = True
|
||||
db.session.commit()
|
||||
response_data = {
|
||||
'message': 'You accepted the terms of use',
|
||||
}
|
||||
return response_data, 202
|
||||
@ -1,25 +1,48 @@
|
||||
from flask import (
|
||||
abort,
|
||||
redirect,
|
||||
render_template,
|
||||
current_app,
|
||||
Flask,
|
||||
jsonify,
|
||||
redirect,
|
||||
render_template,
|
||||
request,
|
||||
send_from_directory,
|
||||
url_for
|
||||
)
|
||||
from flask_login import current_user
|
||||
from app.models import User
|
||||
from flask_login import current_user, login_required, logout_user
|
||||
from threading import Thread
|
||||
from app import db
|
||||
from app.models import Avatar, User
|
||||
from . import bp
|
||||
|
||||
|
||||
@bp.route('')
|
||||
def users():
|
||||
@login_required
|
||||
def index():
|
||||
return redirect(url_for('main.social_area', _anchor='users'))
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>')
|
||||
def user(user_id):
|
||||
@login_required
|
||||
def user(user_id: int):
|
||||
user = User.query.get_or_404(user_id)
|
||||
if not (user.is_public or user == current_user or current_user.is_administrator):
|
||||
|
||||
if not (
|
||||
user.is_public
|
||||
or user == current_user
|
||||
or current_user.is_administrator
|
||||
):
|
||||
abort(403)
|
||||
|
||||
accept_json = request.accept_mimetypes.accept_json
|
||||
accept_html = request.accept_mimetypes.accept_html
|
||||
|
||||
if accept_json and not accept_html:
|
||||
return user.to_json_serializeable(
|
||||
backrefs=True,
|
||||
relationships=True
|
||||
)
|
||||
|
||||
return render_template(
|
||||
'users/user.html.j2',
|
||||
title=user.username,
|
||||
@ -27,13 +50,51 @@ def user(user_id):
|
||||
)
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>/avatar')
|
||||
def user_avatar(user_id):
|
||||
def _delete_user(app: Flask, user_id: int):
|
||||
with app.app_context():
|
||||
user = User.query.get(user_id)
|
||||
user.delete()
|
||||
db.session.commit()
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>', methods=['DELETE'])
|
||||
@login_required
|
||||
def delete_user(user_id: int):
|
||||
user = User.query.get_or_404(user_id)
|
||||
if not (user.is_public or user == current_user or current_user.is_administrator):
|
||||
|
||||
if not (
|
||||
user == current_user
|
||||
or current_user.is_administrator
|
||||
):
|
||||
abort(403)
|
||||
|
||||
if user == current_user:
|
||||
logout_user()
|
||||
|
||||
thread = Thread(
|
||||
target=_delete_user,
|
||||
args=(current_app._get_current_object(), user.id)
|
||||
)
|
||||
thread.start()
|
||||
|
||||
return jsonify(f'User "{user.username}" marked for deletion'), 202
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>/avatar')
|
||||
@login_required
|
||||
def user_avatar(user_id: int):
|
||||
user = User.query.get_or_404(user_id)
|
||||
|
||||
if not (
|
||||
user.is_public
|
||||
or user == current_user
|
||||
or current_user.is_administrator
|
||||
):
|
||||
abort(403)
|
||||
|
||||
if user.avatar is None:
|
||||
return redirect(url_for('static', filename='images/user_avatar.png'))
|
||||
|
||||
return send_from_directory(
|
||||
user.avatar.path.parent,
|
||||
user.avatar.path.name,
|
||||
@ -41,3 +102,49 @@ def user_avatar(user_id):
|
||||
download_name=user.avatar.filename,
|
||||
mimetype=user.avatar.mimetype
|
||||
)
|
||||
|
||||
|
||||
def _delete_avatar(app: Flask, avatar_id: int):
|
||||
with app.app_context():
|
||||
avatar = Avatar.query.get(avatar_id)
|
||||
avatar.delete()
|
||||
db.session.commit()
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>/avatar', methods=['DELETE'])
|
||||
@login_required
|
||||
def delete_user_avatar(user_id: int):
|
||||
user = User.query.get_or_404(user_id)
|
||||
|
||||
if user.avatar is None:
|
||||
abort(409)
|
||||
|
||||
if not (
|
||||
user == current_user
|
||||
or current_user.is_administrator
|
||||
):
|
||||
abort(403)
|
||||
|
||||
thread = Thread(
|
||||
target=_delete_avatar,
|
||||
args=(current_app._get_current_object(), user.avatar.id)
|
||||
)
|
||||
thread.start()
|
||||
|
||||
return jsonify('Avatar marked for deletion'), 202
|
||||
|
||||
|
||||
# TODO: Move this to main blueprint(?)
|
||||
@bp.route('/accept-terms-of-use', methods=['POST'])
|
||||
@login_required
|
||||
def accept_terms_of_use():
|
||||
if not (
|
||||
current_user.is_authenticated
|
||||
or current_user.confirmed
|
||||
):
|
||||
abort(403)
|
||||
|
||||
current_user.terms_of_use_accepted = True
|
||||
db.session.commit()
|
||||
|
||||
return jsonify('You accepted the terms of use'), 202
|
||||
|
||||
@ -1,2 +0,0 @@
|
||||
from .. import bp
|
||||
from . import json_routes, routes
|
||||
@ -1,160 +0,0 @@
|
||||
from flask_wtf import FlaskForm
|
||||
from flask_wtf.file import FileField, FileRequired, FileSize
|
||||
from wtforms import (
|
||||
PasswordField,
|
||||
SelectField,
|
||||
StringField,
|
||||
SubmitField,
|
||||
TextAreaField,
|
||||
ValidationError
|
||||
)
|
||||
from wtforms.validators import (
|
||||
DataRequired,
|
||||
Email,
|
||||
EqualTo,
|
||||
Length,
|
||||
Regexp
|
||||
)
|
||||
from app.models import User, UserSettingJobStatusMailNotificationLevel
|
||||
|
||||
|
||||
class UpdateAccountInformationForm(FlaskForm):
|
||||
email = StringField(
|
||||
'E-Mail',
|
||||
validators=[DataRequired(), Length(max=254), Email()]
|
||||
)
|
||||
username = StringField(
|
||||
'Username',
|
||||
validators=[
|
||||
DataRequired(),
|
||||
Length(max=64),
|
||||
Regexp(
|
||||
User.username_pattern,
|
||||
message=(
|
||||
'Usernames must have only letters, numbers, dots or '
|
||||
'underscores'
|
||||
)
|
||||
)
|
||||
]
|
||||
)
|
||||
submit = SubmitField()
|
||||
|
||||
def __init__(self, user, *args, **kwargs):
|
||||
if 'data' not in kwargs:
|
||||
kwargs['data'] = user.to_json_serializeable()
|
||||
if 'prefix' not in kwargs:
|
||||
kwargs['prefix'] = 'update-account-information-form'
|
||||
super().__init__(*args, **kwargs)
|
||||
self.user = user
|
||||
|
||||
def validate_email(self, field):
|
||||
if (field.data != self.user.email
|
||||
and User.query.filter_by(email=field.data).first()):
|
||||
raise ValidationError('Email already registered')
|
||||
|
||||
def validate_username(self, field):
|
||||
if (field.data != self.user.username
|
||||
and User.query.filter_by(username=field.data).first()):
|
||||
raise ValidationError('Username already in use')
|
||||
|
||||
|
||||
class UpdateProfileInformationForm(FlaskForm):
|
||||
full_name = StringField(
|
||||
'Full name',
|
||||
validators=[Length(max=128)]
|
||||
)
|
||||
about_me = TextAreaField(
|
||||
'About me',
|
||||
validators=[
|
||||
Length(max=254)
|
||||
]
|
||||
)
|
||||
website = StringField(
|
||||
'Website',
|
||||
validators=[
|
||||
Length(max=254)
|
||||
]
|
||||
)
|
||||
organization = StringField(
|
||||
'Organization',
|
||||
validators=[
|
||||
Length(max=128)
|
||||
]
|
||||
)
|
||||
location = StringField(
|
||||
'Location',
|
||||
validators=[
|
||||
Length(max=128)
|
||||
]
|
||||
)
|
||||
submit = SubmitField()
|
||||
|
||||
def __init__(self, user, *args, **kwargs):
|
||||
if 'data' not in kwargs:
|
||||
kwargs['data'] = user.to_json_serializeable()
|
||||
if 'prefix' not in kwargs:
|
||||
kwargs['prefix'] = 'update-profile-information-form'
|
||||
super().__init__(*args, **kwargs)
|
||||
|
||||
|
||||
class UpdateAvatarForm(FlaskForm):
|
||||
avatar = FileField('File', validators=[FileRequired(), FileSize(2_000_000)])
|
||||
submit = SubmitField()
|
||||
|
||||
def validate_avatar(self, field):
|
||||
valid_mimetypes = ['image/jpeg', 'image/png']
|
||||
if field.data.mimetype not in valid_mimetypes:
|
||||
raise ValidationError('JPEG and PNG files only!')
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
if 'prefix' not in kwargs:
|
||||
kwargs['prefix'] = 'update-avatar-form'
|
||||
super().__init__(*args, **kwargs)
|
||||
|
||||
|
||||
class UpdatePasswordForm(FlaskForm):
|
||||
password = PasswordField('Old password', validators=[DataRequired()])
|
||||
new_password = PasswordField(
|
||||
'New password',
|
||||
validators=[
|
||||
DataRequired(),
|
||||
EqualTo('new_password_2', message='Passwords must match')
|
||||
]
|
||||
)
|
||||
new_password_2 = PasswordField(
|
||||
'New password confirmation',
|
||||
validators=[
|
||||
DataRequired(),
|
||||
EqualTo('new_password', message='Passwords must match')
|
||||
]
|
||||
)
|
||||
submit = SubmitField()
|
||||
|
||||
def __init__(self, user, *args, **kwargs):
|
||||
if 'prefix' not in kwargs:
|
||||
kwargs['prefix'] = 'update-password-form'
|
||||
super().__init__(*args, **kwargs)
|
||||
self.user = user
|
||||
|
||||
def validate_current_password(self, field):
|
||||
if not self.user.verify_password(field.data):
|
||||
raise ValidationError('Invalid password')
|
||||
|
||||
|
||||
class UpdateNotificationsForm(FlaskForm):
|
||||
job_status_mail_notification_level = SelectField(
|
||||
'Job status mail notification level',
|
||||
choices=[
|
||||
(x.name, x.name.capitalize())
|
||||
for x in UserSettingJobStatusMailNotificationLevel
|
||||
],
|
||||
validators=[DataRequired()]
|
||||
)
|
||||
submit = SubmitField()
|
||||
|
||||
def __init__(self, user, *args, **kwargs):
|
||||
if 'data' not in kwargs:
|
||||
kwargs['data'] = user.to_json_serializeable()
|
||||
if 'prefix' not in kwargs:
|
||||
kwargs['prefix'] = 'update-notifications-form'
|
||||
super().__init__(*args, **kwargs)
|
||||
@ -1,49 +0,0 @@
|
||||
from flask import abort, request
|
||||
from flask_login import current_user
|
||||
from app import db
|
||||
from app.decorators import content_negotiation
|
||||
from app.models import User, ProfilePrivacySettings
|
||||
from . import bp
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>/settings/profile-privacy/is-public', methods=['PUT'])
|
||||
@content_negotiation(consumes='application/json', produces='application/json')
|
||||
def update_user_profile_privacy_setting_is_public(user_id):
|
||||
user = User.query.get_or_404(user_id)
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
abort(403)
|
||||
enabled = request.json
|
||||
if not isinstance(enabled, bool):
|
||||
abort(400)
|
||||
user.is_public = enabled
|
||||
db.session.commit()
|
||||
response_data = {
|
||||
'message': 'Profile privacy settings updated',
|
||||
'category': 'settings'
|
||||
}
|
||||
return response_data, 200
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>/settings/profile-privacy/<string:profile_privacy_setting_name>', methods=['PUT'])
|
||||
@content_negotiation(consumes='application/json', produces='application/json')
|
||||
def update_user_profile_privacy_settings(user_id, profile_privacy_setting_name):
|
||||
user = User.query.get_or_404(user_id)
|
||||
try:
|
||||
profile_privacy_setting = ProfilePrivacySettings[profile_privacy_setting_name]
|
||||
except KeyError:
|
||||
abort(404)
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
abort(403)
|
||||
enabled = request.json
|
||||
if not isinstance(enabled, bool):
|
||||
abort(400)
|
||||
if enabled:
|
||||
user.add_profile_privacy_setting(profile_privacy_setting)
|
||||
else:
|
||||
user.remove_profile_privacy_setting(profile_privacy_setting)
|
||||
db.session.commit()
|
||||
response_data = {
|
||||
'message': 'Profile privacy settings updated',
|
||||
'category': 'settings'
|
||||
}
|
||||
return response_data, 200
|
||||
@ -1,93 +0,0 @@
|
||||
from flask import abort, flash, g, redirect, render_template, url_for
|
||||
from flask_login import current_user
|
||||
from app import db
|
||||
from app.models import Avatar, User
|
||||
from . import bp
|
||||
from .forms import (
|
||||
UpdateAvatarForm,
|
||||
UpdatePasswordForm,
|
||||
UpdateNotificationsForm,
|
||||
UpdateAccountInformationForm,
|
||||
UpdateProfileInformationForm
|
||||
)
|
||||
|
||||
|
||||
@bp.route('/<hashid:user_id>/settings', methods=['GET', 'POST'])
|
||||
def settings(user_id):
|
||||
user = User.query.get_or_404(user_id)
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
abort(403)
|
||||
|
||||
redirect_location_on_post = g.pop(
|
||||
'_nopaque_redirect_location_on_post',
|
||||
url_for('.settings', user_id=user_id)
|
||||
)
|
||||
|
||||
update_account_information_form = UpdateAccountInformationForm(user)
|
||||
update_profile_information_form = UpdateProfileInformationForm(user)
|
||||
update_avatar_form = UpdateAvatarForm()
|
||||
update_password_form = UpdatePasswordForm(user)
|
||||
update_notifications_form = UpdateNotificationsForm(user)
|
||||
|
||||
# region handle update profile information form
|
||||
if update_profile_information_form.submit.data and update_profile_information_form.validate():
|
||||
user.about_me = update_profile_information_form.about_me.data
|
||||
user.location = update_profile_information_form.location.data
|
||||
user.organization = update_profile_information_form.organization.data
|
||||
user.website = update_profile_information_form.website.data
|
||||
user.full_name = update_profile_information_form.full_name.data
|
||||
db.session.commit()
|
||||
flash('Your changes have been saved')
|
||||
return redirect(redirect_location_on_post)
|
||||
# endregion handle update profile information form
|
||||
|
||||
# region handle update avatar form
|
||||
if update_avatar_form.submit.data and update_avatar_form.validate():
|
||||
try:
|
||||
Avatar.create(
|
||||
update_avatar_form.avatar.data,
|
||||
user=user
|
||||
)
|
||||
except (AttributeError, OSError):
|
||||
abort(500)
|
||||
db.session.commit()
|
||||
flash('Your changes have been saved')
|
||||
return redirect(redirect_location_on_post)
|
||||
# endregion handle update avatar form
|
||||
|
||||
# region handle update account information form
|
||||
if update_account_information_form.submit.data and update_account_information_form.validate():
|
||||
user.email = update_account_information_form.email.data
|
||||
user.username = update_account_information_form.username.data
|
||||
db.session.commit()
|
||||
flash('Profile settings updated')
|
||||
return redirect(redirect_location_on_post)
|
||||
# endregion handle update account information form
|
||||
|
||||
# region handle update password form
|
||||
if update_password_form.submit.data and update_password_form.validate():
|
||||
user.password = update_password_form.new_password.data
|
||||
db.session.commit()
|
||||
flash('Your changes have been saved')
|
||||
return redirect(redirect_location_on_post)
|
||||
# endregion handle update password form
|
||||
|
||||
# region handle update notifications form
|
||||
if update_notifications_form.submit.data and update_notifications_form.validate():
|
||||
user.setting_job_status_mail_notification_level = \
|
||||
update_notifications_form.job_status_mail_notification_level.data
|
||||
db.session.commit()
|
||||
flash('Your changes have been saved')
|
||||
return redirect(redirect_location_on_post)
|
||||
# endregion handle update notifications form
|
||||
|
||||
return render_template(
|
||||
'users/settings/settings.html.j2',
|
||||
title='Settings',
|
||||
update_account_information_form=update_account_information_form,
|
||||
update_avatar_form=update_avatar_form,
|
||||
update_notifications_form=update_notifications_form,
|
||||
update_password_form=update_password_form,
|
||||
update_profile_information_form=update_profile_information_form,
|
||||
user=user
|
||||
)
|
||||
Reference in New Issue
Block a user