move blueprints in dedicated folder

app/blueprints/users/__init__.py

@@ -0,0 +1,18 @@
+from flask import Blueprint
+from flask_login import login_required
+
+
+bp = Blueprint('users', __name__)
+
+
+@bp.before_request
+@login_required
+def before_request():
+    '''
+    Ensures that the routes in this package can only be visited by users that
+    are logged in.
+    '''
+    pass
+
+
+from . import cli, events, json_routes, routes, settings

app/blueprints/users/cli.py

@@ -0,0 +1,12 @@
+from app.models import User
+from app import db
+from . import bp
+
+
+@bp.cli.command('reset')
+def reset():
+    ''' Reset terms of use accept '''
+    for user in [x for x in User.query.all() if x.terms_of_use_accepted]:
+        print(f'Resetting user {user.username}')
+        user.terms_of_use_accepted = False
+    db.session.commit()

app/blueprints/users/events.py

@@ -0,0 +1,47 @@
+from flask_login import current_user
+from flask_socketio import join_room, leave_room
+from app import hashids, socketio
+from app.decorators import socketio_login_required
+from app.models import User
+
+
+@socketio.on('GET /users/<user_id>')
+@socketio_login_required
+def get_user(user_hashid):
+    user_id = hashids.decode(user_hashid)
+    user = User.query.get(user_id)
+    if user is None:
+        return {'status': 404, 'statusText': 'Not found'}
+    if not (user == current_user or current_user.is_administrator):
+        return {'status': 403, 'statusText': 'Forbidden'}
+    return {
+        'body': user.to_json_serializeable(backrefs=True, relationships=True),
+        'status': 200,
+        'statusText': 'OK'
+    }
+
+
+@socketio.on('SUBSCRIBE /users/<user_id>')
+@socketio_login_required
+def subscribe_user(user_hashid):
+    user_id = hashids.decode(user_hashid)
+    user = User.query.get(user_id)
+    if user is None:
+        return {'status': 404, 'statusText': 'Not found'}
+    if not (user == current_user or current_user.is_administrator):
+        return {'status': 403, 'statusText': 'Forbidden'}
+    join_room(f'/users/{user.hashid}')
+    return {'status': 200, 'statusText': 'OK'}
+
+
+@socketio.on('UNSUBSCRIBE /users/<user_id>')
+@socketio_login_required
+def unsubscribe_user(user_hashid):
+    user_id = hashids.decode(user_hashid)
+    user = User.query.get(user_id)
+    if user is None:
+        return {'status': 404, 'statusText': 'Not found'}
+    if not (user == current_user or current_user.is_administrator):
+        return {'status': 403, 'statusText': 'Forbidden'}
+    leave_room(f'/users/{user.hashid}')
+    return {'status': 200, 'statusText': 'OK'}

app/blueprints/users/json_routes.py

@@ -0,0 +1,69 @@
+from flask import abort, current_app
+from flask_login import current_user, logout_user
+from threading import Thread
+from app import db
+from app.decorators import content_negotiation
+from app.models import Avatar, User
+from . import bp
+
+
+@bp.route('/<hashid:user_id>', methods=['DELETE'])
+@content_negotiation(produces='application/json')
+def delete_user(user_id):
+    def _delete_user(app, user_id):
+        with app.app_context():
+            user = User.query.get(user_id)
+            user.delete()
+            db.session.commit()
+
+    user = User.query.get_or_404(user_id)
+    if not (user == current_user or current_user.is_administrator):
+        abort(403)
+    thread = Thread(
+        target=_delete_user,
+        args=(current_app._get_current_object(), user.id)
+    )
+    if user == current_user:
+        logout_user()
+    thread.start()
+    response_data = {
+        'message': f'User "{user.username}" marked for deletion'
+    }
+    return response_data, 202
+
+
+@bp.route('/<hashid:user_id>/avatar', methods=['DELETE'])
+@content_negotiation(produces='application/json')
+def delete_user_avatar(user_id):
+    def _delete_avatar(app, avatar_id):
+        with app.app_context():
+            avatar = Avatar.query.get(avatar_id)
+            avatar.delete()
+            db.session.commit()
+
+    user = User.query.get_or_404(user_id)
+    if user.avatar is None:
+        abort(404)
+    if not (user == current_user or current_user.is_administrator):
+        abort(403)
+    thread = Thread(
+        target=_delete_avatar,
+        args=(current_app._get_current_object(), user.avatar.id)
+    )
+    thread.start()
+    response_data = {
+        'message': f'Avatar marked for deletion'
+    }
+    return response_data, 202
+
+@bp.route('/accept-terms-of-use', methods=['POST'])
+@content_negotiation(produces='application/json')
+def accept_terms_of_use():
+    if not (current_user.is_authenticated or current_user.confirmed):
+        abort(403)
+    current_user.terms_of_use_accepted = True
+    db.session.commit()
+    response_data = {
+        'message': 'You accepted the terms of use',
+    }
+    return response_data, 202

app/blueprints/users/nevents.py

@@ -0,0 +1,114 @@
+from flask_login import current_user
+from flask_socketio import join_room
+from app import hashids, socketio
+from app.decorators import socketio_admin_required, socketio_login_required
+from app.models import User
+
+
+@socketio.on('GET /users')
+@socketio_admin_required
+def get_users():
+    users = User.query.filter_by().all()
+    return {
+        'body': [user.to_json_serializable() for user in users],
+        'options': {
+            'status': 200,
+            'statusText': 'OK',
+            'headers': {'Content-Type: application/json'}
+        }
+    }
+
+
+@socketio.on('SUBSCRIBE /users')
+@socketio_admin_required
+def subscribe_users():
+    join_room('/users')
+    return {'options': {'status': 200, 'statusText': 'OK'}}
+
+
+@socketio.on('GET /users/<user_id>')
+@socketio_login_required
+def get_user(user_hashid):
+    user_id = hashids.decode(user_hashid)
+    user = User.query.get(user_id)
+    if user is None:
+        return {'options': {'status': 404, 'statusText': 'Not found'}}
+    if not (user == current_user or current_user.is_administrator):
+        return {'options': {'status': 403, 'statusText': 'Forbidden'}}
+    return {
+        'body': user.to_json_serializable(),
+        'options': {
+            'status': 200,
+            'statusText': 'OK',
+            'headers': {'Content-Type: application/json'}
+        }
+    }
+
+
+@socketio.on('SUBSCRIBE /users/<user_id>')
+@socketio_login_required
+def subscribe_user(user_hashid):
+    user_id = hashids.decode(user_hashid)
+    user = User.query.get(user_id)
+    if user is None:
+        return {'options': {'status': 404, 'statusText': 'Not found'}}
+    if not (user == current_user or current_user.is_administrator):
+        return {'options': {'status': 403, 'statusText': 'Forbidden'}}
+    join_room(f'/users/{user.hashid}')
+    return {'options': {'status': 200, 'statusText': 'OK'}}
+
+
+@socketio.on('GET /public_users')
+@socketio_login_required
+def get_public_users():
+    users = User.query.filter_by(is_public=True).all()
+    return {
+        'body': [
+            user.to_json_serializable(filter_by_privacy_settings=True)
+            for user in users
+        ],
+        'options': {
+            'status': 200,
+            'statusText': 'OK',
+            'headers': {'Content-Type: application/json'}
+        }
+    }
+
+
+@socketio.on('SUBSCRIBE /users')
+@socketio_admin_required
+def subscribe_users():
+    join_room('/public_users')
+    return {'options': {'status': 200, 'statusText': 'OK'}}
+
+
+@socketio.on('GET /public_users/<user_id>')
+@socketio_login_required
+def get_user(user_hashid):
+    user_id = hashids.decode(user_hashid)
+    user = User.query.filter_by(id=user_id, is_public=True).first()
+    if user is None:
+        return {'options': {'status': 404, 'statusText': 'Not found'}}
+    if not (user == current_user or current_user.is_administrator):
+        return {'options': {'status': 403, 'statusText': 'Forbidden'}}
+    return {
+        'body': user.to_json_serializable(filter_by_privacy_settings=True),
+        'options': {
+            'status': 200,
+            'statusText': 'OK',
+            'headers': {'Content-Type: application/json'}
+        }
+    }
+
+
+@socketio.on('SUBSCRIBE /public_users/<user_id>')
+@socketio_login_required
+def subscribe_user(user_hashid):
+    user_id = hashids.decode(user_hashid)
+    user = User.query.filter_by(id=user_id, is_public=True).first()
+    if user is None:
+        return {'options': {'status': 404, 'statusText': 'Not found'}}
+    if not (user == current_user or current_user.is_administrator):
+        return {'options': {'status': 403, 'statusText': 'Forbidden'}}
+    join_room(f'/public_users/{user.hashid}')
+    return {'options': {'status': 200, 'statusText': 'OK'}}

app/blueprints/users/routes.py

@@ -0,0 +1,43 @@
+from flask import (
+    abort,
+    redirect, 
+    render_template, 
+    send_from_directory,
+    url_for
+)
+from flask_login import current_user
+from app.models import User
+from . import bp
+
+
+@bp.route('')
+def users():
+    return redirect(url_for('main.social_area', _anchor='users'))
+
+
+@bp.route('/<hashid:user_id>')
+def user(user_id):
+    user = User.query.get_or_404(user_id)
+    if not (user.is_public or user == current_user or current_user.is_administrator):
+        abort(403)
+    return render_template(
+        'users/user.html.j2',
+        title=user.username,
+        user=user
+    )
+
+
+@bp.route('/<hashid:user_id>/avatar')
+def user_avatar(user_id):
+    user = User.query.get_or_404(user_id)
+    if not (user.is_public or user == current_user or current_user.is_administrator):
+        abort(403)
+    if user.avatar is None:
+        return redirect(url_for('static', filename='images/user_avatar.png'))
+    return send_from_directory(
+        user.avatar.path.parent,
+        user.avatar.path.name,
+        as_attachment=True,
+        download_name=user.avatar.filename,
+        mimetype=user.avatar.mimetype
+    )

app/blueprints/users/settings/__init__.py

@@ -0,0 +1,2 @@
+from .. import bp
+from . import json_routes, routes

app/blueprints/users/settings/forms.py

@@ -0,0 +1,160 @@
+from flask_wtf import FlaskForm
+from flask_wtf.file import FileField, FileRequired, FileSize
+from wtforms import (
+    PasswordField,
+    SelectField,
+    StringField,
+    SubmitField,
+    TextAreaField,
+    ValidationError
+)
+from wtforms.validators import (
+    DataRequired,
+    Email,
+    EqualTo,
+    Length,
+    Regexp
+)
+from app.models import User, UserSettingJobStatusMailNotificationLevel
+
+
+class UpdateAccountInformationForm(FlaskForm):
+    email = StringField(
+        'E-Mail',
+        validators=[DataRequired(), Length(max=254), Email()]
+    )
+    username = StringField(
+        'Username',
+        validators=[
+            DataRequired(),
+            Length(max=64),
+            Regexp(
+                User.username_pattern,
+                message=(
+                    'Usernames must have only letters, numbers, dots or '
+                    'underscores'
+                )
+            )
+        ]
+    )
+    submit = SubmitField()
+    
+    def __init__(self, user, *args, **kwargs):
+        if 'data' not in kwargs:
+            kwargs['data'] = user.to_json_serializeable()
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'update-account-information-form'
+        super().__init__(*args, **kwargs)
+        self.user = user
+
+    def validate_email(self, field):
+        if (field.data != self.user.email
+                and User.query.filter_by(email=field.data).first()):
+            raise ValidationError('Email already registered')
+
+    def validate_username(self, field):
+        if (field.data != self.user.username
+                and User.query.filter_by(username=field.data).first()):
+            raise ValidationError('Username already in use')
+
+
+class UpdateProfileInformationForm(FlaskForm):
+    full_name = StringField(
+        'Full name',
+        validators=[Length(max=128)]
+    )
+    about_me = TextAreaField(
+        'About me', 
+        validators=[
+            Length(max=254)
+        ]
+    )
+    website = StringField(
+        'Website',
+        validators=[
+            Length(max=254)
+        ]
+    )
+    organization = StringField(
+        'Organization',
+        validators=[
+            Length(max=128)
+        ]
+    )
+    location = StringField(
+        'Location',
+        validators=[
+            Length(max=128)
+        ]
+    )
+    submit = SubmitField()
+
+    def __init__(self, user, *args, **kwargs):
+        if 'data' not in kwargs:
+            kwargs['data'] = user.to_json_serializeable()
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'update-profile-information-form'
+        super().__init__(*args, **kwargs)
+
+
+class UpdateAvatarForm(FlaskForm):
+    avatar = FileField('File', validators=[FileRequired(), FileSize(2_000_000)])
+    submit = SubmitField()
+
+    def validate_avatar(self, field):
+        valid_mimetypes = ['image/jpeg', 'image/png']
+        if field.data.mimetype not in valid_mimetypes:
+            raise ValidationError('JPEG and PNG files only!')
+
+    def __init__(self, *args, **kwargs):
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'update-avatar-form'
+        super().__init__(*args, **kwargs)
+
+
+class UpdatePasswordForm(FlaskForm):
+    password = PasswordField('Old password', validators=[DataRequired()])
+    new_password = PasswordField(
+        'New password',
+        validators=[
+            DataRequired(),
+            EqualTo('new_password_2', message='Passwords must match')
+        ]
+    )
+    new_password_2 = PasswordField(
+        'New password confirmation',
+        validators=[
+            DataRequired(),
+            EqualTo('new_password', message='Passwords must match')
+        ]
+    )
+    submit = SubmitField()
+
+    def __init__(self, user, *args, **kwargs):
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'update-password-form'
+        super().__init__(*args, **kwargs)
+        self.user = user
+
+    def validate_current_password(self, field):
+        if not self.user.verify_password(field.data):
+            raise ValidationError('Invalid password')
+
+
+class UpdateNotificationsForm(FlaskForm):
+    job_status_mail_notification_level = SelectField(
+        'Job status mail notification level',
+        choices=[
+            (x.name, x.name.capitalize())
+            for x in UserSettingJobStatusMailNotificationLevel
+        ],
+        validators=[DataRequired()]
+    )
+    submit = SubmitField()
+
+    def __init__(self, user, *args, **kwargs):
+        if 'data' not in kwargs:
+            kwargs['data'] = user.to_json_serializeable()
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'update-notifications-form'
+        super().__init__(*args, **kwargs)

app/blueprints/users/settings/json_routes.py

@@ -0,0 +1,49 @@
+from flask import abort, request
+from flask_login import current_user
+from app import db
+from app.decorators import content_negotiation
+from app.models import User, ProfilePrivacySettings
+from . import bp
+
+
+@bp.route('/<hashid:user_id>/settings/profile-privacy/is-public', methods=['PUT'])
+@content_negotiation(consumes='application/json', produces='application/json')
+def update_user_profile_privacy_setting_is_public(user_id):
+    user = User.query.get_or_404(user_id)
+    if not (user == current_user or current_user.is_administrator):
+        abort(403)
+    enabled = request.json
+    if not isinstance(enabled, bool):
+        abort(400)
+    user.is_public = enabled
+    db.session.commit()
+    response_data = {
+        'message': 'Profile privacy settings updated',
+        'category': 'settings'
+    }
+    return response_data, 200
+
+
+@bp.route('/<hashid:user_id>/settings/profile-privacy/<string:profile_privacy_setting_name>', methods=['PUT'])
+@content_negotiation(consumes='application/json', produces='application/json')
+def update_user_profile_privacy_settings(user_id, profile_privacy_setting_name):
+    user = User.query.get_or_404(user_id)
+    try:
+        profile_privacy_setting = ProfilePrivacySettings[profile_privacy_setting_name]
+    except KeyError:
+        abort(404)
+    if not (user == current_user or current_user.is_administrator):
+        abort(403)
+    enabled = request.json
+    if not isinstance(enabled, bool):
+        abort(400)
+    if enabled:
+        user.add_profile_privacy_setting(profile_privacy_setting)
+    else:
+        user.remove_profile_privacy_setting(profile_privacy_setting)
+    db.session.commit()
+    response_data = {
+        'message': 'Profile privacy settings updated',
+        'category': 'settings'
+    }
+    return response_data, 200

app/blueprints/users/settings/routes.py

@@ -0,0 +1,93 @@
+from flask import abort, flash, g, redirect, render_template, url_for
+from flask_login import current_user
+from app import db
+from app.models import Avatar, User
+from . import bp
+from .forms import (
+    UpdateAvatarForm,
+    UpdatePasswordForm,
+    UpdateNotificationsForm,
+    UpdateAccountInformationForm,
+    UpdateProfileInformationForm
+)
+
+
+@bp.route('/<hashid:user_id>/settings', methods=['GET', 'POST'])
+def settings(user_id):
+    user = User.query.get_or_404(user_id)
+    if not (user == current_user or current_user.is_administrator):
+        abort(403)
+
+    redirect_location_on_post = g.pop(
+        '_nopaque_redirect_location_on_post',
+        url_for('.settings', user_id=user_id)
+    )
+
+    update_account_information_form = UpdateAccountInformationForm(user)
+    update_profile_information_form = UpdateProfileInformationForm(user)
+    update_avatar_form = UpdateAvatarForm()
+    update_password_form = UpdatePasswordForm(user)
+    update_notifications_form = UpdateNotificationsForm(user)
+
+    # region handle update profile information form
+    if update_profile_information_form.submit.data and update_profile_information_form.validate():
+        user.about_me = update_profile_information_form.about_me.data
+        user.location = update_profile_information_form.location.data
+        user.organization = update_profile_information_form.organization.data
+        user.website = update_profile_information_form.website.data
+        user.full_name = update_profile_information_form.full_name.data
+        db.session.commit()
+        flash('Your changes have been saved')
+        return redirect(redirect_location_on_post)
+    # endregion handle update profile information form
+
+    # region handle update avatar form
+    if update_avatar_form.submit.data and update_avatar_form.validate():
+        try:
+            Avatar.create(
+                update_avatar_form.avatar.data,
+                user=user
+            )
+        except (AttributeError, OSError):
+            abort(500)
+        db.session.commit()
+        flash('Your changes have been saved')
+        return redirect(redirect_location_on_post)
+    # endregion handle update avatar form
+
+    # region handle update account information form
+    if update_account_information_form.submit.data and update_account_information_form.validate():
+        user.email = update_account_information_form.email.data
+        user.username = update_account_information_form.username.data
+        db.session.commit()
+        flash('Profile settings updated')
+        return redirect(redirect_location_on_post)
+    # endregion handle update account information form
+
+    # region handle update password form
+    if update_password_form.submit.data and update_password_form.validate():
+        user.password = update_password_form.new_password.data
+        db.session.commit()
+        flash('Your changes have been saved')
+        return redirect(redirect_location_on_post)
+    # endregion handle update password form
+
+    # region handle update notifications form
+    if update_notifications_form.submit.data and update_notifications_form.validate():
+        user.setting_job_status_mail_notification_level = \
+            update_notifications_form.job_status_mail_notification_level.data
+        db.session.commit()
+        flash('Your changes have been saved')
+        return redirect(redirect_location_on_post)
+    # endregion handle update notifications form
+
+    return render_template(
+        'users/settings/settings.html.j2',
+        title='Settings',
+        update_account_information_form=update_account_information_form,
+        update_avatar_form=update_avatar_form,
+        update_notifications_form=update_notifications_form,
+        update_password_form=update_password_form,
+        update_profile_information_form=update_profile_information_form,
+        user=user
+    )