from flask import abort, request from flask_login import current_user from app import db from app.decorators import content_negotiation from app.models import User, ProfilePrivacySettings from . import bp @bp.route('//settings/profile-privacy/is-public', methods=['PUT']) @content_negotiation(consumes='application/json', produces='application/json') def update_user_profile_privacy_setting_is_public(user_id): user = User.query.get_or_404(user_id) if not (user == current_user or current_user.is_administrator()): abort(403) enabled = request.json if not isinstance(enabled, bool): abort(400) user.is_public = enabled db.session.commit() response_data = { 'message': 'Profile privacy settings updated', 'category': 'settings' } return response_data, 200 @bp.route('//settings/profile-privacy/', methods=['PUT']) @content_negotiation(consumes='application/json', produces='application/json') def update_user_profile_privacy_settings(user_id, profile_privacy_setting_name): user = User.query.get_or_404(user_id) try: profile_privacy_setting = ProfilePrivacySettings[profile_privacy_setting_name] except KeyError: abort(404) if not (user == current_user or current_user.is_administrator()): abort(403) enabled = request.json if not isinstance(enabled, bool): abort(400) if enabled: user.add_profile_privacy_setting(profile_privacy_setting) else: user.remove_profile_privacy_setting(profile_privacy_setting) db.session.commit() response_data = { 'message': 'Profile privacy settings updated', 'category': 'settings' } return response_data, 200