from flask import ( abort, current_app, flash, Markup, redirect, render_template, send_from_directory, url_for ) from flask_login import current_user, login_required from threading import Thread import os from app import db from app.models import Avatar, ProfilePrivacySettings, User from . import bp from .forms import ( EditPrivacySettingsForm, EditProfileSettingsForm, EditPublicProfileInformationForm ) @bp.before_request @login_required def before_request(): pass @bp.route('/') @login_required def user(user_id): user = User.query.get_or_404(user_id) if not user.is_public and user != current_user: abort(403) return render_template( 'users/profile.html.j2', user=user.to_json_serializeable(), user_id=user_id ) @bp.route('/', methods=['DELETE']) @login_required def delete_user(user_id): def _delete_user(app, user_id): with app.app_context(): user = User.query.get(user_id) user.delete() db.session.commit() user = User.query.get_or_404(user_id) if not (user == current_user or current_user.is_administrator()): abort(403) thread = Thread( target=_delete_user, args=(current_app._get_current_object(), user_id) ) thread.start() return {}, 202 @bp.route('/') def profile(user_id): user = User.query.get_or_404(user_id) if not user.is_public and user != current_user: abort(403) return render_template( 'users/profile.html.j2', user=user.to_json_serializeable(), user_id=user_id ) @bp.route('//avatar') def profile_avatar(user_id): user = User.query.get_or_404(user_id) if user.avatar is None: abort(404) if not user.is_public and not (user == current_user or current_user.is_administrator()): abort(403) return send_from_directory( os.path.dirname(user.avatar.path), os.path.basename(user.avatar.path), as_attachment=True, attachment_filename=user.avatar.filename, mimetype=user.avatar.mimetype ) @bp.route('//avatar', methods=['DELETE']) def delete_profile_avatar(user_id): def _delete_avatar(app, avatar_id): with app.app_context(): avatar = Avatar.query.get(avatar_id) avatar.delete() db.session.commit() user = User.query.get_or_404(user_id) if user.avatar is None: abort(404) thread = Thread( target=_delete_avatar, args=(current_app._get_current_object(), user.avatar.id) ) thread.start() return {}, 202 @bp.route('//edit', methods=['GET', 'POST']) def edit_profile(user_id): user = User.query.get_or_404(user_id) if not (user == current_user or current_user.is_administrator()): abort(403) edit_profile_settings_form = EditProfileSettingsForm( current_user, data=current_user.to_json_serializeable(), prefix='edit-profile-settings-form' ) edit_privacy_settings_form = EditPrivacySettingsForm( data=current_user.to_json_serializeable(), prefix='edit-privacy-settings-form' ) edit_public_profile_information_form = EditPublicProfileInformationForm( data=current_user.to_json_serializeable(), prefix='edit-public-profile-information-form' ) if edit_profile_settings_form.validate_on_submit(): current_user.email = edit_profile_settings_form.email.data current_user.username = edit_profile_settings_form.username.data db.session.commit() flash('Profile settings updated') return redirect(url_for('.user', user_id=user.id)) if edit_privacy_settings_form.submit.data and edit_privacy_settings_form.validate(): current_user.is_public = edit_privacy_settings_form.is_public.data if edit_privacy_settings_form.show_email.data: current_user.add_profile_privacy_setting(ProfilePrivacySettings.SHOW_EMAIL) else: current_user.remove_profile_privacy_setting(ProfilePrivacySettings.SHOW_EMAIL) if edit_privacy_settings_form.show_last_seen.data: current_user.add_profile_privacy_setting(ProfilePrivacySettings.SHOW_LAST_SEEN) else: current_user.remove_profile_privacy_setting(ProfilePrivacySettings.SHOW_LAST_SEEN) if edit_privacy_settings_form.show_member_since.data: current_user.add_profile_privacy_setting(ProfilePrivacySettings.SHOW_MEMBER_SINCE) else: current_user.remove_profile_privacy_setting(ProfilePrivacySettings.SHOW_MEMBER_SINCE) db.session.commit() flash('Your changes have been saved') return redirect(url_for('.user', user_id=user.id)) if edit_public_profile_information_form.validate_on_submit(): if edit_public_profile_information_form.avatar.data: try: Avatar.create(edit_public_profile_information_form.avatar.data, user=current_user) except (AttributeError, OSError): abort(500) current_user.about_me = edit_public_profile_information_form.about_me.data current_user.location = edit_public_profile_information_form.location.data current_user.organization = edit_public_profile_information_form.organization.data current_user.website = edit_public_profile_information_form.website.data current_user.full_name = edit_public_profile_information_form.full_name.data db.session.commit() flash('Profile settings updated') return redirect(url_for('.user', user_id=user.id)) return render_template( 'users/edit_profile.html.j2', edit_profile_settings_form=edit_profile_settings_form, edit_privacy_settings_form=edit_privacy_settings_form, edit_public_profile_information_form=edit_public_profile_information_form, user=user, title='Edit Profile' )