nopaque/app/users/settings/json_routes.py

from flask import abort, request
from flask_login import current_user
from app import db
from app.decorators import content_negotiation
from app.models import User, ProfilePrivacySettings
from . import bp


@bp.route('/<hashid:user_id>/settings/profile-privacy/is-public', methods=['PUT'])
@content_negotiation(consumes='application/json', produces='application/json')
def update_user_profile_privacy_setting_is_public(user_id):
    user = User.query.get_or_404(user_id)
    if not (user == current_user or current_user.is_administrator):
        abort(403)
    enabled = request.json
    if not isinstance(enabled, bool):
        abort(400)
    user.is_public = enabled
    db.session.commit()
    response_data = {
        'message': 'Profile privacy settings updated',
        'category': 'settings'
    }
    return response_data, 200


@bp.route('/<hashid:user_id>/settings/profile-privacy/<string:profile_privacy_setting_name>', methods=['PUT'])
@content_negotiation(consumes='application/json', produces='application/json')
def update_user_profile_privacy_settings(user_id, profile_privacy_setting_name):
    user = User.query.get_or_404(user_id)
    try:
        profile_privacy_setting = ProfilePrivacySettings[profile_privacy_setting_name]
    except KeyError:
        abort(404)
    if not (user == current_user or current_user.is_administrator):
        abort(403)
    enabled = request.json
    if not isinstance(enabled, bool):
        abort(400)
    if enabled:
        user.add_profile_privacy_setting(profile_privacy_setting)
    else:
        user.remove_profile_privacy_setting(profile_privacy_setting)
    db.session.commit()
    response_data = {
        'message': 'Profile privacy settings updated',
        'category': 'settings'
    }
    return response_data, 200