feat(privacy): add private-message permission toggle

2026-03-08 02:56:58 +03:00
parent f1b2e47df8
commit 76ab9c72f5
11 changed files with 61 additions and 2 deletions
--- a/app/chats/service.py
+++ b/app/chats/service.py
@@ -104,6 +104,12 @@ async def create_chat_for_user(db: AsyncSession, *, creator_id: int, payload: Ch
            detail="Private chat requires exactly one target user.",
        )
    if payload.type == ChatType.PRIVATE:
+        target_user = await get_user_by_id(db, member_ids[0])
+        if target_user and not target_user.allow_private_messages:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="User does not accept private messages",
+            )
        if await has_block_relation_between_users(db, user_a_id=creator_id, user_b_id=member_ids[0]):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
--- a/app/messages/service.py
+++ b/app/messages/service.py
@@ -11,6 +11,7 @@ from app.messages.spam_guard import enforce_message_spam_policy
 from app.messages.schemas import MessageCreateRequest, MessageForwardRequest, MessageStatusUpdateRequest, MessageUpdateRequest
 from app.notifications.service import dispatch_message_notifications
 from app.users.repository import has_block_relation_between_users
+from app.users.service import get_user_by_id


 async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: MessageCreateRequest) -> Message:
@@ -27,6 +28,10 @@ async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: Mess
        counterpart_id = await chats_repository.get_private_counterpart_user_id(db, chat_id=payload.chat_id, user_id=sender_id)
        if counterpart_id and await has_block_relation_between_users(db, user_a_id=sender_id, user_b_id=counterpart_id):
            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Cannot send message due to block settings")
+        if counterpart_id:
+            counterpart = await get_user_by_id(db, counterpart_id)
+            if counterpart and not counterpart.allow_private_messages:
+                raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User does not accept private messages")
    if payload.reply_to_message_id is not None:
        reply_to = await repository.get_message_by_id(db, payload.reply_to_message_id)
        if not reply_to or reply_to.chat_id != payload.chat_id:
--- a/app/users/models.py
+++ b/app/users/models.py
@@ -23,6 +23,7 @@ class User(Base):
    avatar_url: Mapped[str | None] = mapped_column(String(512), nullable=True)
    bio: Mapped[str | None] = mapped_column(String(500), nullable=True)
    email_verified: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False, index=True)
+    allow_private_messages: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False, server_default="true")
    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), nullable=False)
    updated_at: Mapped[datetime] = mapped_column(
        DateTime(timezone=True),
--- a/app/users/router.py
+++ b/app/users/router.py
@@ -59,6 +59,7 @@ async def update_profile(
        username=payload.username,
        bio=payload.bio,
        avatar_url=payload.avatar_url,
+        allow_private_messages=payload.allow_private_messages,
    )
    return updated

--- a/app/users/schemas.py
+++ b/app/users/schemas.py
@@ -20,6 +20,7 @@ class UserRead(UserBase):
    avatar_url: str | None = None
    bio: str | None = None
    email_verified: bool
+    allow_private_messages: bool
    created_at: datetime
    updated_at: datetime

@@ -29,6 +30,7 @@ class UserProfileUpdate(BaseModel):
    username: str | None = Field(default=None, min_length=3, max_length=50)
    bio: str | None = Field(default=None, max_length=500)
    avatar_url: str | None = Field(default=None, max_length=512)
+    allow_private_messages: bool | None = None


 class UserSearchRead(BaseModel):
--- a/app/users/service.py
+++ b/app/users/service.py
@@ -40,6 +40,7 @@ async def update_user_profile(
    username: str | None = None,
    bio: str | None = None,
    avatar_url: str | None = None,
+    allow_private_messages: bool | None = None,
 ) -> User:
    if name is not None:
        user.name = name
@@ -49,6 +50,8 @@ async def update_user_profile(
        user.bio = bio
    if avatar_url is not None:
        user.avatar_url = avatar_url
+    if allow_private_messages is not None:
+        user.allow_private_messages = allow_private_messages
    await db.commit()
    await db.refresh(user)
    return user