From 28ba2f3db741ebcf632d8fc6015365881ae686d2 Mon Sep 17 00:00:00 2001
From: Lauren-D <laurent.dubois@itld-solutions.be>
Date: Thu, 14 Oct 2021 15:20:50 +0200
Subject: [PATCH] users: make user profiles read-only

Co-Authored-by: Lauren-D <laurent.dubois@itld-solutions.be>
---
 .gitignore                                    |  3 +
 invenio_userprofiles/config.py                |  9 +++
 .../settings/_macros.html                     | 29 ++++++++-
 .../settings/profile.html                     | 32 ++++++----
 invenio_userprofiles/views.py                 | 61 +++++++++----------
 5 files changed, 87 insertions(+), 47 deletions(-)

diff --git a/.gitignore b/.gitignore
index f32b3b9..6a62ac9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,6 @@ target/
 # Example generated
 examples/static/
 examples/instance/
+
+# VSCode
+.vscode
\ No newline at end of file
diff --git a/invenio_userprofiles/config.py b/invenio_userprofiles/config.py
index fb3e078..e6e4cbc 100644
--- a/invenio_userprofiles/config.py
+++ b/invenio_userprofiles/config.py
@@ -29,5 +29,14 @@
 USERPROFILES_SETTINGS_TEMPLATE = None
 """Settings base templates for user profile module."""
 
+USERPROFILES_DEFAULT_COUNTRY = None
+"""Default country marc21 code for the user profile."""
+
+USERPROFILES_COUNTRIES = lambda: [('ch', 'Switzerland')]
+"""Function to return the list of label, value for contries."""
+
+USERPROFILES_READONLY_FIELDS = lambda: []
+"""Function to return readonly fields."""
+
 USERPROFILES_READ_ONLY = False
 """Make the user profiles read-only."""
diff --git a/invenio_userprofiles/templates/invenio_userprofiles/settings/_macros.html b/invenio_userprofiles/templates/invenio_userprofiles/settings/_macros.html
index 8754b50..2760626 100644
--- a/invenio_userprofiles/templates/invenio_userprofiles/settings/_macros.html
+++ b/invenio_userprofiles/templates/invenio_userprofiles/settings/_macros.html
@@ -7,11 +7,13 @@
   under the terms of the MIT License; see LICENSE file for more details.
 #}
 
-{% macro render_field(field, icon="", placeholder='', autofocus=False, enabled=True, field_class="form-control") %}
+{% macro render_field(field, icon="", placeholder='', autofocus=False, enabled=True) %}
   <div class="form-group {% if icon %} has-feedback{% endif %}{% if field.errors %} has-error{% endif %}">
     {{ field.label }}
     {%- set extras = dict(autofocus="") if autofocus else dict() %}
-    {{field(class_=field_class, disabled=not enabled, placeholder=placeholder, **extras)}}
+    {{field(class_="form-control", disabled=not enabled, placeholder=placeholder, **extras)}}
+
+
     {%- if icon %}
     <i class="{{icon}} form-control-feedback" aria-hidden="true" ></i>
     {%- endif %}
@@ -28,3 +30,26 @@
     {%- endif %}
   </div>
 {% endmacro %}
+
+{% macro render_checkbox_field(field, icon="", autofocus=False, enabled=True) %}
+  <div class="form-group form-check {% if icon %} has-feedback{% endif %}{% if field.errors %} has-error{% endif %}">
+    {%- set extras = dict(autofocus="") if autofocus else dict() %}
+    {{field(class_="form-check-input", type="checkbox", disabled=not enabled, **extras)}}
+    {{ field.label }}
+
+    {%- if icon %}
+    <i class="{{icon}} form-control-feedback" aria-hidden="true" ></i>
+    {%- endif %}
+    {%- if field.description %}
+    <div class="help-block"><small>{{ field.description }}</small></div>
+    {%- endif %}
+    {%- if field.errors %}
+    <div class="alert alert-danger alert-dismissible text-left" role="alert">
+    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    {%- for error in field.errors %}
+    <p>{{error}}</p>
+    {% endfor %}
+    </div>
+    {%- endif %}
+  </div>
+{% endmacro %}
diff --git a/invenio_userprofiles/templates/invenio_userprofiles/settings/profile.html b/invenio_userprofiles/templates/invenio_userprofiles/settings/profile.html
index 9fea583..6c3c904 100644
--- a/invenio_userprofiles/templates/invenio_userprofiles/settings/profile.html
+++ b/invenio_userprofiles/templates/invenio_userprofiles/settings/profile.html
@@ -26,18 +26,24 @@
 {%- set form = profile_form %}
 {%- set read_only = config.USERPROFILES_READ_ONLY %}
 <form method="POST" name="profile_form">
-{%- for field in form %}
-{%- if field.widget.input_type == 'hidden' %}
-{{ field() }}
-{%- elif not read_only or "repeat" not in field.id %}
-{{ render_field(field, autofocus=True, enabled=not read_only, placeholder=field.label.text) }}
-{%- endif %}
-{%- endfor %}
-{%- if not read_only %}
-<div class="form-actions">
-  <a href="." class="btn btn-default"><i class="fa fa-times"></i> {{ _('Cancel') }}</a>
-  <button type="submit" name="submit" value="profile" class="btn btn-primary"><i class="fa fa-check"></i> {{ _('Update profile') }}</button>
-</div>
-{%- endif %}
+  {%- for field in form %}
+  {%- if field.widget.input_type == 'hidden' %}
+  {{ field() }}
+  {%- else %}
+  {% if field.type == "BooleanField" %}
+  {{ render_checkbox_field(field, autofocus=True, enabled=not read_only) }}
+  {%- else %}
+  {{ render_field(field, autofocus=True, enabled=not read_only, placeholder=field.label.text) }}
+  {%- endif %}
+
+  {%- endif %}
+  {%- endfor %}
+  {%- if not read_only %}
+  <div class="form-actions">
+    <a href="." class="btn btn-default"><i class="fa fa-times"></i> {{ _('Cancel') }}</a>
+    <button type="submit" name="submit" value="profile" class="btn btn-primary"><i class="fa fa-check"></i>
+      {{ _('Update profile') }}</button>
+  </div>
+  {%- endif %}
 </form>
 {%- endblock settings_form %}
diff --git a/invenio_userprofiles/views.py b/invenio_userprofiles/views.py
index 9659837..074245e 100644
--- a/invenio_userprofiles/views.py
+++ b/invenio_userprofiles/views.py
@@ -112,27 +112,13 @@ def profile():
         formdata=None, obj=current_user, prefix="preferences"
     )
 
-    # Pick form
+    # Process forms
     is_read_only = current_app.config.get("USERPROFILES_READ_ONLY", False)
-    form_name = request.form.get("submit", None)
-    if form_name == "profile" and not is_read_only:
-        handle_form = handle_profile_form
-        form = profile_form
-    elif form_name == "verification":
-        handle_form = handle_verification_form
-        form = verification_form
-    elif form_name == "preferences":
-        handle_form = handle_preferences_form
-        form = preferences_form
-    else:
-        form = None
-
-    # Process form
-    if form:
-        form.process(formdata=request.form)
-        if form.validate_on_submit():
-            handle_form(form)
-            return redirect(url_for(".profile"), code=303)  # this endpoint
+    form = request.form.get('submit', None)
+    if form == 'profile' and not is_read_only:
+        handle_profile_form(profile_form)
+    elif form == 'verification':
+        handle_verification_form(verification_form)
 
     return render_template(
         current_app.config["USERPROFILES_PROFILE_TEMPLATE"],
@@ -167,18 +153,29 @@ def handle_verification_form(form):
 
 def handle_profile_form(form):
     """Handle profile update form."""
-    email_changed = False
-    datastore = current_app.extensions["security"].datastore
-    with db.session.begin_nested():
-        if (
-            current_app.config["USERPROFILES_EMAIL_ENABLED"]
-            and form.email.data != current_user.email
-        ):
-            email_changed = True
-        form.populate_obj(current_user)
-        db.session.add(current_user)
-        datastore.mark_changed(id(db.session), uid=current_user.id)
-    datastore.commit()
+    if current_app.config.get("USERPROFILES_READ_ONLY", False):
+        return
+
+    form.process(formdata=request.form)
+    if form.validate_on_submit():
+        email_changed = False
+        with db.session.begin_nested():
+            # Update profile.
+            current_userprofile.username = form.username.data
+            current_userprofile.last_name=form.last_name.data,
+            current_userprofile.first_name=form.first_name.data,
+            current_userprofile.gender=form.gender.data,
+            current_userprofile.birth_date=form.birth_date.data,
+            current_userprofile.street=form.street.data,
+            current_userprofile.postal_code=form.postal_code.data,
+            current_userprofile.city=form.city.data,
+            current_userprofile.country=form.country.data,
+            current_userprofile.home_phone=form.home_phone.data,
+            current_userprofile.business_phone=form.business_phone.data,
+            current_userprofile.mobile_phone=form.mobile_phone.data,
+            current_userprofile.other_phone=form.other_phone.data,
+            current_userprofile.keep_history=form.keep_history.data
+            db.session.add(current_userprofile)
 
     if email_changed:
         send_confirmation_instructions(current_user)