SS-643 Users can edit their account details

[anondo1969]

Description

Reference: SS-643

It should be an option under the Profile dropdown. Users can update their first name, last name, and department. The university and email will be shown but can't be edited. There should be a note on the page saying that to change email or university affiliation, they need to contact [email protected].

Types of changes

new feature

Checklist

If you're unsure about any of the items below, don't hesitate to ask. We're here to help!
This is simply a reminder of what we are going to look for before merging your code.

• This pull request is against develop branch (not applicable for hotfixes)
• I have included a link to the issue on GitHub or JIRA (if any)
• I have included migration files (if there are changes to the model classes)
• I have included, reviewed and executed tests (unit and end2end) to complement my changes
• I have updated the related documentation (if necessary)
• I have added a reviewer for this pull request
• I have added myself as an author for this pull request
• In the case I have modified settings.py, then I have also updated the studio-settings-configmap.yaml file in serve-charts

Further comments

Anything else you think we should know before merging your code!

[churnikov]

Please make sure, that user cannot pass any other information in the form data.

For instance, that user via direct curl request cannot change their email or password.

[anondo1969]

I used decorator to ensure login-required in 'common/urls.py' and in 'EditProfileView' class in 'common/views.py'.

[churnikov]

Why did you define login_required here and in common/views.py?

Just curious

[anondo1969]

I wanted to make sure only logged-in user can access the view/form. I removed in the last commit.

[churnikov]

Suggested change

	logger.info("Not saving user form info as nothing has changed", exc_info=True)
	logger.info("Not saving user form info as nothing has changed")

Correct me if I'm wrong, but I don't think that exc_info needed here.

[anondo1969]

You are right. I removed it.

[churnikov]

I don't fully get it, why are we doing this?

[anondo1969]

I wanted to save only the new information. I removed it, as I checked the the previous way is okay to prevent the curl injection.

[churnikov]

You've submitted a few code pieces that are just commented out. They should be either uncommented or removed.

[churnikov]

Btw, just want to tell you that it doesn't solve it for the admin user.

[anondo1969]

Added some dummy values for the super user to fix it.

[churnikov]

Suggested change

	common_user = True if not request.user.is_superuser else False
	common_user = not request.user.is_superuser

[churnikov]

And superuser can be a regular promoted user, so this would be misleading.

What I suggest us doing is keeping it a broken page for now, but add a jira issue to populate default super user with this data. We should bring it to the broad group.

[churnikov]

That's what I'm talking about as well, may be we should actually generate this data for the super user as well. Let's discuss this with the team.

[churnikov]

You can merge the code:)
But please do the squash and merge and write details of what was done in the resulting commit

[anondo1969]

You can merge the code:) But please do the squash and merge and write details of what was done in the resulting commit

Thanks a lot. I have done it.