[FIX] website_forum: fixed (un)publish management on the profile. Par…

…tners are now also published by default. Better protection of displayed profile: only publis profiles with karma >= 1 are displayed on the forum, to avoid allowing external users to browse the user lists. Some cleaning / improvements in the bio edit form that was a bit buggy.

addons/website_forum/controllers/main.py

@@ -416,10 +416,9 @@ def users(self, forum, page=1, **searches):
     @http.route(['/forum/<model("forum.forum"):forum>/partner/<int:partner_id>'], type='http', auth="public", website=True)
     def open_partner(self, forum, partner_id=0, **post):
         cr, uid, context = request.cr, request.uid, request.context
-        pids = request.registry['res.partner'].search(cr, SUPERUSER_ID, [('id', '=', partner_id)], context=context)
-        if pids:
-            partner = request.registry['res.partner'].browse(cr, SUPERUSER_ID, pids[0], context=context)
-            if partner.user_ids:
+        if partner_id:
+            partner = request.registry['res.partner'].browse(cr, SUPERUSER_ID, partner_id, context=context)
+            if partner.exists() and partner.user_ids:
                 return werkzeug.utils.redirect("/forum/%s/user/%d" % (slug(forum), partner.user_ids[0].id))
         return werkzeug.utils.redirect("/forum/%s" % slug(forum))
 
@@ -445,8 +444,10 @@ def open_user(self, forum, user_id=0, **post):
         Data = request.registry["ir.model.data"]
 
         user = User.browse(cr, SUPERUSER_ID, user_id, context=context)
+        if not user.exists() or user.karma < 1:
+            return werkzeug.utils.redirect("/forum/%s" % slug(forum))
         values = self._prepare_forum_values(forum=forum, **post)
-        if not user.exists() or (user_id != request.session.uid and (not user.website_published or user.karma < 1)):
+        if user_id != request.session.uid and not user.website_published:
             return request.website.render("website_forum.private_profile", values)
         # questions and answers by user
         user_questions, user_answers = [], []
@@ -535,14 +536,17 @@ def edit_profile(self, forum, user, **kwargs):
 
     @http.route('/forum/<model("forum.forum"):forum>/user/<model("res.users"):user>/save', type='http', auth="user", methods=['POST'], website=True)
     def save_edited_profile(self, forum, user, **kwargs):
-        request.registry['res.users'].write(request.cr, request.uid, [user.id], {
+        values = {
             'name': kwargs.get('name'),
             'website': kwargs.get('website'),
             'email': kwargs.get('email'),
             'city': kwargs.get('city'),
             'country_id': int(kwargs.get('country')) if kwargs.get('country') else False,
             'website_description': kwargs.get('description'),
-        }, context=request.context)
+        }
+        if request.uid == user.id:  # the controller allows to edit only its own privacy settings; use partner management for other cases
+            values['website_published'] = kwargs.get('website_published') == 'True'
+        request.registry['res.users'].write(request.cr, request.uid, [user.id], values, context=request.context)
         return werkzeug.utils.redirect("/forum/%s/user/%d" % (slug(forum), user.id))
 
     # Badges

addons/website_forum/views/website_forum.xml

@@ -823,55 +823,74 @@
 
 <template id="edit_profile">
     <t t-call="website_forum.header">
-        <h3>Edit Profile
-            <t t-call="website.publish_management">
-              <t t-set="object" t-value="user"/>
-            </t>
-        </h3>
-        <div class="col-md-2">
-            <img class="img img-responsive img-circle" t-attf-src="/forum/user/#{user.id}/avatar"/>
-        </div>
-        <form t-attf-action="/forum/#{slug(forum)}/user/#{slug(user)}/save" method="post" role="form" class="form-horizontal">
-            <input name="user_id" t-att-value="user.id" type="hidden"/>
-            <label class="col-md-2 control-label mb16" for="user.name">Real name</label>
-            <div class="col-md-7 mb16">
-                <input type="text" class="col-md-7 mb16 form-control" name="name" required="True" t-attf-value="#{user.name}"/>
-            </div> 
-            <label class="col-md-2 control-label mb16" for="user.partner_id.website">Website</label>
-            <div class="col-md-7 mb16">
-                <input type="text" class="form-control" name="website" t-attf-value="#{user.partner_id.website or ''}"/>
-            </div>
-            <div t-if="email_required" class="alert alert-danger alert-dismissable oe_forum_email_required">
-                <button type="button" class="close" data-dismiss="alert">x</button>
-                <p>Please enter a valid email address in order to receive notifications from answers or comments.</p>
-            </div>
-            <label class="col-md-4 control-label mb16" for="user.partner_id.email">Email</label>
-            <div class="col-md-7 mb16">
-                <input type="text" class="form-control" name="email" required="True" t-attf-value="#{user.partner_id.email}"/>
-            </div>
-            <label class="col-md-4 control-label mb16" for="user.partner_id.city">City</label>
-            <div class="col-md-7  mb16">
-                <input type="text" class="form-control" name="city" t-attf-value="#{user.partner_id.city or ''}"/>
-            </div>
-            <label class="col-md-4 control-label mb16" for="contact_name">Country</label>
-            <div class="col-md-7 mb16">
-                <select class="form-control" name="country">
-                    <option value="">Country...</option>
-                    <t t-foreach="countries or []" t-as="country">
-                        <option t-att-value="country.id" t-att-selected="country.id == user.partner_id.country_id.id"><t t-esc="country.name"/></option>
-                    </t>
-                 </select>
-            </div>
-            <!--Note: using website_description fiels instead of using commnt firld of partner-->
-            <label class="col-md-4 control-label mb16" for="user.partner_id.website_description">Biography</label>
-            <div class="col-md-7 mb16">
-                <textarea name="description" style="min-height: 120px" required="True" 
-                    class="form-control load_editor" id="description"><t t-esc="user.partner_id.website_description"/></textarea>
+        <h3>Edit Profile</h3>
+        <div class="row">
+            <div class="col-md-2">
+                <img class="img img-responsive img-circle" t-attf-src="/forum/user/#{user.id}/avatar"/>
             </div>
-            <div class="col-sm-offset-4 col-md-4 mb16">
-                <button class="btn btn-primary btn-lg">Update</button>
+            <div class="col-md-10">
+            <form t-attf-action="/forum/#{slug(forum)}/user/#{slug(user)}/save" method="post" role="form" class="form-horizontal">
+                <input name="user_id" t-att-value="user.id" type="hidden"/>
+                <div class="form-group">
+                    <label class="col-md-2 control-label mb16" for="user_name">Real name</label>
+                    <div class="col-md-8 mb16">
+                        <input type="text" class="form-control" name="name" id="user_name" required="True" t-attf-value="#{user.name}"/>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label class="col-md-2 control-label mb16" for="user_website_published" t-if="user.id == uid">Public profile</label>
+                    <div class="col-md-8 mb16" t-if="user.id == uid">
+                        <input type="checkbox" class="mt8" name="website_published" id="user_website_published" value="True" t-if="not user.website_published"/>
+                        <input type="checkbox" class="mt8" name="website_published" id="user_website_published" value="True" checked="checked" t-if="user.website_published"/>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label class="col-md-2 control-label mb16" for="user_website">Website</label>
+                    <div class="col-md-8 mb16">
+                        <input type="text" class="form-control" name="website" id="user_website" t-attf-value="#{user.partner_id.website or ''}"/>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <div t-if="email_required" class="alert alert-danger alert-dismissable oe_forum_email_required">
+                        <button type="button" class="close" data-dismiss="alert">x</button>
+                        <p>Please enter a valid email address in order to receive notifications from answers or comments.</p>
+                    </div>
+                    <label class="col-md-2 control-label mb16" for="user_email">Email</label>
+                    <div class="col-md-8 mb16">
+                        <input type="text" class="form-control" name="email" id="user_email" required="True" t-attf-value="#{user.partner_id.email}"/>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label class="col-md-2 control-label mb16" for="user_city">City</label>
+                    <div class="col-md-8 mb16">
+                        <input type="text" class="form-control" name="city" id="user_city" t-attf-value="#{user.partner_id.city or ''}"/>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label class="col-md-2 control-label mb16">Country</label>
+                    <div class="col-md-8 mb16">
+                        <select class="form-control" name="country">
+                            <option value="">Country...</option>
+                            <t t-foreach="countries or []" t-as="country">
+                                <option t-att-value="country.id" t-att-selected="country.id == user.partner_id.country_id.id"><t t-esc="country.name"/></option>
+                            </t>
+                         </select>
+                    </div>
+                </div>
+                <!--Note: using website_description fiels instead of using commnt firld of partner-->
+                <div class="form-group">
+                    <label class="col-md-2 control-label mb16" for="description">Biography</label>
+                    <div class="col-md-8 mb16">
+                        <textarea name="description" id="description" style="min-height: 120px" required="True" 
+                            class="form-control load_editor"><t t-esc="user.partner_id.website_description"/></textarea>
+                    </div>
+                </div>
+                <div class="col-sm-offset-2 col-md-2 mb16">
+                    <button class="btn btn-primary btn-lg">Update</button>
+                </div>
+            </form>
             </div>
-        </form>
+        </div>
         <script type="text/javascript">
             CKEDITOR.replace("description");
         </script>

addons/website_partner/models/res_partner.py

@@ -24,5 +24,5 @@ def _get_ids(self, cr, uid, ids, flds, args, context=None):
     }
 
     _defaults = {
-        'website_published': False
+        'website_published': True
     }