From 579c25d63a842b33240393ca7cdcea930ece00df Mon Sep 17 00:00:00 2001
From: klmp200 <klmp200@klmp200.net>
Date: Thu, 13 Oct 2016 22:32:13 +0200
Subject: [PATCH 1/2] Deny date of birth, first and last name modification for
 non board or root user

---
 core/views/user.py | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/core/views/user.py b/core/views/user.py
index ac219ce1..2ea549b9 100644
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -140,11 +140,6 @@ class UserTabsMixin(TabedViewMixin):
                         'slug': 'tools',
                         'name': _("Tools"),
                         })
-        tab_list.append({
-                    'url': reverse('core:user_stats', kwargs={'user_id': self.object.id}),
-                    'slug': 'stats',
-                    'name': _("Stats"),
-                    })
         if self.request.user.can_edit(self.object):
             tab_list.append({
                         'url': reverse('core:user_edit', kwargs={'user_id': self.object.id}),
@@ -168,6 +163,11 @@ class UserTabsMixin(TabedViewMixin):
                 or self.request.user.is_in_group(settings.SITH_GROUPS['accounting-admin']['name'])
                 or self.request.user.is_in_group(settings.SITH_BAR_MANAGER['unix_name']+settings.SITH_BOARD_SUFFIX)
                 or self.request.user.is_root)):
+                tab_list.append({
+                            'url': reverse('core:user_stats', kwargs={'user_id': self.object.id}),
+                            'slug': 'stats',
+                            'name': _("Stats"),
+                            })
                 tab_list.append({
                             'url': reverse('core:user_account', kwargs={'user_id': self.object.id}),
                             'slug': 'account',
@@ -322,8 +322,14 @@ class UserUpdateProfileView(UserTabsMixin, CanEditMixin, UpdateView):
     def get(self, request, *args, **kwargs):
         self.object = self.get_object()
         self.form = self.get_form()
-        if self.form.instance.profile_pict and not request.user.is_in_group(settings.SITH_MAIN_BOARD_GROUP):
+        if self.form.instance.profile_pict and not (request.user.is_board_member or request.user.is_root):
             self.form.fields.pop('profile_pict', None)
+        if self.form.instance.date_of_birth and not (request.user.is_board_member or request.user.is_root):
+            self.form.fields.pop('date_of_birth')
+        if self.form.instance.first_name and not (request.user.is_board_member or request.user.is_root):
+            self.form.fields.pop('first_name')
+        if self.form.instance.last_name and not (request.user.is_board_member or request.user.is_root):
+            self.form.fields.pop('last_name')
         return self.render_to_response(self.get_context_data(form=self.form))
 
     def post(self, request, *args, **kwargs):

From 178a4af196802f7c3e505ae66e9ca88630135d5f Mon Sep 17 00:00:00 2001
From: klmp200 <klmp200@klmp200.net>
Date: Thu, 13 Oct 2016 22:58:26 +0200
Subject: [PATCH 2/2] Add lazy way to make an user property editable once only

---
 core/views/user.py | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/core/views/user.py b/core/views/user.py
index 2ea549b9..0ac02de9 100644
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -318,25 +318,23 @@ class UserUpdateProfileView(UserTabsMixin, CanEditMixin, UpdateView):
     template_name = "core/user_edit.jinja"
     form_class = UserProfileForm
     current_tab = "edit"
+    edit_once = ['profile_pict', 'date_of_birth', 'first_name', 'last_name']
+
+    def remove_once_edited_fields(self, request):
+        for i in self.edit_once:
+            if getattr(self.form.instance, i) and not (request.user.is_board_member or request.user.is_root):
+                self.form.fields.pop(i, None)
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object()
         self.form = self.get_form()
-        if self.form.instance.profile_pict and not (request.user.is_board_member or request.user.is_root):
-            self.form.fields.pop('profile_pict', None)
-        if self.form.instance.date_of_birth and not (request.user.is_board_member or request.user.is_root):
-            self.form.fields.pop('date_of_birth')
-        if self.form.instance.first_name and not (request.user.is_board_member or request.user.is_root):
-            self.form.fields.pop('first_name')
-        if self.form.instance.last_name and not (request.user.is_board_member or request.user.is_root):
-            self.form.fields.pop('last_name')
+        self.remove_once_edited_fields(request)
         return self.render_to_response(self.get_context_data(form=self.form))
 
     def post(self, request, *args, **kwargs):
         self.object = self.get_object()
         self.form = self.get_form()
-        if self.form.instance.profile_pict and not request.user.is_in_group(settings.SITH_MAIN_BOARD_GROUP):
-            self.form.fields.pop('profile_pict', None)
+        self.remove_once_edited_fields(request)
         files = request.FILES.items()
         self.form.process(files)
         if request.user.is_authenticated() and request.user.can_edit(self.object) and self.form.is_valid():