From d159fdc2cbe5243837d13740c1a22c7a6372201f Mon Sep 17 00:00:00 2001
From: David Larlet <david@larlet.fr>
Date: Thu, 12 Sep 2024 14:23:50 -0400
Subject: [PATCH] feat: add a setting to prevent users from editing their
 profile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In some situations, the profile comes from the OAuth provider and shouldn’t be modified by users.
---
 docs/config/settings.md                 | 6 ++++++
 umap/context_processors.py              | 1 +
 umap/settings/base.py                   | 1 +
 umap/templates/umap/dashboard_menu.html | 6 ++++--
 umap/urls.py                            | 6 +++++-
 5 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/docs/config/settings.md b/docs/config/settings.md
index 67ed970ab..fc32fa3a8 100644
--- a/docs/config/settings.md
+++ b/docs/config/settings.md
@@ -144,6 +144,12 @@ Should uMap allows user without an account to create maps (default is False).
 
 Can be set through env var: `UMAP_ALLOW_ANONYMOUS=1`
 
+#### UMAP_ALLOW_EDIT_PROFILE
+
+Should uMap allows users to edit their profile (default is True).
+
+Can be unset through env var: `UMAP_ALLOW_EDIT_PROFILE=0`
+
 #### UMAP_CUSTOM_TEMPLATES
 To be used when you want to override some HTML templates:
 
diff --git a/umap/context_processors.py b/umap/context_processors.py
index 735f759ac..1d214a400 100644
--- a/umap/context_processors.py
+++ b/umap/context_processors.py
@@ -12,6 +12,7 @@ def settings(request):
         "UMAP_READONLY": djsettings.UMAP_READONLY,
         "UMAP_DEMO_SITE": djsettings.UMAP_DEMO_SITE,
         "UMAP_HOST_INFOS": djsettings.UMAP_HOST_INFOS,
+        "UMAP_ALLOW_EDIT_PROFILE": djsettings.UMAP_ALLOW_EDIT_PROFILE,
     }
 
 
diff --git a/umap/settings/base.py b/umap/settings/base.py
index 5123ddae0..1e1eda736 100644
--- a/umap/settings/base.py
+++ b/umap/settings/base.py
@@ -240,6 +240,7 @@
 # Miscellaneous project settings
 # =============================================================================
 UMAP_ALLOW_ANONYMOUS = env.bool("UMAP_ALLOW_ANONYMOUS", default=False)
+UMAP_ALLOW_EDIT_PROFILE = env.bool("UMAP_ALLOW_EDIT_PROFILE", default=True)
 
 UMAP_EXTRA_URLS = {
     "routing": "http://www.openstreetmap.org/directions?engine=osrm_car&route={lat},{lng}&locale={locale}#map={zoom}/{lat}/{lng}",  # noqa
diff --git a/umap/templates/umap/dashboard_menu.html b/umap/templates/umap/dashboard_menu.html
index ac07420f8..a7da6306f 100644
--- a/umap/templates/umap/dashboard_menu.html
+++ b/umap/templates/umap/dashboard_menu.html
@@ -7,8 +7,10 @@ <h2 class="section tabs">
     {% else %}
       <a href="{% url 'user_dashboard' %}">{% trans "My Maps" %}</a>
     {% endif %}
-    <a {% if selected == "profile" %}class="selected"{% endif %}
-       href="{% url 'user_profile' %}">{% trans "My profile" %}</a>
+    {% if UMAP_ALLOW_EDIT_PROFILE %}
+      <a {% if selected == "profile" %}class="selected"{% endif %}
+         href="{% url 'user_profile' %}">{% trans "My profile" %}</a>
+    {% endif %}
     <a {% if selected == "teams" %}class="selected"{% endif %}
        href="{% url 'user_teams' %}">{% trans "My teams" %}</a>
   </h2>
diff --git a/umap/urls.py b/umap/urls.py
index df2de6823..aaab2beb8 100644
--- a/umap/urls.py
+++ b/umap/urls.py
@@ -115,11 +115,15 @@
         name="map_star",
     ),
     path("me", views.user_dashboard, name="user_dashboard"),
-    path("me/profile", views.user_profile, name="user_profile"),
     path("me/download", views.user_download, name="user_download"),
     path("me/teams", views.UserTeams.as_view(), name="user_teams"),
     path("team/create/", views.TeamNew.as_view(), name="team_new"),
 )
+
+if settings.UMAP_ALLOW_EDIT_PROFILE:
+    i18n_urls.append(
+        path("me/profile", login_required(views.user_profile), name="user_profile")
+    )
 i18n_urls += decorated_patterns(
     [login_required, team_members_only],
     path("team/<int:pk>/edit/", views.TeamUpdate.as_view(), name="team_update"),