From d329fe7a89cd73e9964a0b37abbfbbe51f82d34f Mon Sep 17 00:00:00 2001
From: Mikko Nieminen <mikko.nieminen@bih-charite.de>
Date: Wed, 3 Jul 2024 17:05:57 +0200
Subject: [PATCH] cleanup invite process view, add todos (#1367)

---
 .../templates/projectroles/user_form.html     |  1 +
 projectroles/views.py                         | 23 ++++++++-----------
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/projectroles/templates/projectroles/user_form.html b/projectroles/templates/projectroles/user_form.html
index 8994dd98..9c657fee 100644
--- a/projectroles/templates/projectroles/user_form.html
+++ b/projectroles/templates/projectroles/user_form.html
@@ -18,6 +18,7 @@ <h2>
 </div>
 
 <div class="container-fluid sodar-page-container">
+  {# TODO: Add link to OIDC login if new user and OIDC enabled #}
   <form method="post">
     {% csrf_token %}
     {{ form | crispy }}
diff --git a/projectroles/views.py b/projectroles/views.py
index 00ac0a41..5a9778b2 100644
--- a/projectroles/views.py
+++ b/projectroles/views.py
@@ -2757,6 +2757,8 @@ def get(self, *args, **kwargs):
         return redirect(reverse('home'))
 
 
+# TODO: Refactor this into a "logged-in-process-view", redirect from local user
+#       handling and OIDC login?
 class ProjectInviteProcessLDAPView(
     LoginRequiredMixin, ProjectInviteProcessMixin, View
 ):
@@ -2799,8 +2801,8 @@ def get(self, *args, **kwargs):
         )
 
 
-# TODO: Handle OIDC invite together with local
-# TODO: OIDC user should not get form to edit details
+# TODO: Handle OIDC invite together with local, forward to logged-in view once
+#       logged in
 class ProjectInviteProcessLocalView(ProjectInviteProcessMixin, FormView):
     """View to handle accepting a project local invite"""
 
@@ -2813,6 +2815,7 @@ def get(self, *args, **kwargs):
             return redirect(reverse('home'))
         timeline = get_backend_api('timeline_backend')
         # Check if local users are enabled
+        # TODO: Also allow OIDC
         if not settings.PROJECTROLES_ALLOW_LOCAL_USERS:
             messages.error(self.request, INVITE_LOCAL_NOT_ALLOWED_MSG)
             return redirect(reverse('home'))
@@ -2843,30 +2846,24 @@ def get(self, *args, **kwargs):
                         kwargs={'secret': invite.secret},
                     )
                 )
-            # Show form if user doesn't exists and no user is logged in
+            # Show form if user doesn't exist and no user is logged in
             return super().get(*args, **kwargs)
         # Logged in but the invited user does not exist yet
         if not user:
-            messages.error(
-                self.request,
-                INVITE_LOGGED_IN_ACCEPT_MSG,
-            )
+            messages.error(self.request, INVITE_LOGGED_IN_ACCEPT_MSG)
             return redirect(reverse('home'))
         # Logged in user is not invited user
-        if not self.request.user == user:
-            messages.error(
-                self.request,
-                INVITE_USER_NOT_EQUAL_MSG,
-            )
+        if self.request.user != user:
+            messages.error(self.request, INVITE_USER_NOT_EQUAL_MSG)
             return redirect(reverse('home'))
         # User exists but is not local
+        # TODO: This should instead check if LDAP user
         if not user.is_local():
             messages.error(self.request, 'User exists, but is not local.')
             return redirect(reverse('home'))
         # Create role if user exists
         if not self.create_assignment(invite, user, timeline=timeline):
             return redirect(reverse('home'))
-
         return redirect(
             reverse(
                 'projectroles:detail',