From 3965a7329d3770f9bdf319fa0f702a3e4cf190fd Mon Sep 17 00:00:00 2001
From: Jonathan Tang <88759246+Jtang-1@users.noreply.github.com>
Date: Thu, 19 Dec 2024 18:49:54 -0800
Subject: [PATCH] Revert "Allow WebUser invites to be editable before the
 invited user accepts it"

---
 corehq/apps/registration/forms.py             | 41 ++--------
 corehq/apps/registration/validation.py        |  4 +-
 corehq/apps/users/forms.py                    | 10 +--
 .../static/users/js/custom_data_fields.js     |  2 +-
 .../users/static/users/js/invite_web_user.js  |  1 -
 .../apps/users/static/users/js/web_users.js   |  2 -
 .../templates/users/invite_web_user.html      |  1 -
 .../apps/users/templates/users/web_users.html |  9 +--
 corehq/apps/users/urls.py                     |  1 -
 corehq/apps/users/views/__init__.py           | 80 +++++--------------
 .../users/views/mobile/custom_data_fields.py  |  2 +-
 corehq/tabs/tabclasses.py                     |  4 -
 12 files changed, 36 insertions(+), 121 deletions(-)

diff --git a/corehq/apps/registration/forms.py b/corehq/apps/registration/forms.py
index daeb6587e6ac..576c2b44ddf5 100644
--- a/corehq/apps/registration/forms.py
+++ b/corehq/apps/registration/forms.py
@@ -22,7 +22,6 @@
 from corehq.apps.domain.models import Domain
 from corehq.apps.hqwebapp import crispy as hqcrispy
 from corehq.apps.programs.models import Program
-from corehq.apps.reports.models import TableauUser
 from corehq.toggles import WEB_USER_INVITE_ADDITIONAL_FIELDS
 from corehq.apps.users.forms import SelectUserLocationForm, BaseTableauUserForm
 from corehq.apps.users.models import CouchUser
@@ -495,9 +494,8 @@ class AdminInvitesUserForm(SelectUserLocationForm):
 
     def __init__(self, data=None, is_add_user=None,
                  role_choices=(), should_show_location=False, can_edit_tableau_config=False,
-                 custom_data=None, invitation=None, *, domain, **kwargs):
+                 custom_data=None, *, domain, **kwargs):
         self.custom_data = custom_data
-        self.invite = invitation
         if data and self.custom_data:
             data = data.copy()
             custom_data_post_dict = self.custom_data.form.data
@@ -521,11 +519,9 @@ def __init__(self, data=None, is_add_user=None,
                 programs = Program.by_domain(domain_obj.name)
                 choices = [('', '')] + list((prog.get_id, prog.name) for prog in programs)
                 self.fields['program'].choices = choices
-                if self.invite:
-                    self.fields['program'].initial = self.invite.program
 
         if self.can_edit_tableau_config:
-            self._initialize_tableau_fields(data, domain, self.invite)
+            self._initialize_tableau_fields(data, domain)
 
         self.helper = FormHelper()
         self.helper.form_method = 'POST'
@@ -533,18 +529,9 @@ def __init__(self, data=None, is_add_user=None,
 
         self.helper.label_class = 'col-sm-3 col-md-2'
         self.helper.field_class = 'col-sm-9 col-md-8 col-lg-6'
-
-        save_button_text = _("Send Invite")
-        header_text = _("Information for new Web User")
-        add_user_text = _("Add User")
-        if self.invite:
-            self.fields['email'].widget.attrs["readonly"] = True
-            save_button_text = _("Update Invite")
-            header_text = _("Update invitation for new Web User")
-
         fields = [
             crispy.Fieldset(
-                gettext(header_text),
+                gettext("Information for new Web User"),
                 crispy.Field(
                     "email",
                     autocomplete="off",
@@ -588,7 +575,8 @@ def __init__(self, data=None, is_add_user=None,
             ),
             hqcrispy.FormActions(
                 twbscrispy.StrictButton(
-                    (gettext(add_user_text) if is_add_user else gettext(save_button_text)),
+                    (gettext("Add User") if is_add_user
+                     else gettext("Send Invite")),
                     type="submit",
                     css_class="btn-primary",
                     data_bind="enable: isSubmitEnabled",
@@ -606,7 +594,7 @@ def clean_email(self):
         email = self.cleaned_data['email'].strip()
 
         from corehq.apps.registration.validation import AdminInvitesUserFormValidator
-        error = AdminInvitesUserFormValidator.validate_email(self.domain, email, bool(self.invite))
+        error = AdminInvitesUserFormValidator.validate_email(self.domain, email)
         if error:
             raise forms.ValidationError(error)
         return email
@@ -644,22 +632,9 @@ def clean(self):
             raise forms.ValidationError(error)
         return cleaned_data
 
-    def _initialize_tableau_fields(self, data, domain, invitation=None):
-        readonly = not self.request.couch_user.has_permission(domain, 'edit_user_tableau_config')
-        self.tableau_form = BaseTableauUserForm(data, domain=domain, readonly=readonly)
+    def _initialize_tableau_fields(self, data, domain):
+        self.tableau_form = BaseTableauUserForm(data, domain=domain)
         self.fields['tableau_group_indices'] = self.tableau_form.fields["groups"]
         self.fields['tableau_group_indices'].label = _('Tableau Groups')
         self.fields['tableau_role'] = self.tableau_form.fields['role']
         self.fields['tableau_role'].label = _('Tableau Role')
-        if invitation:
-            if invitation.tableau_group_ids:
-                initial_groups_indicies = []
-                for group_index in invitation.tableau_group_ids:
-                    for i, group in enumerate(self.tableau_form.allowed_tableau_groups):
-                        if group_index == group.id:
-                            initial_groups_indicies.append(i)
-                self.fields['tableau_group_indices'].initial = initial_groups_indicies
-            try:
-                self.fields['tableau_role'].initial = TableauUser.Roles(invitation.tableau_role)
-            except ValueError:
-                pass
diff --git a/corehq/apps/registration/validation.py b/corehq/apps/registration/validation.py
index 23d5fe805954..9287c941cef9 100644
--- a/corehq/apps/registration/validation.py
+++ b/corehq/apps/registration/validation.py
@@ -26,12 +26,12 @@ def validate_parameters(domain, upload_user, parameters):
             return _("This domain does not have locations privileges.")
 
     @staticmethod
-    def validate_email(domain, email, is_invite_edit=False):
+    def validate_email(domain, email):
         current_users = [user.username.lower() for user in WebUser.by_domain(domain)]
         pending_invites = [di.email.lower() for di in Invitation.by_domain(domain)]
         current_users_and_pending_invites = current_users + pending_invites
 
-        if email.lower() in current_users_and_pending_invites and not is_invite_edit:
+        if email.lower() in current_users_and_pending_invites:
             return _("A user with this email address is already in "
                     "this project or has a pending invitation.")
         web_user = WebUser.get_by_username(email)
diff --git a/corehq/apps/users/forms.py b/corehq/apps/users/forms.py
index f21b27adef42..dad316a36dd2 100644
--- a/corehq/apps/users/forms.py
+++ b/corehq/apps/users/forms.py
@@ -1729,13 +1729,8 @@ class BaseTableauUserForm(forms.Form):
 
     def __init__(self, *args, **kwargs):
         self.domain = kwargs.pop('domain', None)
-        readonly = kwargs.pop('readonly', True)
         super(BaseTableauUserForm, self).__init__(*args, **kwargs)
 
-        if readonly:
-            self.fields['role'].widget.attrs['readonly'] = True
-            self.fields['groups'].widget.attrs['disabled'] = True
-
         self.allowed_tableau_groups = [
             TableauGroupTuple(group.name, group.id) for group in get_all_tableau_groups(self.domain)
             if group.name in get_allowed_tableau_groups_for_domain(self.domain)]
@@ -1750,6 +1745,7 @@ class TableauUserForm(BaseTableauUserForm):
 
     def __init__(self, *args, **kwargs):
         self.request = kwargs.pop('request')
+        readonly = kwargs.pop('readonly', True)
         self.username = kwargs.pop('username', None)
         super(TableauUserForm, self).__init__(*args, **kwargs)
 
@@ -1759,6 +1755,10 @@ def __init__(self, *args, **kwargs):
                 # Pre-choose groups that the user already belongs to
                 self.fields['groups'].initial.append(i)
 
+        if readonly:
+            self.fields['role'].widget.attrs['readonly'] = True
+            self.fields['groups'].widget.attrs['disabled'] = True
+
         self.helper = FormHelper()
 
         self.helper.form_method = 'POST'
diff --git a/corehq/apps/users/static/users/js/custom_data_fields.js b/corehq/apps/users/static/users/js/custom_data_fields.js
index f07456186033..b06a9c9692de 100644
--- a/corehq/apps/users/static/users/js/custom_data_fields.js
+++ b/corehq/apps/users/static/users/js/custom_data_fields.js
@@ -36,7 +36,7 @@ hqDefine("users/js/custom_data_fields", [
         var originalProfileFields = {},
             originalProfileId,
             originalProfile;
-        if (Object.keys(options.user_data).length) {
+        if (options.user_data) {
             originalProfileId = options.user_data[options.profile_slug];
             if (originalProfileId) {
                 originalProfile = self.profiles[originalProfileId];
diff --git a/corehq/apps/users/static/users/js/invite_web_user.js b/corehq/apps/users/static/users/js/invite_web_user.js
index 59e0263c0b41..8aea316662ee 100644
--- a/corehq/apps/users/static/users/js/invite_web_user.js
+++ b/corehq/apps/users/static/users/js/invite_web_user.js
@@ -78,7 +78,6 @@ hqDefine('users/js/invite_web_user',[
                 profile_slug: initialPageData.get('custom_fields_profile_slug'),
                 slugs: initialPageData.get('custom_fields_slugs'),
                 can_edit_original_profile: true,
-                user_data: initialPageData.get('user_data'),
             });
         }
 
diff --git a/corehq/apps/users/static/users/js/web_users.js b/corehq/apps/users/static/users/js/web_users.js
index 5a9571869578..adc46299d38f 100644
--- a/corehq/apps/users/static/users/js/web_users.js
+++ b/corehq/apps/users/static/users/js/web_users.js
@@ -88,8 +88,6 @@ hqDefine("users/js/web_users",[
             });
         };
 
-        self.inviteEditUrl = initialPageData.reverse("edit_invitation", self.uuid);
-
         return self;
     };
 
diff --git a/corehq/apps/users/templates/users/invite_web_user.html b/corehq/apps/users/templates/users/invite_web_user.html
index c3aa91ff95f2..70a88838ec43 100644
--- a/corehq/apps/users/templates/users/invite_web_user.html
+++ b/corehq/apps/users/templates/users/invite_web_user.html
@@ -9,7 +9,6 @@
   {% initial_page_data 'custom_fields_slugs' custom_fields_slugs %}
   {% initial_page_data 'custom_fields_profiles' custom_fields_profiles %}
   {% initial_page_data 'custom_fields_profile_slug' custom_fields_profile_slug %}
-  {% initial_page_data 'user_data' user_data %}
   {% registerurl "check_sso_trust" domain %}
 
   <div id="invite-web-user-form"
diff --git a/corehq/apps/users/templates/users/web_users.html b/corehq/apps/users/templates/users/web_users.html
index d6ef0d31cfc2..7075fb34f4be 100644
--- a/corehq/apps/users/templates/users/web_users.html
+++ b/corehq/apps/users/templates/users/web_users.html
@@ -12,7 +12,6 @@
   {% registerurl "delete_request" domain %}
   {% registerurl "paginate_web_users" domain %}
   {% registerurl "reinvite_web_user" domain %}
-  {% registerurl "edit_invitation" domain '---' %}
 
   <p class="lead">
     {% blocktrans with hq_name=commcare_hq_names.COMMCARE_HQ_NAME cc_name=commcare_hq_names.COMMCARE_NAME %}
@@ -271,16 +270,10 @@ <h3 class="panel-title" style="padding-top: 7px;">{% trans 'Pending Invitations'
               <td>
                 {% if not request.is_view_only %}
                 <div data-bind="visible: !actionMessage()">
-                  <a data-bind="attr: {href: inviteEditUrl}" style="text-decoration:none;">
-                    <button type="button" class="btn btn-default" data-bind="disable: actionInProgress">
-                      <i class="fa-regular fa-edit"></i>
-                      {% trans "Edit" %}
-                    </button>
-                  </a>
                   <button type="button" class="resend-invite btn btn-default"
                           data-bind="click: resend, disable: actionInProgress">
                     <i class="fa-regular fa-envelope"></i>
-                    {% trans "Resend" %}
+                    {% trans "Resend Invitation" %}
                   </button>
                   <button type="button" class="btn btn-danger delete-invitation"
                           data-bind="click: $root.confirmRemoveInvitation, disable: actionInProgress">
diff --git a/corehq/apps/users/urls.py b/corehq/apps/users/urls.py
index fa1127294d62..389acecbee41 100644
--- a/corehq/apps/users/urls.py
+++ b/corehq/apps/users/urls.py
@@ -108,7 +108,6 @@
     url(r'^web/remove/(?P<couch_user_id>[ \w-]+)/$', remove_web_user, name='remove_web_user'),
     url(r'^web/undo_remove/(?P<record_id>[ \w-]+)/$', undo_remove_web_user, name='undo_remove_web_user'),
     url(r'^web/invite/$', InviteWebUserView.as_view(), name=InviteWebUserView.urlname),
-    url(r'^web/invite/edit/(?P<invitation_id>[ \w-]+)/$', InviteWebUserView.as_view(), name='edit_invitation'),
     url(r'^web/reinvite/$', reinvite_web_user, name='reinvite_web_user'),
     url(r'^web/request/$', DomainRequestView.as_view(), name=DomainRequestView.urlname),
     url(r'^web/delete_invitation/$', delete_invitation, name='delete_invitation'),
diff --git a/corehq/apps/users/views/__init__.py b/corehq/apps/users/views/__init__.py
index 06e9de50ea0f..662989233b8d 100644
--- a/corehq/apps/users/views/__init__.py
+++ b/corehq/apps/users/views/__init__.py
@@ -12,7 +12,7 @@
 
 from corehq.apps.cloudcare.dbaccessors import get_cloudcare_apps, get_application_access_for_domain
 from corehq.apps.custom_data_fields.edit_entity import CustomDataEditor
-from corehq.apps.custom_data_fields.models import CustomDataFieldsProfile, CustomDataFieldsDefinition, PROFILE_SLUG
+from corehq.apps.custom_data_fields.models import CustomDataFieldsProfile, CustomDataFieldsDefinition
 from corehq.apps.registry.utils import get_data_registry_dropdown_options
 from corehq.apps.reports.models import TableauVisualization, TableauUser
 from corehq.apps.sso.models import IdentityProvider
@@ -1140,20 +1140,9 @@ def invite_web_user_form(self):
         role_choices = get_editable_role_choices(self.domain, self.request.couch_user, allow_admin_role=True)
         domain_request = DomainRequest.objects.get(id=self.request_id) if self.request_id else None
         is_add_user = self.request_id is not None
-        invitation = self.invitation
-        if invitation:
-            assigned_location_ids = list(invitation.assigned_locations.all().values_list('location_id', flat=True))
-            primary_location_id = getattr(invitation.primary_location, "location_id", None)
-            initial = {
-                'email': invitation.email,
-                'role': invitation.role,
-                'assigned_locations': assigned_location_ids,
-                'primary_location': primary_location_id,
-            }
-        else:
-            initial = {
-                'email': domain_request.email if domain_request else None,
-            }
+        initial = {
+            'email': domain_request.email if domain_request else None,
+        }
         can_edit_tableau_config = (self.request.couch_user.has_permission(self.domain, 'edit_user_tableau_config')
                                 and toggles.TABLEAU_USER_SYNCING.enabled(self.domain))
         if self.request.method == 'POST':
@@ -1165,8 +1154,7 @@ def invite_web_user_form(self):
                 should_show_location=self.request.project.uses_locations,
                 can_edit_tableau_config=can_edit_tableau_config,
                 request=self.request,
-                custom_data=self.custom_data,
-                invitation=invitation
+                custom_data=self.custom_data
             )
         return AdminInvitesUserForm(
             initial=initial,
@@ -1176,8 +1164,7 @@ def invite_web_user_form(self):
             should_show_location=self.request.project.uses_locations,
             can_edit_tableau_config=can_edit_tableau_config,
             request=self.request,
-            custom_data=self.custom_data,
-            invitation=invitation
+            custom_data=self.custom_data
         )
 
     @cached_property
@@ -1204,15 +1191,8 @@ def request_id(self):
 
     @property
     def page_context(self):
-        initial_values = {}
-        if self.invitation:
-            initial_values = {f.slug: self.invitation.custom_user_data.get(f.slug)
-                              for f in self.custom_data.fields}
-            if self.invitation.profile:
-                initial_values[PROFILE_SLUG] = self.invitation.profile.id
         ctx = {
             'registration_form': self.invite_web_user_form,
-            'user_data': initial_values,
             **self.custom_data.field_view.get_field_page_context(
                 self.domain, self.request.couch_user, self.custom_data, None
             )
@@ -1224,14 +1204,6 @@ def _assert_user_has_permission_to_access_locations(self, assigned_location_ids)
                 self.domain, self.request.couch_user).values_list('location_id', flat=True))):
             raise Http404()
 
-    @property
-    def invitation(self):
-        invitation_id = self.kwargs.get("invitation_id")
-        try:
-            return Invitation.objects.get(uuid=invitation_id)
-        except Invitation.DoesNotExist:
-            return None
-
     def post(self, request, *args, **kwargs):
         if self.invite_web_user_form.is_valid():
             # If user exists and has already requested access, just add them to the project
@@ -1243,22 +1215,7 @@ def post(self, request, *args, **kwargs):
             profile = CustomDataFieldsProfile.objects.get(
                 id=profile_id,
                 definition__domain=self.domain) if profile_id else None
-            invitation = self.invitation
-            if invitation:
-                create_invitation = False
-                invitation.profile = profile
-                invitation.primary_location, assigned_locations = self._get_sql_locations(
-                    data.pop("primary_location", None), data.pop("assigned_locations", []))
-                invitation.assigned_locations.set(assigned_locations)
-                invitation.custom_user_data = data.get("custom_user_data", {})
-
-                invitation.role = data.get("role")
-                invitation.program = data.get("program", None)
-                invitation.tableau_role = data.get("tableau_role", None)
-                invitation.tableau_group_ids = data.get("tableau_group_ids", None)
-                invitation.save()
-                messages.success(request, "Invite to %s was successfully updated." % data["email"])
-            elif domain_request is not None:
+            if domain_request is not None:
                 domain_request.is_approved = True
                 domain_request.save()
                 user = CouchUser.get_by_username(domain_request.email)
@@ -1286,11 +1243,20 @@ def post(self, request, *args, **kwargs):
                 data["invited_by"] = request.couch_user.user_id
                 data["invited_on"] = datetime.utcnow()
                 data["domain"] = self.domain
+                primary_location_id = data.pop("primary_location", None)
+                data["primary_location"] = (SQLLocation.by_location_id(primary_location_id)
+                                        if primary_location_id else None)
+                assigned_location_ids = data.pop("assigned_locations", [])
+                if primary_location_id:
+                    assert primary_location_id in assigned_location_ids
+                self._assert_user_has_permission_to_access_locations(assigned_location_ids)
                 data["profile"] = profile
-                data["primary_location"], assigned_locations = self._get_sql_locations(
-                    data.pop("primary_location", None), data.pop("assigned_locations", []))
                 invite = Invitation(**data)
                 invite.save()
+
+                assigned_locations = [SQLLocation.by_location_id(assigned_location_id)
+                        for assigned_location_id in assigned_location_ids
+                        if assigned_location_id is not None]
                 invite.assigned_locations.set(assigned_locations)
                 invite.send_activation_email()
 
@@ -1305,16 +1271,6 @@ def post(self, request, *args, **kwargs):
             ))
         return self.get(request, *args, **kwargs)
 
-    def _get_sql_locations(self, primary_location_id, assigned_location_ids):
-        primary_location = (SQLLocation.by_location_id(primary_location_id) if primary_location_id else None)
-        if primary_location_id:
-            assert primary_location_id in assigned_location_ids
-        self._assert_user_has_permission_to_access_locations(assigned_location_ids)
-        assigned_locations = [SQLLocation.by_location_id(assigned_location_id)
-                              for assigned_location_id in assigned_location_ids
-                              if assigned_location_id is not None]
-        return primary_location, assigned_locations
-
 
 class BaseUploadUser(BaseUserSettingsView):
     def post(self, request, *args, **kwargs):
diff --git a/corehq/apps/users/views/mobile/custom_data_fields.py b/corehq/apps/users/views/mobile/custom_data_fields.py
index e4a3a57bdc35..611153df3346 100644
--- a/corehq/apps/users/views/mobile/custom_data_fields.py
+++ b/corehq/apps/users/views/mobile/custom_data_fields.py
@@ -102,7 +102,7 @@ def get_displayable_profiles_and_edit_permission(cls, original_profile_id, domai
 
     @classmethod
     def get_field_page_context(cls, domain, couch_user, custom_data_editor: CustomDataEditor,
-                               original_profile_id=None):
+                            original_profile_id=None):
         profiles, can_edit_original_profile = (
             cls.get_displayable_profiles_and_edit_permission(
                 original_profile_id, domain, couch_user
diff --git a/corehq/tabs/tabclasses.py b/corehq/tabs/tabclasses.py
index f6ea57164034..44d1add4e982 100644
--- a/corehq/tabs/tabclasses.py
+++ b/corehq/tabs/tabclasses.py
@@ -1649,10 +1649,6 @@ def _get_web_username(request=None, couch_user=None, **context):
                         'title': _("Invite Web User"),
                         'urlname': 'invite_web_user'
                     },
-                    {
-                        'title': _("Edit Web User Invite"),
-                        'urlname': 'edit_invitation'
-                    },
                     {
                         'title': _get_web_username,
                         'urlname': EditWebUserView.urlname