--- a/app/soc/views/models/user.py	Thu Nov 20 20:58:46 2008 +0000
+++ b/app/soc/views/models/user.py	Thu Nov 20 20:59:10 2008 +0000
@@ -32,6 +32,7 @@
 from soc.logic import validate
 from soc.logic.models import user as user_logic
 from soc.views import helper
+from soc.views.helper import access
 from soc.views.models import base
 
 import soc.models.user
@@ -106,6 +107,36 @@
   key_name = forms.CharField(widget=forms.HiddenInput)
 
 
+class UserForm(helper.forms.BaseForm):
+  """Django form displayed when creating or editing a User.
+  """
+  class Meta:
+    """Inner Meta class that defines some behavior for the form.
+    """
+    #: db.Model subclass for which the form will gather information
+    model = soc.models.user.User
+
+    #: list of model fields which will *not* be gathered by the form
+    exclude = ['account', 'former_accounts', 'is_developer']
+
+  def clean_link_id(self):
+    link_id = self.cleaned_data.get('link_id')
+    if not validate.isLinkIdFormatValid(link_id):
+      raise forms.ValidationError("This link ID is in wrong format.")
+
+    user = soc.logic.models.user.logic.getForFields({'link_id': link_id},
+                                          unique=True)
+
+    # Get the currently logged in user account
+    current_account = users.get_current_user()
+
+    if user:
+      if current_account != user.account:
+        raise forms.ValidationError("This link ID is already in use.")
+
+    return link_id
+
+
 class View(base.View):
   """View methods for the User model.
   """
@@ -159,16 +190,86 @@
       kwargs: The Key Fields for the specified entity
     """
 
-    params = dicts.merge(params, {'edit_template': 'soc/user/edit_self.html'})
+    rights = {}
+    rights['any_access'] = [access.checkIsLoggedIn]
+    rights['unspecified'] = [access.deny]
+    rights['editSelf'] = [access.allow]
+
+    try:
+      self.checkAccess('editSelf', request, rights=rights)
+    except soc.views.out_of_band.AccessViolationResponse, alt_response:
+      return alt_response.response()
+
+    new_params = {}
+    new_params['edit_template'] = 'soc/user/edit_self.html'
+    new_params['rights'] = rights
+
+    params = dicts.merge(params, new_params)
+    params = dicts.merge(params, self._params)
 
-    properties = {'account': users.get_current_user()}
+    account = users.get_current_user()
+    properties = {'account': account}
+
+    user = soc.logic.models.user.logic.getForFields(properties, unique=True)
+
+    # create default template context for use with any templates
+    context = helper.responses.getUniversalContext(request)
+
+    if request.method == 'POST':
+      form = UserForm(request.POST)
+
+      if form.is_valid():
+        new_link_id = form.cleaned_data.get('link_id')
+        properties = {
+          'link_id': new_link_id,
+          'nick_name': form.cleaned_data.get("nick_name"),
+          'account': account,
+        }
 
-    entity = self._logic.getForFields(properties, unique=True)
-    keys = self._logic.getKeyFieldNames()
-    values = self._logic.getKeyValues(entity)
-    key_fields = dicts.zip(keys, values)
+        # check if user account is not in former_accounts
+        # if it is show error message that account is invalid
+        if soc.logic.models.user.logic.isFormerAccount(account):
+          msg = DEF_USER_ACCOUNT_INVALID_MSG
+          error = out_of_band.ErrorResponse(msg)
+          return simple.errorResponse(request, page_name, error, template, context)
+
+        user = soc.logic.models.user.logic.updateOrCreateFromFields(properties, {'link_id': new_link_id})
+
+        # redirect to /user/profile?s=0
+        # (causes 'Profile saved' message to be displayed)
+        return helper.responses.redirectToChangedSuffix(
+            request, None, params=params['edit_params'])
+    else: # request.method == 'GET'
+      if user:
+        # is 'Profile saved' parameter present, but referrer was not ourself?
+        # (e.g. someone bookmarked the GET that followed the POST submit)
+        if (request.GET.get(self.DEF_SUBMIT_MSG_PARAM_NAME)
+            and (not helper.requests.isReferrerSelf(request))):
+          # redirect to aggressively remove 'Profile saved' query parameter
+          return http.HttpResponseRedirect(request.path)
 
-    return self.edit(request, page_name, params=params, **key_fields)
+        # referrer was us, so select which submit message to display
+        # (may display no message if ?s=0 parameter is not present)
+        context['notice'] = (
+            helper.requests.getSingleIndexedParamValue(
+                request, self.DEF_SUBMIT_MSG_PARAM_NAME,
+                values=params['save_message']))
+
+        # populate form with the existing User entity
+        form = UserForm(instance=user)
+      else:
+        if request.GET.get(self.DEF_SUBMIT_MSG_PARAM_NAME):
+          # redirect to aggressively remove 'Profile saved' query parameter
+          return http.HttpResponseRedirect(request.path)
+
+        # no User entity exists for this Google Account, so show a blank form
+        form = UserForm()
+
+    context['form'] = form
+
+    template = params['edit_template']
+
+    return helper.responses.respond(request, template, context)
   
   def _editGet(self, request, entity, form):
     """See base.View._editGet().
@@ -199,7 +300,7 @@
     """
 
     patterns = super(View, self).getDjangoURLPatterns()
-    patterns += [(r'^' + self._params['url_name'] + '/edit$','soc.views.user.profile.create')]
+    patterns += [(r'^' + self._params['url_name'] + '/edit$','soc.views.models.user.edit_self')]
     return patterns