- Correction of behaviour where boolean fields were not properly initialised

- Ensure that primary and financial contact fields are properly saved
2025-11-25 13:15:11 +01:00
parent 3815399a7e
commit 20fb2eee70
5 changed files with 33 additions and 16 deletions
--- a/eveai_app/views/user_views.py
+++ b/eveai_app/views/user_views.py
@@ -262,6 +262,25 @@ def user():
    return render_template('user/user.html', form=form)


+def _populate_user_from_form(form: EditUserForm, user: User) -> None:
+    """Vul het User-object met veilige velden uit het formulier.
+
+    Let op:
+    - Relaties zoals ``roles`` worden hier bewust NIET gezet.
+    - Systeemvelden / read-only velden (tenant_id, confirmed_at, login_count, ...)
+      laten we hier ongemoeid.
+    """
+
+    # Basisgegevens
+    user.first_name = form.first_name.data
+    user.last_name = form.last_name.data
+    user.valid_to = form.valid_to.data
+
+    # Contact-flags
+    user.is_primary_contact = form.is_primary_contact.data
+    user.is_financial_contact = form.is_financial_contact.data
+
+
@user_bp.route('/user/<int:user_id>', methods=['GET', 'POST'])
@roles_accepted('Super User', 'Tenant Admin', 'Partner Admin')
 def edit_user(user_id):
@@ -269,10 +288,8 @@ def edit_user(user_id):
    form = EditUserForm(obj=user)

    if form.validate_on_submit():
-        # Populate the user with form data
-        user.first_name = form.first_name.data
-        user.last_name = form.last_name.data
-        user.valid_to = form.valid_to.data
+        # Vul het user-object met veilige velden uit het formulier
+        _populate_user_from_form(form, user)
        user.updated_at = dt.now(tz.utc)

        # Update roles
@@ -622,7 +639,7 @@ def edit_tenant_make(tenant_make_id):
    tenant_make = TenantMake.query.get_or_404(tenant_make_id)

    # Create form instance with the tenant make
-    form = EditTenantMakeForm(request.form, obj=tenant_make)
+    form = EditTenantMakeForm(obj=tenant_make)

    # Initialiseer de allowed_languages selectie met huidige waarden
    if request.method == 'GET':
@@ -756,7 +773,7 @@ def edit_consent_version(consent_version_id):
    cv = ConsentVersion.query.get_or_404(consent_version_id)

    # Create form instance with the tenant make
-    form = EditConsentVersionForm(request.form, obj=cv)
+    form = EditConsentVersionForm(obj=cv)

    if form.validate_on_submit():
        # Update basic fields