feat(spp_change_request_v2): improve Update ID Document CR type

[emjay0921]

Why is this change needed?

The "Update ID Document" change request type needed UI/UX improvements to match the quality of the "Edit Individual Information" CR type, plus configurable allowed operations.

How was the change implemented?

• Redesigned detail form with title header, registrant_id field, operation below registrant, hidden remarks
• Renamed "Update Existing ID" → "Edit ID" in operation selection
• Added operation-specific review layouts: comparison table for Edit, summary for Add/Remove
• Added configurable allowed operations (allow_id_add/edit/remove) on CR type model with "ID Operations" tab
• Created reusable filterable_radio widget in spp_base_common supporting per-option disabling via disabled_map
• Fixed id_type_id to use spp.vocabulary.code (matching spp.registry.id)
• Fixed spp.registry.id display_name to show "ID Type - Value" instead of partner name
• Fixed _name_search to search by ID type, value, or partner name
• Hidden ID Information section in Edit mode until existing ID is selected
• Wrapped cr_types.xml in noupdate="1" to prevent upgrade overwrites

New unit tests

Updated test_update_id_preview for new preview structure with _header key.

Unit tests executed by the author

• spp_cr_types_base: 7/7 passed
• spp_change_request_v2: 279/279 passed (286 total with cr_types_base)

How to test manually

1. Create an "Update ID Document" CR → verify new form layout (title, registrant field, operation radio below)
2. Test each operation (Add, Edit, Remove) → verify field behavior and visibility
3. Edit operation → select existing ID → verify ID Information appears with pre-filled fields
4. Navigate to Review page → verify different layouts per operation (comparison for Edit, summary for Add/Remove)
5. Go to CR Type config → verify "ID Operations" tab with toggle switches
6. Disable "Edit ID" → verify radio option is grayed out on the detail form

Related links

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the 'Update ID Document' change request type by modernizing its user interface and providing greater flexibility for administrators. It introduces the ability to configure which ID operations (add, edit, remove) are permitted for a given change request type, improving control and user experience. The changes also refine how ID information is displayed and searched, ensuring a more intuitive and robust system for managing registrant identities.

Highlights

• UI/UX Improvements for Update ID Document CR Type: The 'Update ID Document' change request type received a significant UI/UX overhaul, including a redesigned detail form with a title header, registrant_id field, and operation selection positioned below the registrant.
• Configurable ID Operations: Added configurable allowed operations (allow_id_add, allow_id_edit, allow_id_remove) on the CR type model, accessible via a new 'ID Operations' tab, allowing administrators to control which ID actions are available to users.
• New Filterable Radio Widget: Introduced a reusable 'filterable_radio' widget in spp_base_common that supports disabling individual radio options based on boolean fields on the record, enhancing form flexibility.
• Enhanced Review Layouts: Implemented operation-specific review layouts: a comparison table for 'Edit ID' operations and a summary for 'Add New ID' and 'Remove ID' operations, improving clarity during the review process.
• ID Type and Search Improvements: Fixed id_type_id to use spp.vocabulary.code and updated spp.registry.id's display_name to show 'ID Type - Value'. The _name_search method was also enhanced to search by ID type, value, or partner name.
• Conditional Field Visibility: The 'ID Information' section in 'Edit ID' mode is now hidden until an existing ID is selected, streamlining the user experience.
• Data Protection for CR Types: Wrapped cr_types.xml in noupdate="1" to prevent accidental overwrites during system upgrades.

Changelog

• spp_base_common/manifest.py
  • Added new JavaScript and XML assets for the filterable_radio widget.
• spp_base_common/static/src/js/filterable_radio_field.js
  • Added a new JavaScript file defining the FilterableRadioField widget, which allows disabling individual radio options based on record data.
• spp_base_common/static/src/xml/filterable_radio_field.xml
  • Added an XML template for the FilterableRadioField widget, providing its visual structure.
• spp_change_request_v2/details/update_id.py
  • Imported _ and ValidationError for improved internationalization and error handling.
  • Renamed 'Update Existing ID' to 'Edit ID' in the operation selection field.
  • Updated the id_type_id field to use 'spp.vocabulary.code' with a specific domain.
  • Added related boolean fields (allow_id_add, allow_id_edit, allow_id_remove) to reflect CR type configuration.
  • Implemented a constraint (_check_operation_allowed) to validate if the chosen operation is permitted by the CR type.
  • Modified the _onchange_operation method to clear fields and reset the operation with a warning if the selected operation is not allowed.
  • Removed the description field from being pre-filled during existing ID selection.
• spp_change_request_v2/models/change_request.py
  • Modified _generate_review_comparison_html to support an optional '_header' key for review layouts.
  • Updated _render_comparison_table and _render_action_summary to accept and display a header, and improved the logic for generating display keys from field names.
• spp_change_request_v2/models/change_request_type.py
  • Added new boolean fields (allow_id_add, allow_id_edit, allow_id_remove) to configure allowed ID operations for change request types.
• spp_change_request_v2/strategies/update_id.py
  • Updated _apply_add to use id_type_id.display_name for error messages and logging.
  • Refactored the preview method to generate different review layouts (comparison for 'update', summary for 'add'/'remove') with descriptive headers.
• spp_change_request_v2/tests/test_update_id_strategy.py
  • Updated the test_update_id_preview unit test to assert the presence and value of the new '_header' key in the preview structure.
• spp_change_request_v2/views/change_request_type_views.xml
  • Added a new 'ID Operations' page to the change request type form view, displaying the allow_id_add, allow_id_edit, and allow_id_remove configuration fields.
• spp_change_request_v2/views/detail_update_id_views.xml
  • Redesigned the 'Update ID Document' detail form with a prominent title header and moved the registrant field.
  • Replaced the standard radio widget for 'operation' with the new 'filterable_radio' widget, dynamically disabling options based on CR type configuration.
  • Separated and conditionally displayed existing ID selection groups for 'Edit' and 'Remove' operations.
  • Made the 'ID Information' section invisible for 'Remove' operations or until an existing ID is selected for 'Update'.
  • Removed the description and document_attachment_ids fields from the main view and made the remarks field invisible.
  • Added the chatter widget to the form view.
• spp_cr_types_base/data/cr_types.xml
  • Wrapped the entire XML file in noupdate="1" to prevent data records from being overwritten on module updates.
  • Added a comment clarifying the default values for allow_id_add/edit/remove fields.
• spp_registry/models/reg_id.py
  • Modified the _compute_display_name method to format the display name as 'ID Type - Value' instead of the partner name.
  • Enhanced the _name_search method to allow searching ID records by ID type, ID value, or partner name.

Activity

• New unit tests were added to cover the updated preview structure.
• The author executed unit tests for spp_cr_types_base (7/7 passed) and spp_change_request_v2 (279/279 passed, 286 total with cr_types_base).

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces significant UI/UX improvements to the 'Update ID Document' change request type, making it more flexible and user-friendly. The introduction of configurable operations and a reusable filterable_radio widget are great additions. The code is well-structured, but I've identified a few areas for improvement:

• A potential security vulnerability (XSS) in the review page rendering.
• Some code duplication in a Python onchange method and an XML view that could be refactored for better maintainability.

My detailed comments are attached to the relevant files. Overall, this is a solid feature enhancement.

[gemini-code-assist]

The functions _render_comparison_table and _render_action_summary render HTML for the review page. They use the internal helper _format_review_value to format values. This helper does not escape string values, which could lead to a Cross-Site Scripting (XSS) vulnerability if a user-controlled value (like an ID value) contains malicious HTML or JavaScript. Since review_comparison_html is rendered with sanitize=False, it's crucial to escape all user-provided data.

I recommend updating _format_review_value to use odoo.tools.html_escape. For example:

# In _format_review_value method:
from odoo.tools import html_escape

# ... at the end of the function, instead of just str(value):
return html_escape(str(value))

[emjay0921]

Fixed in 9d94eef — added html_escape via markupsafe.escape to _format_review_value.

[gemini-code-assist]

There's some code duplication in how fields are cleared for different operations. The fields id_type_id, id_value, and expiry_date are reset in both the if and elif blocks. You can simplify this by clearing these fields once before the conditional logic to improve readability and maintainability.

Suggested change

	if self.operation == "add":
	self.existing_id_record_id = False
	self.id_type_id = False
	self.id_value = False
	self.expiry_date = False
	elif self.operation in ("update", "remove"):
	self.id_type_id = False
	self.id_value = False
	self.expiry_date = False
	self.id_type_id = False
	self.id_value = False
	self.expiry_date = False
	if self.operation == 'add':
	self.existing_id_record_id = False

[emjay0921]

Fixed in 9d94eef — deduplicated the field clearing.

[gemini-code-assist]

The field existing_id_record_id is defined twice, once for the 'update' operation and once for the 'remove' operation. This creates code duplication and makes the view harder to maintain. You can combine these into a single group and field definition that is visible for both operations.

Suggested change

	<group invisible="operation != 'update'">
	<group>
	<field
	name="existing_id_record_id"
	options="{'no_create': True}"
	required="operation in ['update', 'remove']"
	string="Select ID to Edit"
	options="{'no_create': True, 'no_open': True}"
	required="operation == 'update'"
	readonly="not is_cr_manager or approval_state not in ('draft', 'revision')"
	/>
	</group>
	</group>
	<!-- Select existing ID for Remove operation -->
	<group invisible="operation != 'remove'">
	<group>
	<field
	name="current_id_value"
	invisible="not existing_id_record_id"
	name="existing_id_record_id"
	string="Select ID to Remove"
	options="{'no_create': True, 'no_open': True}"
	required="operation == 'remove'"
	readonly="not is_cr_manager or approval_state not in ('draft', 'revision')"
	/>
	</group>
	</group>
	<!-- Select existing ID for Edit/Remove operations -->
	<group invisible="operation not in ('update', 'remove')">
	<group>
	<field
	name="existing_id_record_id"
	string="Select Existing ID"
	options="{'no_create': True, 'no_open': True}"
	required="operation in ('update', 'remove')"
	readonly="not is_cr_manager or approval_state not in ('draft', 'revision')"
	/>
	</group>
	</group>

[emjay0921]

Intentionally kept as two separate groups. They show different field labels per operation — "Select ID to Edit" for update and "Select ID to Remove" for remove — so the user gets context-appropriate labeling. Merging them into one group would lose that UX distinction.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.19%. Comparing base (9c2376e) to head (9d94eef).
⚠️ Report is 4 commits behind head on 19.0.

Additional details and impacted files

@@            Coverage Diff             @@
##             19.0     #104      +/-   ##
==========================================
+ Coverage   71.17%   71.19%   +0.02%     
==========================================
  Files         704      731      +27     
  Lines       38554    40229    +1675     
==========================================
+ Hits        27439    28641    +1202     
- Misses      11115    11588     +473     

Flag	Coverage Δ
spp_analytics	86.64% <ø> (ø)
spp_api_v2	79.96% <ø> (ø)
spp_api_v2_change_request	60.29% <ø> (ø)
spp_api_v2_cycles	71.12% <ø> (ø)
spp_api_v2_data	64.41% <ø> (ø)
spp_api_v2_entitlements	70.19% <ø> (ø)
spp_api_v2_gis	71.52% <ø> (ø)
spp_api_v2_products	66.27% <ø> (ø)
spp_api_v2_service_points	70.94% <ø> (ø)
spp_api_v2_simulation	71.12% <ø> (ø)
spp_api_v2_vocabulary	57.26% <ø> (ø)
spp_approval	50.29% <ø> (ø)
spp_area	79.26% <ø> (?)
spp_area_hdx	81.43% <ø> (ø)
spp_audit	64.19% <ø> (?)
spp_banking	80.00% <ø> (?)
spp_base_common	90.26% <ø> (ø)
spp_base_setting	50.00% <ø> (?)
spp_programs	45.51% <ø> (ø)
spp_security	66.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
spp_base_common/__manifest__.py	0.00% <ø> (ø)
spp_change_request_v2/details/update_id.py	75.00% <ø> (+1.92%)	⬆️
spp_change_request_v2/models/change_request.py	82.98% <ø> (-0.23%)	⬇️
...pp_change_request_v2/models/change_request_type.py	66.88% <ø> (ø)
spp_change_request_v2/strategies/update_id.py	88.33% <ø> (-0.20%)	⬇️

... and 27 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.