[T2910] [MIG] - Migrate website_child_protection (Work In Progress, don't merge it)

[SlWa99]

[MIG][18.0][WIP] website_child_protection: Technical Migration & V14 Work Integration

Description

This PR performs the technical migration of the website_child_protection module from Odoo 14.0 to Odoo 18.0.

---

Context & Parallel Work

Important note: in parallel with this technical migration, visual and structural changes were made to this page in Odoo 14 by Daniel (see PR: T2957 code of conduct).

It is mandatory to review this V14 PR to ensure that the final Odoo 18 result is functionally equivalent and visually identical to the latest validated V14 version.

---

Major Technical Changes

The architecture has been reworked to comply with Odoo 18 standards and to remove the dependency on the website_form module.

---

1. Backend Implementation (controllers/main.py)

The logic was moved from a transient model wizard (V14 approach) to a direct HTTP controller (V18 approach).

Route Definition
Created a new route /partner/child-protection-charter/submit restricted to POST methods.

Security

• Enabled csrf=True to enforce token validation.
• Used .sudo() explicitly (scoped to this controlled write operation) to search for and update the res.partner record.
  This allows anonymous (public) users to write without introducing complex ACL rules in ir.model.access.csv.

Logic

• Extracts partner_uuid and agreement status from request arguments (kwargs).
• Validates the mandatory checkbox.
• Writes datetime.now() to the date_agreed_child_protection_charter field.
• Handles redirection explicitly via request.redirect().

PS : The logic of the controller can be improved.

---

2. Frontend Implementation (child_protection_charter.xml)

The XML template was refactored to remove all dependencies on the legacy s_website_form snippet system.

HTML Structure
Replaced the snippet-based container with a standard HTML5 <form> pointing to the new controller route.

CSRF Injection
Added the mandatory hidden input:

<input type="hidden" name="csrf_token" t-att-value="request.csrf_token()"/>

---

Removed Files

The following files were removed as they are obsolete with the new architecture:

• static/src/js/website_child_protection.js
  Legacy JavaScript is no longer required with a native HTML form.

• wizards/agreement_child_protection_charter_form.py
  Wizard logic has been migrated to the controller.

• security/ir.model.access.csv
  Access rights related to the removed wizard are no longer needed.

• data/form_data.xml
  Whitelist configuration for website_form is no longer applicable.

• templates/assets.xml
  Asset declaration is now handled in __manifest__.py.

---

Remaining Work: Styling & Visual Adjustments

The functional code is complete. CSS integration still needs to be finalized to match the design validated in Daniel’s V14 PR.

Required adjustments (CSS/SCSS):

• Margins: Align the form block horizontally with the charter text.
• Colors: Apply the Compassion Blue color to section titles ("Child Protection Charter", "Code of Conduct").
• Submit Button:
  • Remove rounded corners.
  • Apply Compassion Blue background color.
  • Add left offset to avoid sticking to the page edge.
• Required Field Indicator:
  • Ensure the asterisk (*) is black and visually subtle.

---

Test Procedure

1. Access the page:
   http://localhost:8069/partner/child-protection-charter

2. Compare the visual rendering with the V14 PR (link: T2957 code of conduct).

3. Submit the form.

4. Verify:

   • Redirection to the confirmation page.
   • Correct update of the date field on the related partner record in the database.

[gemini-code-assist]

Summary of Changes

Hello @SlWa99, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request undertakes a comprehensive technical migration of the website_child_protection module from Odoo 14 to Odoo 18. The primary objective is to modernize the module's implementation by replacing its wizard-based backend and website_form driven frontend with a more direct, controller-based approach and standard HTML forms, adhering to contemporary Odoo development practices. This architectural overhaul aims to improve maintainability and compatibility with the new Odoo version, while also ensuring that the user experience remains consistent with recent design updates in the Odoo 14 counterpart.

Highlights

• Odoo Version Migration: The website_child_protection module has been technically migrated from Odoo 14.0 to Odoo 18.0.
• Architectural Rework: The module's architecture was significantly updated to align with Odoo 18 standards, specifically by removing the dependency on the website_form module.
• Backend Logic Shift: The core logic for handling child protection charter agreements has moved from a transient model wizard to a direct HTTP controller (controllers/main.py).
• New Submission Route: A new POST route, /partner/child-protection-charter/submit, has been introduced, featuring CSRF protection and explicit sudo() usage for secure res.partner record updates.
• Frontend Refactoring: The child_protection_charter.xml template was refactored to replace the legacy s_website_form snippet system with a standard HTML5 <form> element.
• File Removals: Several obsolete files related to the old architecture (e.g., static/src/js/website_child_protection.js, wizards/agreement_child_protection_charter_form.py, security/ir.model.access.csv, data/form_data.xml, templates/assets.xml) have been removed.
• Styling Pending: The functional migration is complete, but visual adjustments and CSS integration are still required to match the design of a related Odoo 14 PR.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully migrates the website_child_protection module to Odoo 18.0, refactoring it to remove the dependency on website_form and adopting a modern controller-based approach. The code is much cleaner and follows current Odoo standards.

I've identified a few areas for improvement:

• There's a functional regression where a redirect parameter is lost in one of the controller methods.
• The form's error handling for the required checkbox is incomplete, as no message is displayed to the user upon validation failure.
• A minor point on using CSS utility classes instead of inline styles in the template for better maintainability.

Overall, this is a solid migration. Addressing these points will make it even better.

[gemini-code-assist]

The redirect to the confirmation page loses the original redirect query parameter. This can lead to incorrect navigation for users who have already agreed to the charter. The redirect parameter should be preserved, similar to how it's handled in the child_protection_charter_submit method.

        if date_signed and (datetime.datetime.now() - date_signed).days < 365:
            target = "/partner/child-protection-charter-agreed"
            redirect_url = kwargs.get("redirect")
            if redirect_url:
                target += "?redirect=" + redirect_url
            return request.redirect(target)

[gemini-code-assist]

When the form is submitted without the 'agreed' checkbox checked, you redirect the user back to the form with ?error=required. However, the template child_protection_charter.xml does not handle this query parameter to display an error message to the user. This results in a poor user experience as they are not informed why the submission failed.

You should add logic to the template to display an error message. For example:

<t t-if="request.params.get('error') == 'required'">
    <div class="alert alert-danger" role="alert">
        You must agree to the charter to continue.
    </div>
</t>

[gemini-code-assist]

Using inline styles (style="margin-top:0;") is generally discouraged for maintainability. It's better to use CSS classes. Since you are using Bootstrap, you can use a margin utility class like mt-0 to achieve the same result while keeping the markup cleaner.

Suggested change

	<input
	class="form-check-input"
	type="checkbox"
	name="agreed"
	id="agreed"
	required="required"
	style="margin-top:0;"
	/>
	<input
	class="form-check-input mt-0"
	type="checkbox"
	name="agreed"
	id="agreed"
	required="required"
	/>