The decision on which fields are writable has been moved into
the user's contract. Previously the fields in the My Account form were only
disabled in the frontend, but when changing the browser form, the user could
still update values. Now the contract has been updated to check the
authentication method as well, denying changes to the own name and email address.
Similarly when the contract prevents edits, this is also reflected in the admin
UI for users. It's not pretty, because there seems to be no formatting for disabled
text boxes in our old forms, but it still gives faster feedback than the
old forms, where you had to submit to see that a change to your own login
was rejected.
In the My Accounts form, this change leads to the curious case, where
an admin CAN change their own name in the My Account view, because admins
could do it in other forms as well. It's surprising, but consistent.
Additionally the behaviour has been harmonized across LDAP and other auth providers.
Editing the email address is now also forbidden in all cases for the user themselves.
Changes attribute names from enable_auto_*_contrast to force_*_contrast
to better match existing UI terminology and differentiate from single
theme contrast settings.
Introduces `My::LocaleComponent` and accompanying forms.
Includes basic spec coverage.
Also applies lang attribute to individual Language options, with the
goal of improving screenreader and browser translation tool support.
Henriette Darge