Only allow username editing if username is unset

Once set, the username cannot be changed or deleted. If attempted this
fails with “405 Method Not Allowed”.

Change-Id: I15711ce9c6b350becd2a10fccc9655234e88bc8a

polygerrit-ui/app/elements/settings/gr-account-info/gr-account-info.html

@@ -48,7 +48,7 @@ limitations under the License.
         <span class="title">Username</span>
         <span
             hidden$="[[usernameMutable]]"
-            class="value">[[_account.username]]</span>
+            class="value">[[_username]]</span>
         <span
             hidden$="[[!usernameMutable]]"
             class="value">
@@ -57,7 +57,7 @@ limitations under the License.
               id="usernameInput"
               disabled="[[_saving]]"
               on-keydown="_handleKeydown"
-              bind-value="{{_account.username}}">
+              bind-value="{{_username}}">
       </section>
       <section id="nameSection">
         <span class="title">Full name</span>

polygerrit-ui/app/elements/settings/gr-account-info/gr-account-info.js

@@ -27,7 +27,7 @@
       usernameMutable: {
         type: Boolean,
         notify: true,
-        computed: '_computeUsernameMutable(_serverConfig)',
+        computed: '_computeUsernameMutable(_serverConfig, _account.username)',
       },
       nameMutable: {
         type: Boolean,
@@ -64,11 +64,14 @@
       /** @type {?} */
       _account: Object,
       _serverConfig: Object,
+      _username: {
+        type: String,
+        observer: '_usernameChanged',
+      },
     },
 
     observers: [
       '_nameChanged(_account.name)',
-      '_usernameChanged(_account.username)',
       '_statusChanged(_account.status)',
     ],
 
@@ -82,7 +85,11 @@
       }));
 
       promises.push(this.$.restAPI.getAccount().then(account => {
+        // Provide predefined value for username to trigger computation of
+        // username mutability.
+        account.username = account.username || '';
         this._account = account;
+        this._username = account.username;
       }));
 
       return Promise.all(promises).then(() => {
@@ -117,7 +124,7 @@
 
     _maybeSetUsername() {
       return this._hasUsernameChange && this.usernameMutable ?
-          this.$.restAPI.setAccountUsername(this._account.username) :
+          this.$.restAPI.setAccountUsername(this._username) :
           Promise.resolve();
     },
 
@@ -131,8 +138,10 @@
       return nameChanged || usernameChanged || statusChanged;
     },
 
-    _computeUsernameMutable(config) {
-      return config.auth.editable_account_fields.includes('USER_NAME');
+    _computeUsernameMutable(config, username) {
+      // Username may not be changed once it is set.
+      return config.auth.editable_account_fields.includes('USER_NAME') &&
+          !username;
     },
 
     _computeNameMutable(config) {

polygerrit-ui/app/elements/settings/gr-account-info/gr-account-info_test.html

@@ -123,6 +123,8 @@ limitations under the License.
     test('username render (mutable)', () => {
       element.set('_serverConfig',
           {auth: {editable_account_fields: ['USER_NAME']}});
+      element.set('_account.username', '');
+      element.set('_username', '');
 
       const section = element.$.usernameSection;
       const displaySpan = section.querySelectorAll('.value')[0];
@@ -179,10 +181,11 @@ limitations under the License.
       });
 
       test('username', done => {
+        element.set('_account.username', '');
+        element._hasUsernameChange = false;
         assert.isTrue(element.usernameMutable);
-        assert.isFalse(element.hasUnsavedChanges);
 
-        element.set('_account.username', 'new username');
+        element.set('_username', 'new username');
 
         assert.isTrue(usernameChangedSpy.called);
         assert.isFalse(statusChangedSpy.called);