Jump to:
| Project: | LoginToboggan |
| Version: | 7.x-1.2 |
| Component: | Miscellaneous |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
In the config UI for LoginToboggan, under Registration, there is an option to "set password" that highly recommends creating a "pre-authorized" role with limited permissions to assign to new users before their email is authorized. The problem I am having is that whenever I create a new role using the People/Permissions/Roles administration menu in Core, the new role automatically inherits all the permissions of the Authenticated User. You can add additional permissions beyond the Authenticated User, but you can't remove any permissions, so it doesn't seem to be possible to create a new role with permissions in between an Anonymous User and an Authenticated User as recommended by the LoginToboggan module. Is this a bug in Core or am I missing something?
Comments
#1
This issue has been raised before:
#628334
#1306966
In fact, the current implementation does not work, especially since D7 now automatically applies all permissions of the authenticated user role to ALL roles except anonymous, an extremely useful feature, which you must work against in order to get the current logic of LT to play nicely.
That is, you'd have to remove ALL permissions from the authenticated user, set the limited set to your pre-auth user role and then create a new "really authenticated user role" with the full permission set -- and to top if off you have to implement through Rules or your own module an action to elevate the authenticated user to the "really authenticated user" role once that user has authenticated, until a feature such as the one mentioned in #628334.
#2
I've added a patch that addresses this to #628334