"Instantly Approve" link in email notification doesn't work
| Project: | Organic groups |
| Version: | 6.x-2.0 |
| Component: | og.module |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | needs review |
Hello. I have just installed OG on a drupal 35.4xa site and I am testing it. Everything seems to be working fine except for one important detail:
* I created a group that requires group admin approval for membership.
* I then requested to join the group from a different user account.
* I received the email notification that somebody had requested to join the group and clicked on the 'instant approval' link (that URL is something like www.mysite.com/og/approve/group_nid/user_uid).
* When I click on the link I get sent to the that URL but what actually loads in the browser window is the main OG page where the various groups are listed. The user who requested membership is not added to the group.
If I go to www.mysite.com/og/users/group_nid I see the user's name with '(approval needed)' after it but there doesn't seem to be any way to approve the request (screengrab attached). I haven't been able to figure out how to approve the membership request at all. I'm fairly certain that I have enabled all necessary modules and set permissions correctly. Any help much appreciated.
| Attachment | Size |
|---|---|
| group_users.jpg | 12.83 KB |
#1
Sorry--I just realized that I entered a random string of numbers as my Drupal version. It's actually 6.8.
#2
I am having the exact same problem as what is outlined above. I am going to look at the code that processes the URL and see if I can figure out why the above is happening.
#3
I have the same issue to declare. It would be really important if somebody could look into that and fix this bug.
Unfortunately I'm not a coder but I'd gladly help to test intensively patches and report everything back to the community.
Regards,
Stefan
#4
#5
A possibly related issue: when I try to add members to a private group, I get a message telling me I can't unsubscribe because I am the group admin. The only way I could find to put members into a closed or private group was to open it up and list it on the groups page. Then I could use the Add Members tab, put in my members, and then close the group. Surely that can't be the workflow that is intended?
#6
I am not even getting messages that a user has requested to join. I CAN invite someone to join, and they get a message with a link. Following that link gives them a nice page to confirm that they want to join, but if they choose to join, I find absolutely no way to approve them.
#7
To use that instant approval link, you must be logged and be a user authprized to approve for that group. if you areb't, you see the group directory.
In general, the links for approving pending requests are in the members list which can be accessed from a link in the group details block.
This could be a more self evident, but i see no bug.
#8
OK--I created a new group called 'test' which is set to 'Moderated - membership requests must be approved.' I requested membership in the group from a different user account. When I look at the members list (while logged in to the admin account from which I created the group) I see two members listed:
brad Manager admin
bwright (approval needed)
However, I don't see any way of approving bwright's membership. Please see attached screengrab. So, as far as I can tell, the member list does not include any links for approving pending members even if I am logged in to the group manager admin account.
#9
I am having a similar issue, using Drupal 6.10 and OG 6.x-2.0. The admin of a group receives a subscription request, and he is given a link to "instantly approve the request", which is http://www.example.com/drupal/og/approve/{gid}/{uid}, but this link takes the admin to a page similar to http://www.example.com/drupal/og/og (same content, just different URL), and does not approve the user's request to join a group.
I looked on the "List" tab of the group, at the Approve and Deny links. The url behind the approve link is
http://85.122.23.52/drupal/og/approve/{gid}/{uid}/74835e585b090d0be357b9befed6d511?destination=og%2Fusers%2F{gid}
I don't know where this difference comes from, but only the latter link works. Now the group admins cannot approve a request by clicking on the link they receive in the email, they must go to the "List" tab and approve the users.
I noticed that the link in the notification email is generated by the !approve_url token. Maybe the problem is there?
Any help would be appreciated.
#10
FRom that screengrab, it seems that og does not think the current user has admin perms in this group. Not sure why.
#11
I'm attaching you a screenshot of my admin view of the list. The admin has the permission needed to approve or deny a join request (on the List tab of the group), but when he receives the notification email the link to approve the new user is not correct.
#12
I'm having the exact same problem as katiusha - i'm running Drupal 6.13 and OG 6.x.2.0.
So just to be clear, the instant approval url (http://www.example.com/drupal/og/approve/{gid}/{uid}) should work without another argument appended after it?
EDIT: i can confirm the same problem after updating to Drupal 6.14, reverting all og views and running on a more minimum set of updated modules (messaging, notifications, tokens, og, cck and views)
#13
As far as I can see from the code OG expect to have the third parameter in the URL. Some kind of misterious "token". The code responcible for url generation does not include this token.
#14
I am having the same issue. I am using Drupal 6.14 and OG 6.x-2.0. Group admin cannot approve a request by clicking on the link they receive in the email. Group admin must go to the list tab to approve the user.
#15
Confirming I've encountered this same problem, and that it appears to stem from a missing 'token' argument on the URL provided in the email to the admin. I made a naive attempt to generate this token in the email by patching og.module's og_subscribe_user() function thusly:
<?phpif (!empty($admins)) {
drupal_set_message("gid: [$gid], nid: [".$node->nid."], token: [".og_get_token($gid)."]");
$variables = array(
'@group' => $node->title,
'@username' => $account->name,
- '!approve_url' => url("og/approve/$node->nid/$account->uid", array('absolute' => TRUE)),
+ '!approve_url' => url("og/approve/$node->nid/$account->uid/".og_get_token($node->nid), array('absolute' => TRUE)),
'!group_url' => url("og/users/$node->nid", array('absolute' => TRUE)),
'@request' => $request,
);
?>
However, this fails, since the call to og_get_token() gives a token based on the current user's session, but this fails since the desired token is based on the admin/manager's session ID. It seems like trying to include a token in the email link won't work, and there needs to be some other way to confirm an admin clicking on a link in an email is legitimate.
Tracing this backwards, I see that the 'token' functionality was added way back in 2008, in revision 1.511:
http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/og/og.modul...
But as far as I can tell, this bug has always been there, since the og_check_token check added to the top of the og_approve function will always fail when no token is provided on the url. Perhaps there should just an extra check here: if there's *no* token, assume this link was from an email, and redirect the user to a path which includes a token based on the current session- if *this* matches, all should be well?
I'll take a crack at adding this type of check tomorrow, and post a patch if I can get it working.
#16
Ok I've rolled my idea from yesterday into a working (for me, at least) patch. This may be done in a cleaner way, but at least it proves the idea is workable. The patch simply adds an extra menu item to catch og/approve urls without a token attached, and a small bit of logic to the og_approve function to generate a token based on the current user's session, and then redirect the user to the proper approve url.
#17
@spiderman: thanks for your work but are you sure your rolled patch has the needed content? Please take a look into the uploaded file. :)
#18
#19
Attaching a real patch :)
#20
Spiderman,
Thanks for the patch. I installed it but unfortunately, it doesn't work for me. After installing the patch I get a 'page not found' error when trying to load URLs like:
www.mysite.com/og/approve/group#/user#
Before installing, I would just get redirected to the main OG page and the user would not get added to the group.