The module was recently changed so the "Set password but do-not login" option was removed. I used this because I do not want people logging-in until they authenticate themselves. The reason is, if they can log-in but not post anything, its very confusing for people. I'd rather keep them out completely. Plus, we use gallery, so non-authenticated folks could potentially use the photo gallery without ever validating.

Currently on my settings page, under "non-authenticated role", the only option I can pick is "authenticated user", which I don't want. Its not giving me the "anonymous user" option, which is what I do want. So, people have been logging in and posting content without ever validating because they are all being given the authenticated role automatically. This is a big problem and its causing us and our users significant confusion and frustration.

So, I followed the instructions which says to create a new role with the permissions I want for the non-authenticated person. I created this new role and gave it the same permissions as Anonymous. Now, when I go to the edit page for any user, the "roles" section appears. And it says:

The user receives the combined permissions of the authenticated user role, and all roles selected here."

What this means is that no matter what role I select, they will ALWAYS have the authenticated roles permissions IN ADDITION to whatever the additional role is. So the whole concept of allowing folks to log-in but not post anything without validation is impossible.

Can you please, please, please add back in the "set password and don't allow log-in" option??????? Please, please, please. Perhaps you don't see the need for it, but why remove functionality that others might want?

Comments

hunmonk’s picture

hunmonk commented
Category: bug » feature
Priority: Critical » Normal

The user receives the combined permissions of the authenticated user role, and all roles selected here

this was fixed quite awhile back--you probably need to upgrade to the latest 4.7 version of the module. to be clear, when a user is in the pre-auth role, they do _not_ receive auth permissions, so setting a pre-auth role with the same perms as the anon user will effectively give them anon user perms. the module cannot offer the anon user itself as the pre-auth role, due to changes in drupal core from 4.6 -> 4.7

Can you please, please, please add back in the "set password and don't allow log-in" option? ... Perhaps you don't see the need for it, but why remove functionality that others might want?

i've stated this before in other issues--since you have complete control over what perms a user has by using the pre-auth role, it makes no sense to not log them in if they're choosing their own password. the user message after they register clearly states that they need to validate before they receive full site perms.

while i can appreciate that the removal of a previous feature can be frustrating, i still stand by the decision for a number of reasons:

  1. the workflow is the same as the recently added feature to drupal core for 5.0
  2. the use cases that require that specific ability are rare, IMO
  3. it's easier to maintain code that doesn't have every feature in the world. if you simply go about adding every feature that everybody requests to a module, it quickly becomes a spaghetti mess of code.
  4. anyone who is determined to have that specific feature can implement it in their own version of the module--it's the beauty of open source software.

since there is no bug in the module regarding your request, i'm moving it to a feature request at normal priority.

hunmonk’s picture

hunmonk commented
Status: Active » Closed (won't fix)