If first an user submits a role application and next some module automatically or admin manually assigns that role to that user, then the status of the application (in '{domain}/admin/user/apply_for_role') should not be "pending" but "role privilege already assigned" for example.

Comments

Soren Jones’s picture

Soren Jones commented

Another good argument for the API change. But really, roles granted by other modules shouldn't be in that table at all. We could scuttle the application and log it or.... Anyway, agreed this is a bug. I'll look at it. Ideas and patches are also welcome. :)

not_Dries_Buytaert’s picture

not_Dries_Buytaert commented

A simple "if then" would do just fine, like: If status role application == 'pending' and "role == assigned", then printable variable becomes: "role is already assigned'. Perhaps this should be in this quote from the 'apply_for_role.module' file somehow:

function theme_apply_for_role_status($status) {
  $statuses = array(
   -1 => t('Removed'),
    APPLY_FOR_ROLE_PENDING => t('Pending'),
    APPLY_FOR_ROLE_APPROVED => t('Approved'),
    APPLY_FOR_ROLE_DENIED => t('Denied'),
  );
  return isset($statuses[$status]) ? $statuses[$status] : t('Unknown status');
}

Sorry, I wish I could be more of technical help. :-)

Perhaps the approve and deny buttons should be disabled too then, to prevent outgoing emails from being send (after reviewing an application of a role that was granted already).

Soren Jones’s picture

Soren Jones commented

It seems that applications for roles that have been added by other means shouldn't be managed by the apply for role module. At the same time, there should be a record of the application. One option is to add a new hook apply_for_role_void_apply and a new status APPLY_FOR_ROLE_VOIDED and then a) voiding applications on admin page view if the roles have been added by other modules and b) disabling the approve, deny, and delete links for voided applications. That would keep a record of the role application. The same logic could take over when a role is deleted after an application is made. People who don't want to see the voided role applications could then just filter them out in views.

Other options would be to just approve granted roles on admin page view without using the hook so no actions would be triggered or to remove the applications from the DB. But in the first case it would then be possible to deny or delete the granted roles from the manage role applications page and that could create some confusion for other modules that might be handling the roles, and in the second case you lose the record of the user's application.

Any thoughts appreciated.

jnicola’s picture

jnicola commented
Version: 6.x-1.9 » 7.x-2.x-dev
Category: Bug report » Feature request
Priority: Normal » Minor
Issue summary: View changes
Status: Active » Needs work

There is a feature request to check if users are deleted or blocked however, and removes their application. That same feature should be made to check if the user has also already received the role somewhere else...

Adding this as a minor feature request to the 7.x branch so as we can bring this into the aforementioned issue.

jnicola’s picture

jnicola commented

I'm thinking this would be easy enough. Have the module piggy back any user update, check if a new role was added, and if it was added, check for a related request for a role.

The question is, how to proceed from there. If added role manually, delete request? Mark as accepted? Another status for "manually given role"?

From there, what about roles deleted after being granted? Should the old application say "Granted, Deleted manually?"

jnicola’s picture

jnicola commented
Assigned: Unassigned » jnicola