It seems the logic for weather the password can be set is affecting the Admin Approval Process. This may be true for other use cases but my patch is very targeted. If $reg_pass_set or if it's not set should yield no effect on the user $status if the account needs approval first. The approval process consists of unblocking a user so if the user is status=1 then they are free to login without being approved by admin.
Feel free to discuss, maybe I have some fundamental concept incorrect but the patch targets only that change and should not effect any existing use cases that people would be using.
Cheers,
joel
Comment | File | Size | Author |
---|---|---|---|
logintoboggan-approval.patch | 553 bytes | joelpittet |
Comments
Comment #1
joelpittetComment #2
stevecowie CreditAttribution: stevecowie commentedThe logic of LT is that if you are allowed to set your password, you are automatically given status of 1, meaning no admin approval is needed, but you are then strongly recommended to assign the new user to a role with very limited permissions. Once, the new user confirms the email address, s/he becomes an authenticated user. If your use case is wanting to allow users to create the password at registration time but also require administrator authentication, LT may not be the right module for you.
Having said all that, it does seem that quite a few people would like to combine the ability to set a password with adminstrator approval for accounts so I'll leave this open for a while to see if we get any further comments.
Comment #3
blainelang CreditAttribution: blainelang commentedFor a current project, I am in need of allowing the new users to set their password in the registration, but require site admin approval once the user has confirmed their email account. It would be nice if the site admin could know if they have completed the email verification.
Once approved, "un-authenticated" role removed, a welcome email should be sent. Presently no email is sent out and I was wondering if LT is supposed to have that feature or do I use rules or custom module for that?
Comment #4
emilorol CreditAttribution: emilorol commentedHi,
This is good feature to have and to be honest I don't know why is added to the regular module distribution. I work in a similar setup for Drupal 6 and you can find it here:
In a nutshell this is what we want:
Note: I will not hurt to notify the site admin that the user email is valid and that he/she can approve the user account.
Is there any hooks in the module that can be use to add the extra functionality?
Comment #5
Jiri Volf CreditAttribution: Jiri Volf commentedHi,
for my use case this feature is also useful, i want to manually check ceratin custom user fields before the user is activated and i want the proces of registration to be simple, so prefer not forcing user to use one time login emails. It also happened to me that spammers got through mollom, so i prefer to check it manually, before i let the user in at all. It also confused me a bit - in general user account config is the option that new accounts have to be approved by admins and it didnt work, so i belived its a bug for a while before finding this thread.
Thanks for the patch - which seems to work, and for the module itself of course :)
Jiri
Comment #6
MrPaulDriver CreditAttribution: MrPaulDriver commentedSimilar requirements.
- User to have immediate login and restricted permissions
- User to validate own email, before notification email is sent to admin
- I want to review certain custom fields before approving an account
Currently, it seems that if immediate login is allowed then the [user:validate-url] token is excluded from the awaiting approval email and the account is flagged with the unvalidated role if configured. When the administrator approves the account it is set to authenticated even though no email validation has taken place.
I guess this can be mitigated by double email input, but it is not quite the same and could lead to problems down the road with password reminders and system emails.