Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-18886

New user registrations only viewable by Administrator until validated

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Medium Medium
    • Resolution: Fixed
    • Affects Version/s: 4.5.0
    • Fix Version/s: None
    • Labels:
      None
    • Environment:

      eZ Publish 4.5

      Description

      The problem at hand is that in version 4.4 the user object was created and published when the user registered. The new user then got an email to validate and enable that user object.

      However, in version 4.5 it seems the user object is not published on user registration, but rather is set up as a draft under Administrator user, and is only published after the user acknowledges the email sent, clicking on the activation link.

      The new accounts will be pending until the user clicks on the activation link, and only Administrator is able to edit the new draft. This would become a problem when for instance the user doesn't receive the email.

      If we grant access to the dashboard for a group of users, in order to allow them to approve pending accounts, this won't work at all, because each user can only see their own drafts, not other user's drafts. And user registration drafts will be owned by the Administrator.

      Only if we set "VerifyUserEmail=disabled" in our site.ini.append.php the user object is published automatically, avoiding this draft issue.
      But in that case we are unable to validate email addresses.

        Issue Links

          Activity

          Hide
          Arne Bakkebo added a comment -

          There are more problems here. Firstly, the draft user objects are not editable unless you set the default section id in site.ini (see related issue 18832). Also, the user registration email sent to the administrator contains a link to view the new object, the link doesn't work until the user has activated.

          In general it seems to me this backwards compatibility break has been done prematurely, there should have been more considerations into possible consequences.

          Show
          Arne Bakkebo added a comment - There are more problems here. Firstly, the draft user objects are not editable unless you set the default section id in site.ini (see related issue 18832). Also, the user registration email sent to the administrator contains a link to view the new object, the link doesn't work until the user has activated. In general it seems to me this backwards compatibility break has been done prematurely, there should have been more considerations into possible consequences.
          Hide
          Ricardo Correia added a comment -

          In reply to comment #057509
          Dear Israel Martín,

          Please note that it's possible to approve user accounts with multiple administrator accounts. When using workflows all your administrators will receive the notification to approve a new user, and can do that on "Collaboration" under "Dashboard". Could this be a possible solution for you?

          Show
          Ricardo Correia added a comment - In reply to comment #057509 Dear Israel Martín, Please note that it's possible to approve user accounts with multiple administrator accounts. When using workflows all your administrators will receive the notification to approve a new user, and can do that on "Collaboration" under "Dashboard". Could this be a possible solution for you?
          Show
          Damien Pobel (eZ) added a comment - Implemented in ezpublish master https://github.com/ezsystems/ezpublish/commit/cc4d80951a130ae158b5243688e6b174e27b8a12
          Hide
          Damien Pobel (eZ) added a comment -

          In reply to comment #057513
          Additional fix in eZ Publish master https://github.com/ezsystems/ezpublish/commit/ae6edc5f8e6badb05a01d528e4d502c5dbdec1e9
          (make sure the link to user/unactivated is shown when the user has the user/activation policy)

          Show
          Damien Pobel (eZ) added a comment - In reply to comment #057513 Additional fix in eZ Publish master https://github.com/ezsystems/ezpublish/commit/ae6edc5f8e6badb05a01d528e4d502c5dbdec1e9 (make sure the link to user/unactivated is shown when the user has the user/activation policy)
          Hide
          Damien Pobel (eZ) added a comment -

          In reply to comment #057514
          Yet another additonal fix due to the fact that manually enabling an user through the admin interface does not remove the corresponding ezuser_accountkey record : https://github.com/ezsystems/ezpublish/commit/28c7f7a6cc3082836c5c7d34d862bec7cc9aef17

          Show
          Damien Pobel (eZ) added a comment - In reply to comment #057514 Yet another additonal fix due to the fact that manually enabling an user through the admin interface does not remove the corresponding ezuser_accountkey record : https://github.com/ezsystems/ezpublish/commit/28c7f7a6cc3082836c5c7d34d862bec7cc9aef17

            People

            • Assignee:
              Damien Pobel (eZ)
              Reporter:
              Ricardo Correia
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: