Start creating new permissions for registration #2674
Conversation
josephsnyder
force-pushed
the
rework_registration_disabling
branch
from
ecb7eef to
ed4cdfc
Compare
josephsnyder
force-pushed
the
rework_registration_disabling
branch
3 times, most recently
from
35afe82 to
fedf702
Compare
josephsnyder
force-pushed
the
rework_registration_disabling
branch
from
fedf702 to
2157412
Compare
Introduce a new setting that determines what registration forms are shown as the pages are accessed: PUBLIC (or not set) : All registration forms are available and non-users can register an account PROJECTADMIN: The public form is hidden and users must be added via the "Manage project users" or "Manage users" by someone with Project Administrator priviliges or highter. ADMIN: Only the Site administrators may register a new account via the two available forms. DISABLED: All registration forms are disabled and registration must occur through a different means (via OAuth/LDAP).
josephsnyder
force-pushed
the
rework_registration_disabling
branch
from
2157412 to
4df5038
Compare
There was a problem hiding this comment.
After thinking about this some more, I have come to doubt the merits of allowing global administrators or project administrators to set the password for new users in any circumstance. Instead, we could get roughly the same effect (allowing administrators to gatekeep the users allowed on the CDash instance) by simply allowing them to send invite-only signup links to email addresses. That way, users are always responsible for setting their own password.
Any thoughts on this?
|
@williamjallen, I think consistency would be best, whatever that is since the same global administrator would have different capabilities based on the page used to add the incoming user. Either way, we would be able to use the policy above to ensure that the form is hidden or displayed. |
|
As per our in-person conversation, I'm converting this to a draft pending the resolution of the changes suggested in #2674 (review). |
Introduce a new setting that determines what registration forms are shown as the pages are accessed:
PUBLIC (or not set) : All registration forms are available and non-users can register an account
PROJECTADMIN: The public form is hidden and users must be added via the "Manage project users" or "Manage users" by someone with Project Administrator priviliges or highter.
ADMIN: Only the Site administrators may register a new account via the two available forms.
DISABLED: All registration forms are disabled and registration must occur through a different means (via OAuth/LDAP).