Allow users invited by staff to skip approval

When a new user joins via an invite link, I’m finding that I also need to approve the user at the moment.

This defeats the whole purpose of an invitation; I may as well just send them the link to the forum.

I’ve tried this for a variety of situations (new link, old link, single person, multiple) on more than one instance, and it is the same.

I’ve got /admin/site_settings/category/all_results?filter=must_approve_users TRUE for these instances. It seems to be taking it a bit too literally! I want only to need to approve those who are joining without an invite, which is how things used to operate.


If you set must approve users you explicitly opted that every user must be explicitly approved.

We had to change this due to security concerns of Discourse users.

I guess change the forum to “invite only”, “requires login”? Then restrict the people who are allowed to invite.


I thought that an invitation from staff was explicit approval - especially if it includes the email address of the user!

With an open invitation there is of course plenty of opportunity to abuse the link. But the staff member has to deliberately set the link up to allow that, and can take responsibility for (and limit) that risk quite easily.

It also means that people who stumble across my site can’t join it and are excluded unless they can find someone to invite them. That sucks.


How about adding two options to /admin/site_settings/category/all_results?filter=must_approve_users?

  1. Staff must approve ALL users
  2. Unless invited by staff, users must be approved
  3. Only public registrations require staff approval
  4. No staff approval required

Happy to add this into the feature request bucket, sadly we do not have bandwidth to work on extra fidelity here right now


It was, the behavior was changed about a month ago though:

We have an instance used by a charity/union for skills training which has been similarly impacted.

Prior to the change staff invited users to bypass approval, now they have to do both. With the need to go back and verify each approval vs membership lists It has increased their admin overhead substantially.


Yeah … long term solution I guess is to add a site setting that allows for the relaxed approval mode I guess, opt in.

I worry though cause getting security right here is very very hard. The more edge cases we allow for, the more complexity and potential security flaws.


I wonder if the main edge case is just allowing the must approve user setting to be overridden if the invite has a specific email address in it, and keep the must approve user setting for the anonymous invite links—but it may be more complex on the back-end to do that than I imagine.


This makes sense to me, especially if the invite was to a specific email address AND was sent from staff. I do not imagine a second level of approval would be needed in that scenario.


How about either allowing admins only to set a flag “auto approve” and optionally limit it to “unchanged email” or “restricted to one” or some such? In my case I would even be happy with a command line inviter which can create those special pre-aprroved invites, is there something like this available?

I’m afraid not.

As a crummy workaround I’ve done as Sam suggested:

I’ve quite liberally spread around an invite to our Forum, and that works nicely.

The issue is for the ‘walk-ins’ who stumble across the site via a Google search or similar. They have to email in for a joining link which is a right pain in the admin butt.

Arman’s suggestion is a pretty simple one and I don’t think it would be too hard to implement (or be leaky):

Any chance this is doable?



At the mo, this simply isn’t the case if must_approve_users is TRUE:

Each time we have a group of folk to invite we either accept a lot of friction (the approval step) or have to reconfigure the site temporarily (and close it to public registrations), which is pretty painful.

Any thoughts on this happening one day?


Not against it, but it is not slotted quite yet.


Hi, I’d like to also request that there be a feature for staff invites to bypass the approval step, perhaps by an optional boolean on the Invite generation dialog.

At present, the “Share this link to instantly grant access to the site” simply isn’t true at all for sites which are must_approve_users.

The solution would seem to be as discussed in “option 4” here in the topic which discussed the bug which fixed the security issue but left us with this problem with ‘pre-approving’ an invite link.

To recap, this request is so that staff on a must_approve_users site can create an invite link which will bypass the approval step. Although the site I run is requires approval, we would sometimes like to be able to ‘pre-approve’ users via an invite link which we know is going to be shared privately to trusted individuals, or when we share the link at a physical event which is related to the forum community. (We don’t necessarily know the preferred email addresses of such invitees so can’t use a bulk invite)


With our large(ish) must_approve_users sites, this remains a right pain whenever we hold a physical event.

The issue is that we can’t just give folk a lovely QR code, invite, or link to jump straight onto our instance. At least not without a bit of an ugly workaround.

The workaround and its issues

Turning off must_approve_users and making the site invite_only isn’t really satisfactory as:

  1. Many folk seem to stuff up any invite process and try to come in through the (now locked) ‘front door’

  2. The buzz created by the event generally spills over to non-invitees too - but they can’t apply to join either

  3. There is still a bug where staged users lose their custom user field inputs when they sign up

    • this stuffs up alternative pathways in (unless a completely external email address is used)

The current state since the change has definitely made things much more difficult. The skills training charity I worked with who were most impacted opted to shutter their community several weeks later.

It’s just too much additional admin overhead when you have hundreds of people coming and going each week.


Thanks for bringing this up again. I think we are at rule of three here that some fix is needed to make inviting easier and more seamless. The invite system has proven to be tricky to change because everybody seems to be using it differently. We’ll want to have clear marching orders and try to avoid breaking their workflow. :sweat_smile:

I’ll check with the team and see what we can manage. :crossed_fingers:

This is news to me let’s look at that separately.


As far as I can tell all we needed for the last change was a setting and an agreed-upon default.

We went from all staff invites bypassing approval to all invites requiring approval.


You make it sound so easy! :slight_smile:

Our concern is that sites can be set up in many different ways and then expect the invite system to work in different ways as well. Security is a very real concern. So we will be treading carefully when making any more changes to the invite system.

My personal feeling is that the following approach would be best, because it doesn’t depend on an admin setting and makes the behavior crystal clear directly on the invite modal. It would be hard for even someone completely new to discourse to accidentally create and share an invite link that does something they do not expect. What do you all think?

  1. When must approve users admin setting enabled
  2. Toggle is shown to staff on the invite modal to create an invite that bypasses approval requirement. e.g. [ ] Do not require approval by staff
  3. Invites redeemed when toggle in (2) is selected let the user into the site without requiring approval

The assumption is that only staff should have access to this toggle, because the intent of the must approve users setting is to give staff control over who is allowed to join the community.

If there is sufficient demand for it, we could later consider adding an admin setting to determine who has access to this feature by group.


Sam went so far as to refer to the change as being surprisingly complex. I don’t doubt him.

The aggregate effort of the original change and plus this is obviously going to be greater than had this been considered from the outset. We established at the time that while one community found the current default objectionable, there were several communities which hinged on this behavior. For example, for the union who abandoned their Discourse-based skills training site didn’t take the decision lightly, but it was but impractical for them to continue once trainees invited by staff were lost in the general approval pool.

If the issue here was a lack of explicit understanding, then there probably needs to be an intermediary step between must approve users and the invite modal which offers the option for staff invites to bypass approval, otherwise the original complaint which led to this change could still arise.

So more like:

  1. When must approve users admin setting enabled and a new staff invites bypass approval is changed from its default of never:
  2. If always then the old behavior would take effect
  3. If optional then display the switch in the modal to give the option of bypassing subsequent approval

Without the intermediary admins aren’t fully aware of the implications of must approve, and a little granularity will solve the other issue when forgetting to use the toggle


I believe that would work really nicely (perhaps with @Stephen’s tweak too) - and love that it is a person-centered approach that shouldn’t break anything as it would leave the default machinery completely intact.

An edge case of super high importance to me however would be automatic email invites related to group invitations. This allows people to be added to a group OR sent an invitation depending on if they are already signed up via a single admin act. Personally, I’d really need this to be covered somehow too.

1 Like