Our Forum has these settings:
- login_required ON
- must_approve_users ON
- min_trust_level_to_allow_invite 2 : member
When testing our forum invites, I noticed that:
- When a TL2 user invites another user via email and
- They click the invite link in their email and
- They fill in the fields and submit it
This happens → they are taken straight into the Forum (as though pre-approved), and can read it at will. They should not be able to do this until approved.
They indeed remain unapproved. If they try to access the site again, they are prevented with the standard “you aren’t approved” message.