Continuing the discussion from Going live tomorrow - need help:
I was thinking about this. Currently, enabling must_approve_users
does two things:
- make sure that every user must have approved = true
- having all new users go through the manual approval process
This indeed causes existing users to be unable to login, since they never have been approved.
I was thinking about a good solution for this and first I considered approving all users that exist at the moment the setting is enabled, but that would cause all users in an existing approval queue to be approved when the setting is toggled off and on.
Instead, I think the right way to implement this is to make it mean 'all users must be approved manually’.
I.e., during the time the setting is disabled, all users should be approved automatically and have (approved = true, approved_by = System) upon email validation.
This would yield the same functionality but solve the issue that it is impossible to just turn this setting on without intervention in the database or using the API.