This is certainly what we should do. We will get this fixed over the next few days.
8 إعجابات
Since the issue here was a staff member sending a multi use invite to a single person, you could keep the old behavior by disabling auto approve for any multiple use invites while keeping it for single use.
Additionally, the education (“this user will be approved when they accept the invitation”) (now only for single use invites) should go on the invite dialog, not the site settings page.
إعجاب واحد (1)
I am afraid I am making the very hard line call here that must_approve_users == VERY HARD LINE definition of explicit approval must be given.
The trouble with implicit approval (which I originally approved) is that it is full of edge cases. Edge cases breed security problems and flaws in the system. Additionally, explaining edge cases regarding implicit approval is way too complicated and not a headache we need.
If you go for must_approve_users we will take the absolute strictest definition and require you explicitly click approve on every single account regardless of invite vs not invite.
8 إعجابات
Just to clarify, the invite link was sent to a meeting chat room, i.e. a bunch of people that were authorized to join, and not to a single person. We set max use to the number of people in that chat room. One of them then forwarded the link to someone else belonging to an unauthorized entity, who used it faster than the people in the chat room.
3 إعجابات
Per:
https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf
And
https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9
We are now done.
@Wall-E feel free to rebuild to get the latest fixes.
3 إعجابات
Great! My sys admin takes care of updating the instance. He only updates from your beta releases when a new one shows up here:
Will it make it there eventually? If so, when could that happen?
[Edit] I see a new one here:
Is it that one?
إعجاب واحد (1)
Yes, you want to hit that one and then when it is complete return to upgrade everything else using the upgrade all button. You have to upgrade docker first, and separately, unless you are upgrading from the command line.
3 إعجابات
Sam, many thanks for addressing this issue. It will take a few days before my sys admin updates things.
3 إعجابات
Not probs!
All thanks should go to @tgxworld / @martin / @gerhard , it is a surprisingly complex change
4 إعجابات
This topic was automatically closed after 7 days. New replies are no longer allowed.