I have a feature requirement I am trying to work out for a new site I am building for a client. However, I am not sure how to proceed with this feature, and would like some advice. I've tried posting in the regular drupal forums, and asking in the various IRC chats, but have not been able to raise any suggestions, so now I turn to you!
We are using the rolesignup module to allow users to sign up into certain roles. For all roles but one or two, we do not want the user accounts to have to depend on admin approval. However, there are certain roles that need to have access to sensitive contents - we would like these roles to be subject to admin approval.
Is there any way to run a check on which role a new account belongs to, and to hold it for admin approval if it is of a certain type?
I appreciate any and all advice and direction on this!
Comments
workflow_ng?
Have you looked at workflow_ng? I've barely looked at it myself, but I've read about it. I think it would be able to do what you're asking about.
Thanks for the reply
Thanks for the reply nadavoid.
Can anyone else confirm if this can be handled by workflow_ng? I have used it before for other things, and I don't seem to recall it being able to do something like this. Of course, that was several revisions ago.
Brian Vuyk
Senior Developer, PINGV Creative
bv@pingv.com | (315) 849-9733 | Skype: brianvuyk
any further suggestions?
any further suggestions? Workflow_ng does not seem to be able to do what I need.
Brian Vuyk
Senior Developer, PINGV Creative
bv@pingv.com | (315) 849-9733 | Skype: brianvuyk
maybe use hook_user
maybe use the register $op on hook_user to determine the role, and then set the account status to blocked rather than active.
maybe a workaround...
I was just poking around in workflow_ng, just to see what it is capable of by itself. I think there is something there that might work for you, although not exactly as you would like.
Hopefully that helps some. Let us know if you end up working out a better solution.
Yes, that is more or less
Yes, that is more or less what I was playing with. However, I can't find out how to trigger this action.
Simply put, I suspect that at the point that workflow_ng checks whether to fire (ie, immediately after the user registers), the user's role hasn't been assigned yet.
I suspect this is due to how rolesignup works - from poking around the rolesignup.module, it appears that the roles are added after the workflow event is fired. Explicitly, the module makes an entry into the roles table in hook_users when the 'insert' op is triggered:
<?php/**
* Implementation of hook_user()
*/
function rolesignup_user($op, &$edit, &$account, $category = NULL) {
switch ($op) {
case 'insert':
$roles = user_roles(1,'register for role');
if ($roles[$_SESSION['role']]) {
db_query("INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)", $account->uid, $_SESSION['role']);
}
}
}
?>
So, this means the 'user has registered' event trigger doesn't work. None of the other ones are guaranteed to be only once; a user may update his account information multiple times.
A work around I am thinking about is to create another utility role. This will be automatically added by rolesignup when users signup for the sensitive role. Then, when they first log in and view their user page, fire an event to do the above.
Of course, this isn't perfect, and kind of is the long way around. Any better suggestions?
Brian Vuyk
Senior Developer, PINGV Creative
bv@pingv.com | (315) 849-9733 | Skype: brianvuyk
Did you find a solution?
I have the exact same requirement that users of a particular role need to go through the approval process, all others can create and use their accounts rightaway.
I will appreciate if you can post your solution.
Drupal 6 solution
Hey itzramona,
Stumbled across this thread while doing a Google search, because I was trying to solve the same problem; thought I'd leave a solution for anybody else who comes by here.
These days, in Drupal 6 you should have a look at the Rules module, which is the successor to Workflow NG.
A quick rundown of how you'd do it:
- Create rule that listens for the "User account has been created" event
- Then add a "User has role(s)" condition, which you set to whatever roles you want to be "blocked" initially
- Add a "Block a user" action, specifying that you're blocking the user that was registered
This means that when the user self-registers, they will be immediately blocked. (ie. in need of approval)
I haven't tested this myself, but you may also need to add two more actions, one to send an email to administrators, telling them a user is in need of approval, and another action (which may not be required, I'm not sure) that executes some PHP code which will log the current user out (user_logout). If you do need to do that last step, then you might want to add another Condition that checks the "acting" user's role, and make sure you don't log out an administrator if they're creating the user manually. :)
Hope that helps. Good luck!