On 22/08/2019 18:12, Thomas Mortagne wrote:
+1 never been a big fan of the duplicate. Would still be better to have a
migration in case someone used the new disabled property to avoid bad
surprises with security
Yes that's the plan, see what I said yesterday on the chat:
I guess we could change that now but we might need a migration to do it
properly:
1. Add the new "email checked" property to users set to false
2. for user "active", set this property to true, and leave the
property to false for user inactive
3. for user disabled, switch active to inactive
4. remove the property "enabled" from users
Le jeu. 22 août 2019 à 16:01, Simon Urli <simon.u...@xwiki.com> a écrit :
Hi everyone,
I recently (in XWiki 11.6RC1) introduced a new property "enabled" in
XWiki.User as part of https://jira.xwiki.org/browse/XWIKI-12654 to
distinguish between inactive users (who have not confirm their
registration with the token sent by email), and disabled users (who are
deactivated by an admin, or by a security mechanism).
Now as Marius noticed those two properties are quite redundant,
especially when you want to know which users are really active.
So it introduces unnecessary complexity and we might even need to change
existing extension to check enabled users (cf the last comments on
XWIKI-12564).
So before doing those changes, I propose to fix immediately the issue by
removing that newly introduced property and by introducing a new
property only for assessing that users' email are checked.
Then we will only have to check "active" property to check if a user is
active or not, and we could rely on it to set them enabled or disabled
in the admin.
The email_check property would be used only for the check email
mechanism, so it will avoid any confusion in the semantic.
WDYT?
Simon
--
Simon Urli
Software Engineer at XWiki SAS
simon.u...@xwiki.com
More about us at http://www.xwiki.com
--
Simon Urli
Software Engineer at XWiki SAS
simon.u...@xwiki.com
More about us at http://www.xwiki.com
