Hi. I'm starting to consider this and look at the code. My thinking so far:
1) Authentication After attempting to log in, the user is currently taken to a page that says "Access Denied" but which has tabs that allow them to access content and continue per normal. There is a simple fix for that issue - calling $this->logout(); at line 1398 in lib/user.php, prior to throwing the exception that causes the issue. But, given the questions above, it seems to me that something more complicated needs to happen at that point... (Question from above:) "What happens when you are a member of more than one institution?" We could fall back to checking credentials against other institutions' auth configurations. If this is done, should there be some buttons on admin/users/edit.php to allow reordering of institution memberships (Up and down arrows, Ajax)? "What happens when your auth instance is tied to an expired institution?" This implies we should check expiry on page load as well as during the login() function (in auth_setup() or a callee). The behaviour should be consistent with logging in, so if another auth configuration would allow the user access, their session should continue unaffected (assuming we do want to fall back to other authentication options). "If you can still login, what happens to the content that's tied to an expired institution you are a member of?" Access checks pretend you're not a member of that institution? That way if you're in Institution A and Institution B and the page is available to both when Institution A is suspended, your Institution B privileges become the only ones applied. "- Pending registrations" Cancelled. "- User requests" That's requests for joining groups? I think I need more detail on the issue here. "- Configurable theme" If authentication is falling back to another institution, that institution's theming should be used. A message should perhaps be displayed indicating why the theming has changed, at least for the first few times they log in. Perhaps theming in the Institution settings at admin/users/edit.php should also indicate expiry (add an 'expired' class to the form?) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/903534 Title: Users can still login even if their only institution has expired Status in Mahara ePortfolio: In Progress Bug description: Institutions can have an expiry date. However, users who are only members of that institution can still login after the institution has expired. This is not easy to fix. There are lots of things to consider: - what happens when you are a member of more than one institution? - what happens when your auth instance is tied to an expired institution? - if you can still login, what happens to the content that's tied to an expired institution you are a member of? To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/903534/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp