Comments from testing patch set 8 of https://reviews.mahara.org/#/c/8478/ and patch set 10 of https://reviews.mahara.org/#/c/8834 together as the latter one builds on top of the former one:
1. We should not keep the setting "Registration to site only" in the site configuration. This is going to be a high work load for site administrators and put too much burden on them. The usual scenarios for self-registration are on SaaS sites. There the institutions should be shown so that people know which institutions are available. Typically also in that case the site administrator should force "Confirm registration" so that institution admins can decide whether to let people into their institution or deny their request. A site administrator may not know in most cases if a person registering is actually allowed to be added to an institution and thus shouldn't do that without consulting an institution admin. If institutions are set up with external auth methods, they don't need the account self-registration setting as everything will be done internally and thus institution information is not displayed publicly. This setting should be a custom one on the client site that requested it but not be pushed into Mahara core. 2. "Allow account registration": - Help file has wrong heading and will need an update once the functionality has been fixed. - "People can register for this institution using the registration form. If registration is off, non-members cannot request membership of the institution and members cannot leave the institution or delete their user accounts themselves." needs changing as it doesn't quite capture what is needed. - This setting cannot be tied to people wanting to leave an institution or delete accounts. Account deletion is already handled by the setting "Review accounts before self-deletion". We should not tie it to an account registration setting. This setting is required for GDPR as people need to be able to remove their content from a site. By having a review, we give institution admins the possibility to review the deletion before it happens in case certain data will need to be kept before the account is removed. 3. "Allow institution request" doesn't work. Test scenario: 1. I have 2 institutions that both allow institution requests and site setting is to allow multiple institutions. "Allow account registration" is set to "No". 2. Student A is in Institution 1 and goes to /account/institutions.php 3. Student A does not see that he could join Institution B. The institution request does work when "Allow account registration" is set to "Yes", which doesn't resolve the initial request of separating the self-registration from the institution request when an account is already available on the site. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1667522 Title: Separate account registration and institution joining requests Status in Mahara: In Progress Bug description: When you allow registration in an institution, two actions are allowed: 1. New users can register on the site for that institution. 2. Existing users can request membership in the institution. These two actions should be separated as they are two very different actions. While an institution may allow the registration of new accounts, they may not allow the switching of institutions by simply contacting another institution. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1667522/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp