aicam opened a new pull request, #5572:
URL: https://github.com/apache/texera/pull/5572
## Problem
A freshly-registered user is `INACTIVE` until an admin approves them, so
they cannot reach the `@RolesAllowed("REGULAR", "ADMIN")` config endpoints. The
frontend reads the `inviteOnly` flag at exactly that point (right after
registration) to decide whether to show the registration-request form — which
collects the user's affiliation/reason and triggers the admin notification
email.
#5305 moved `/config/user-system` from `@PermitAll` to
`@RolesAllowed("REGULAR", "ADMIN")`. As a result, an INACTIVE user's request
for `inviteOnly` returns 403, the flag is left undefined on the frontend, and:
- the registration-request form never appears, and
- no admin notification email is sent.
So in invite-only deployments, new sign-ups are silently dropped.
## Fix
Restore `@PermitAll` on `/config/user-system`. The endpoint only exposes the
boolean `inviteOnly` flag, which is non-sensitive and is specifically needed
*before* activation.
## Testing
Verified on an invite-only deployment: a fresh registration now receives
`inviteOnly: true` while INACTIVE, the registration-request form appears, and
the admin notification email is sent.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
