Contrib.social

Allow roles to avoid update

Open on Drupal.org →
Created on 4 January 2024, over 1 year ago

It would be useful if it was possible to exempt roles from having their usernames updated. (I know this can be done with PHP, but that introduces security issues that we would like to avoid. This is also a common enough request that it would be nice to have as a stand-alone feature.)

Feature request
Status

Needs review

Version

1.0

Component

Code

Created by

🇨🇦Canada Liam Morland Ontario, CA 🇨🇦

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Liam Morland
  • Issue was unassigned.
  • Status changed to Needs review over 1 year ago
  • Comment over 1 year ago
    🇨🇦Canada Liam Morland Ontario, CA 🇨🇦

    This patch creates permission bypass auto_username. Anyone with this permission does not have their username changed.

    An issue with this is that it means the administrator user is unavoidably exempted. Potential solutions:

    • A config variable that skips the permission check for admins.
    • Instead of a permission, have a config variable that stores which roles should be exempted.
  • Comment over 1 year ago
    🇨🇦Canada Liam Morland Ontario, CA 🇨🇦

    Another way of managing this would be to create a hook which gets invoked in auto_username_user_insert(). Modules could implement this hook to change what the username gets updated to or to cancel having it get updated. This would give lots of flexibility to developers.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024