Forum .LRN Q&A: new user creation

Collapse
Posted by Janine Ohmer on
I did a fresh install of OpenACS and dotLRN today and it did something
it has never done before.

After installing I went into /dotlrn/admin, and found that there was a
pending user.  This has never been the case before.  It turned out the
pending user was me - the system had created me as a limited user but
with site-wide-admin privs, a rather odd concept IMHO.

I couldn't figure out how to get the user out of pending mode so I
finally decided to make a new user with the same e-mail address, fully
expecting it to barf.  But instead my new user was created and the
pending one disappeared.

This behavior seemed rather unexpected to me.  Is it intentional?

Collapse
Posted by Caroline Meeks on
Hi Janine,

I was tweeking the UI on the user admin pages today. I don't know exactly how your behavior occured but I did fix a bug where if a user was in state "requires approval" they were counted in the dotlrn/admin/users pending count but didn't show up in the list of users.

Modify users-chunck-small(etc) select_non_dotlrn_users and remove:

    and membership_rels.member_state = 'approved'

The bigger concept here is that a person can be a registered user of the system without being a dotLRN user.  But to actually do anything at all with dotLRN as it is at this moment you must be both.
Someday, this difference will be usefull but right now the UI is a bit difficult.

I am trying to make it easier for Sloan by adding a one-click approve and add to dotLRN.

Collapse
Posted by Don Baccus on
I exported fresh copies of the OpenACS 4 tip and dotlrn-core tip late yesterday (Saturday the 19th) and didn't see this when I did a fresh install.

So, Janine, whatever caused it seems to be gone ...

Unless I'm just lucky and you're unlucky!

Collapse
Posted by Janine Ohmer on
I think I just figured out what created the pending user - I visited /dotlrn before creating my dotlrn user, and that did it.  This would be ok if I could figure out how to approve the user, but I don't see a way to do it!
Collapse
Posted by Jim Lynch on
I ran into this too...

say you take the following steps... (Note: DUE CAUTION. Don't do this on a non-experimental server!! READ FIRST. OK, warning over :)

Actually, don't -do- this; I just meant it as a scenario; follow in your mind, recalling how you installed your dotlrn.

  • drop the database for your service
  • create a new one of the same name
  • go thru all the steps to install openacs, including:
    • visit the new site url, which offers to install the kernel
    • push the "install kernel" button; it then does so
    • it then offers to install the core packages; push that button too; when it's done, there will be a Next button at the bottom; push it, then
    • create the initial user, which is the site's first and (so far) only admin
    • restart the server
  • when it comes back, log in as the user you just created
  • go to the package manager, install all remaining packages
  • restart the server (this restart may be unnecessary; not sure)
  • create mount points for dotlrn, notifications, attachments
  • create the new applications for the above mount points
  • restart the server
  • log in as the admin user
At this point, you have dotlrn installed, and you're logged in as the admin user, assuming things went as in the above outline.

If you visit dotlrn now, you will generate a "request-for-admin_user-to-approve(admin_user)". In english: you, who are the site-wide admin, visited /dotlrn, which is so tightly controlled it won't even let you in, until you let you in.

Hence, you get the "Pending(1)" under /dotlrn/admin/users, and everything else (0), and when you go to the link, you will find it is you yourself, and can open the door for yourself.

Once you do, then your admin user is now also a dotlrn user, which (s)he wasn't before.

That's how it works...

I'm wondering if it'd be possible for the security to be loosened to "open" dotlrn join policy, by way of an appropriate UI?

Collapse
Posted by Janine Ohmer on
Hence, you get the "Pending(1)" under /dotlrn/admin/users, and everything else (0), and when you go to the link, you will find it is you yourself, and can open the door for yourself.

Maybe I'm just being dense but I could not figure out how to do this. It would actually be sort of a useful feature if there was an obvious way to approve pending users, especially if large groups of them could be approved at once. But if there is one, I haven't found it. The only way I've been able to activate these users is to recreate them (which is a little odd in itself - if there's already a pending user, shouldn't the second attempt fail?).

Collapse
Posted by Peter Marklund on
Janine,
it's not you being dense, rather it's a usability shortcoming of the UI. I couldn't figure out how to approve a pending user either before a colleague pointed out to me that you have to click the link labeled "Add this user to dotLRN" on the community/student page of that user.
Collapse
Posted by Arjun Sanyal on
I agree that this part of the UI is non-intuitive, so we are taking a look at the users section of the admin UI over the next couple of days. We appreciate the feedback!
We hope to have some improvements by next week.
Collapse
Posted by Jim Lynch on
Arjun,

What if you were to bring back the idea of "new stuff"?

When someone asks for "new stuff", gets a page with links to everything new out of the things he subscribed to.

For the admin of some particular service, this would mean showing him/her everything relevent to that service (s)he hasn't seen before.

If the admin deals with more than one service, new stuff shows a single page that combines (catenates, not links to) all the things they're responsible for.

For pending users in particular, howbout a list view of all the pending users with a checkbox by their name, checking all you'd want to add then hit the button, all selected get added.

Collapse
Posted by Michael Olan on
OK, I just did the "Add this user to dotLRN" link for myself as admin. Now I can't even log in. The system says:
Security Violation


You don't have permission to portal_read_portal . 
This incident has been logged. 
Collapse
Posted by Michael Olan on
What the hey? After waiting awhile, tried to log in again, and was successful. But attempting to enter My Workspace gave the security violation again. Clicking around the site a few times and then going back to My Workspace allowed me in. Guess I'm back in business, but rather strange events preceded getting there.
Collapse
Posted by Michael Olan on
Grrrrrrr... sorry but the security violation still occurs on My Space, and all links to /dotlrn
Collapse
Posted by Arjun Sanyal on
Michael: something odd is going on. i would re-install from scratch.
Collapse
Posted by Raad Al-Rawi on
With respect to the 'Security Violation' message that Michael is getting, I think the problem is linked to the Admin user that is first created when dotLRN is installed. I get the same problem, but I added another user, gave them administrator privileges, made them a dotLRN member and that user works perfectly - I can administer both OpenACS and dotLRN.