Thanks to @Nirajn2311 for the suggestion to allow any authenticated user to tell the api that they've "accepted the invitation". I had considered extending the api/auth/auth0/callback endpoint, but this approach is nicer. It's less likely to break when the users-permissions plugin is updated and it keeps the logic separated.
Once this is in, we'll need to:
[ ] Disable registrations in general
[ ] Only allow Editors to create users (including setting the status to "new", for example)
[ ] Re-implement the users page, making use of the status to differentiate between active and invited users
We can probably filter out new users, since they'll only have that status after they've been created, but before they've been invited. i.e. a few milliseconds.
@sidemt I hijacked user.status for the invitation flow, but if this interferes with your plans for that, just let me know and I'll come up with another approach.
This is another followup PR (to https://github.com/freeCodeCamp/publish/pull/343) and only the last two commits are new.
Thanks to @Nirajn2311 for the suggestion to allow any authenticated user to tell the api that they've "accepted the invitation". I had considered extending the
api/auth/auth0/callback
endpoint, but this approach is nicer. It's less likely to break when theusers-permissions
plugin is updated and it keeps the logic separated.Once this is in, we'll need to:
status
to differentiate between active and invited usersWe can probably filter out
new
users, since they'll only have that status after they've been created, but before they've been invited. i.e. a few milliseconds.@sidemt I hijacked
user.status
for the invitation flow, but if this interferes with your plans for that, just let me know and I'll come up with another approach.