this post was submitted on 08 Jun 2023
469 points (100.0% liked)
Technology
37734 readers
343 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Likely need to define some basic rbac controls. They signed up, sure, but don’t receive a “user” role until after approval. Then in the home page, when signed in with no roles assigned, they get a banner saying they’re still pending approval and will not be able to post or comment.
The major concern will be retroactively applying user roles to the existing users.
I'm a fan of this approach. That way, we can return a 200/201 on subsequent registrations for the case where an attacker would query if a user name already exists on an instance. If rejected, remove the account. If accepted, add the user role.