Issue #2248969 by tstoeckler: Default the user status field to FALSE.

2014-06-08 19:07:03 -05:00 · 2014-06-08 19:07:03 -05:00 · fa9e2b51ba
parent aedaf11664
commit fa9e2b51ba
5 changed files with 14 additions and 6 deletions
--- a/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php
+++ b/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php
@ -140,9 +140,9 @@ class EntityReferenceAutocompleteTest extends EntityUnitTestBase {
   */
  public function testBaseField() {
    // Add two users.
-    $user_1 = entity_create('user', array('name' => 'auto1'));
+    $user_1 = entity_create('user', array('name' => 'auto1', 'status' => TRUE));
    $user_1->save();
-    $user_2 = entity_create('user', array('name' => 'auto2'));
+    $user_2 = entity_create('user', array('name' => 'auto2', 'status' => TRUE));
    $user_2->save();

    $request = Request::create('entity_reference/autocomplete/single/user_id/entity_test/entity_test/NULL');
--- a/core/modules/user/src/Entity/User.php
+++ b/core/modules/user/src/Entity/User.php
@ -504,10 +504,7 @@ class User extends ContentEntityBase implements UserInterface {
    $fields['status'] = FieldDefinition::create('boolean')
      ->setLabel(t('User status'))
      ->setDescription(t('Whether the user is active or blocked.'))
-      // @todo As the status has access implications users should be created as
-      //   blocked by default and activated explicitly if needed. See
-      //   https://drupal.org/node/2248969.
-      ->setSetting('default_value', TRUE);
+      ->setSetting('default_value', FALSE);

    $fields['created'] = FieldDefinition::create('created')
      ->setLabel(t('Created'))
--- a/core/modules/user/src/RegisterForm.php
+++ b/core/modules/user/src/RegisterForm.php
@ -29,6 +29,7 @@ class RegisterForm extends AccountForm {
   */
  public function form(array $form, array &$form_state) {
    $user = $this->currentUser();
+    /** @var \Drupal\user\UserInterface $account */
    $account = $this->entity;
    $admin = $user->hasPermission('administer users');
    // Pass access information to the submit handler. Running an access check
@ -47,6 +48,14 @@ class RegisterForm extends AccountForm {
    $form['#attached']['library'][] = 'core/jquery.cookie';
    $form['#attributes']['class'][] = 'user-info-from-cookie';

+    // Because the user status has security implications, users are blocked by
+    // default when created programmatically and need to be actively activated
+    // if needed. When administrators create users from the user interface,
+    // however, we assume that they should be created as activated by default.
+    if ($admin) {
+      $account->activate();
+    }
+
    // Start with the default user account fields.
    $form = parent::form($form, $form_state, $account);

--- a/core/modules/user/src/Tests/UserCacheTagsTest.php
+++ b/core/modules/user/src/Tests/UserCacheTagsTest.php
@ -46,6 +46,7 @@ class UserCacheTagsTest extends EntityWithUriCacheTagsTestBase {
    // Create a "Llama" user.
    $user = entity_create('user', array(
      'name' => 'Llama',
+      'status' => TRUE,
    ));
    $user->save();

--- a/core/modules/user/user.install
+++ b/core/modules/user/user.install
@ -84,6 +84,7 @@ function user_install() {
      'uid' => 1,
      'name' => 'placeholder-for-uid-1',
      'mail' => 'placeholder-for-uid-1',
+      'status' => TRUE,
      'langcode' => $langcode,
    ))
    ->save();