Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
(Creating a placeholder issue for myself basically..)
It would be great to be able to invite people who are not yet site members to a group; for obvious reasons..
Some issues to consider:
- The site registration settings (if registration is not available, then this is pointless)
- Should any group member be able to do this?
- How do we handle the jumping between site registration and joining the group (especially if email verification or admin approval is required for site registration..)
Comment | File | Size | Author |
---|---|---|---|
#75 | og_invite_link-populate-sendto-1097578-75.patch | 610 bytes | srees |
#46 | 1097578-invite-anonymous-e.patch | 15.37 KB | mstef |
#39 | 1097578-invite-anonymous-d.patch | 14.84 KB | mstef |
#38 | 1097578-invite-anonymous-c.patch | 15.01 KB | mstef |
#22 | 1097578-invite-anonymous-b.patch | 12.09 KB | ezra-g |
Comments
Comment #1
mstef CreditAttribution: mstef commentedMarking as postponed for after the 1.0 release.
Comment #2
vasi1186 CreditAttribution: vasi1186 commentedThe default use case would be this:
1. Then admin enters one or more emails of non-registered users.
2. The users get the mails with the invite links in them.
3. They access the link and are redirected first to the registration page.
4. After they register, they are subscribed to the group.
When a non-registered member is invited, a row is also created in the invite table, with uid=0. When the link is accessed and the account is created, based on the token, the uid can be changed to store the uid of the newly created user. (The token can be stored as a value field in the registration form).
Now, possible issues that may appear:
1. The registration not available.
Proposed solution: The admin will not be able to invite non-registered members (the check can be made in the form validation function).
2. Should any group member be able to do this?
Proposed solution: I would say yes...
3. What happens if admin approval or email verification is required for registration?
Proposed solution: when the user is created, as I mentioned above, the uid of the row in the invite table that corresponds to the token is updated. We can then introduce a new field in the invite table, some sort of status field. The values can be for example: 0 (invitation not accessed), 1(invitation accessed and the user subscribed), 2 (invitation accessed, but the user not yet subscribed). Then, in the hook_init() we can check if the current user has entries with status = 2 in the invite table. The disadvantage here is that we use hook_init() every time to query the table. Another solution could be to just subscribe the user to the group, even if the email was not yet verified, but in this case we may have groups with members that will never verify their accounts...
4. Check any issues that may appear with some external authentication modules (like fbconnect).
Comment #3
jaxpax CreditAttribution: jaxpax commentedWhen will this be implemented?
Comment #4
vasi1186 CreditAttribution: vasi1186 commentedHi jaxpax,
I plan to implement this in maximum 3-4 weeks from now (but I hope to be sooner.)
Comment #5
jaxpax CreditAttribution: jaxpax commentedSounds great, looking forward to it! Thanks for your quick reply.
Regards
Comment #6
lightsurge CreditAttribution: lightsurge commentedIs this going to obey the general rules of this module so that if a group has moderated access, and a non-group-admin user invites a new user to sign up to a site, on successful registration, membership of a group is automatically requested but not pre-approved. Unless invited by the group admin in which case they are automatically subscribed?
If so sounds great! For my use case, as part of Drupal Commons, this is one of the only features that Open Atrium does better for me with the U Create module, by allowing group admins to do some of their own user management. Especially as I don't really want group admins to create users, better if they just invite registration.
What will happen if a user enters the email address of a user who is already a member?
Comment #7
vasi1186 CreditAttribution: vasi1186 commentedFor the first issue, if the group has moderated access and the invitation has been made by a non-admin member, then the membership will not be automatically approved, just requested.
For the second, if there is already a member with that mail, no new user is created, but the invitation is sent to the existing user, so it is like entering an username.
Comment #8
Fidelix CreditAttribution: Fidelix commentedSubscribing...
Comment #9
james.williams CreditAttribution: james.williams commentedI actually developed a version of this for a site we are making in Drupal 7, with functionality to invite non-members, based upon OG Invite Link -- see http://drupal.org/node/1129198#comment-4777836
Comment #10
jaxpax CreditAttribution: jaxpax commentedGreat james.williams. I will have a look at that. Thanks for your generous contribution.
-Patrik
Comment #11
tiim_b CreditAttribution: tiim_b commentedHi vasi1186, is there any news on your progress? I am really looking forward to this functionality.
Tim
Comment #12
vasi1186 CreditAttribution: vasi1186 commentedHi,
I will try to find some time in the near future to release a next stable version, but right now I am quite busy with some projects and do not have too much time. But I hope that in a few weeks to have the next version released. Sorry for the delay, it's just that the time seems to be my worst enemy at the moment :)
Best,
Vasi.
Comment #13
medden CreditAttribution: medden commentedsubscribing
Comment #14
jmonma CreditAttribution: jmonma commentedsubscribing. also waiting on pins and needles for this fabulous feature!
Comment #15
ezra-g CreditAttribution: ezra-g commentedI'm looking into this.
Comment #16
lightsurge CreditAttribution: lightsurge commentedThat's good to hear... will this be for a next major release of Commons or sooner?
Comment #17
ezra-g CreditAttribution: ezra-g commentedHere's an initial patch to make this feature possible. Note, this depends on #1267964: Coding standards formatting.
It provides a site-wide setting that lets admins specify whether to allow people who do not have accounts to be invited using their email address. It also allows the person sending invites to specify either username or email address for registered users.
@lightsurge - You can help this get into og_invite_link and Commons sooner by testing the patch :).
Comment #18
meba CreditAttribution: meba commentedog_invite_link_update_6201 - comment missing for this function?
am I too paranoid to say this is too weak? hash_hmac for the win? return md5(md5($invitation->invite_key) . md5($invitation->group_nid . '-' . $invitation->mail . '-' . $invitation->timestamp));
Otherwise looks good.
Comment #19
lightsurge CreditAttribution: lightsurge commentedThis doesn't work for me on Commons 2.0.
The og_invite token doesn't get populated in the link that's sent out, it just ends with the '='.
Comment #20
ezra-g CreditAttribution: ezra-g commentedYou need to run update.php after applying this patch.
Comment #21
lightsurge CreditAttribution: lightsurge commentedThanks for that.
Was going round in circles trying to see a problem with your code, but at least, in terms of my limited skills, I can say it all looks good ;-) All is well now, will see if it turns up any problems as I test.
Comment #22
ezra-g CreditAttribution: ezra-g commentedHere's a revised version of this patch: Changes from #17:
- Update function comment added per meba
- A setting is added for "Allow user registration with a valid invite even when site-wide user registration is disabled" that allows registering users to access user/register even when site-wide user registration is disabled as long as they have a valid invitation link and email address combination
- The email address of anonymous users is used in the "An invite has been sent to" text, instead of just saying "Anonymous."
Comment #23
lightsurge CreditAttribution: lightsurge commentedPerhaps I'm taking this too far, but could this module do with checking access rules (for email address allow/deny) before sending out an invite. Otherwise it appears to the user that the invite is successful, when in fact it will fail.
Comment #24
ezra-g CreditAttribution: ezra-g commented@lightsurge Could you elaborate on the access checking feature you're talking about? I'm not sure I follow.
Comment #25
lightsurge CreditAttribution: lightsurge commentedI mean core access rules http://drupal.org/node/107557
If a user were at the registration screen, using an email address fitting a deny mask like "%@drupal.org", they would be prevented from registering. It would seem to make sense not to send out an invite that the invitee will not be able to take advantage of, as well as not reporting to the inviter that the process was a success.
Having said that, I don't know if any invite modules make this check, it just seems to make sense that they should.
Comment #26
lightsurge CreditAttribution: lightsurge commentedIf you agree, something like this is probably what's needed somewhere:
http://api.drupal.org/api/drupal/modules--user--user.admin.inc/function/...
Comment #27
mstef CreditAttribution: mstef commentedWhat's the workflow/arch for implementing this?
Comment #28
lightsurge CreditAttribution: lightsurge commentedEasiest way of solving this is to change:
to:
and:
to:
But maybe this is too inelegant. I did think however that the reasons a non-member could not be added shouldn't be too descriptive (i.e. this user is banned), because this will be a tool for group admins.
Perhaps extending the 'invites failed' string with "These invites may have failed due to email policies in force, non-existent usernames, or typing errors in the email address or username. Please contact a site administrator with any queries." would be a good thing.
Comment #29
ymmatt CreditAttribution: ymmatt commentedTesting the patch from #22 found these errors so far:
When sending the invitation:
warning: Missing argument 2 for variable_get(), called in /home/client/drupal6/sites/all/modules/og_invite_link/og_invite_link.module on line 398 and defined in /home/client/drupal6/includes/bootstrap.inc on line 583.
Same error when clicking the link and creating the account:
warning: Missing argument 2 for variable_get(), called in /home/client/drupal6/sites/all/modules/og_invite_link/og_invite_link.module on line 61 and defined in /home/client/drupal6/includes/bootstrap.inc on line 583.
Seems like the call to variable_get is just missing its default definition. I added ", FALSE" after the variable name and all was good.
My line 61:
My line 398:
Comment #30
lightsurge CreditAttribution: lightsurge commentedI had the same error, cheers @ymmatt
I had a few invites sent out today with badly formatted email addresses (i.e. user.domain.com), we probably ought to be checking for this as well as whether an email address is banned.
Comment #31
lightsurge CreditAttribution: lightsurge commentedso maybe:
Comment #32
lightsurge CreditAttribution: lightsurge commentedThe invites don't work for a group marked a 'private group'.
I actually don't know what a private group is though apart from not appearing in the group directory.
Comment #33
lightsurge CreditAttribution: lightsurge commentedAnother issue, the @sent-to token for the 'Group admin invite notification subject:' notification doesn't get filled in.
Comment #34
jason.fisher CreditAttribution: jason.fisher commentedTesting in pre-production ..
Comment #35
mstef CreditAttribution: mstef commentedI'm working on this patch now, and will it to finished and committed today.
I've already fixed the issue with the variable_get()'s missing arguments. I tweaked a few small things.
Running some testing, and found a few issues I'm working out now.
Comment #36
mstef CreditAttribution: mstef commentedFixed #32
Comment #37
mstef CreditAttribution: mstef commentedAdded check for access rules against email addresses. Amended the "invalid" message to explain invalid emails, as well. Looking good..
Comment #38
mstef CreditAttribution: mstef commentedTake this for a ride
Fixed/changes:
- Added missing 2nd parameter in variable_gets()
- Use hook_form_FORM_ID_alter instead of hook_form_alter(), for the register form
- Changed the query used on the registration form for fetching subscriptions. It was not returning invitations for groups that are private. I changed that to not return invitations for groups that are closed, which I'm thinking now should be an OR statement: not closed OR invitations is not moderated (I'll change that for the next patch).
- Reworked the workflow in og_invite_link_invite_users_to_groups() for loading accounts and validating emails to be a little cleaner. Also used drupal_is_denied() to test email addresses against access rules.
- Changed the message for invalid users being invited, to mention that it could be invalid users or email addresses.
I think that's it..
Comment #39
mstef CreditAttribution: mstef commentedEh - use this patch, instead of #38. I forgot to remove some dsm's, and I included that change I said I wanted to.
Comment #40
lightsurge CreditAttribution: lightsurge commentedBit confused about the invite-only / closed groups.
With invite-only/moderated:
So if a non-admin sends out an invite, does the invitee accepting the invite go into the admin's 'request for access' queue?
If an admin sends out invite, invitee is automatically accepted?
With closed:
Only admins can send out invites, but invitees responding are automatically accepted?
Think I'm mostly still confused because of #1271454: Limit sending ability to group admins only
Comment #41
lightsurge CreditAttribution: lightsurge commentedGreat job btw!
Comment #42
mstef CreditAttribution: mstef commented@lightsurge: check the bottom of the project page that explains each group type. let me know if you still have questions.
Thanks.
Comment #43
lightsurge CreditAttribution: lightsurge commentedAhhh... has that always been there?! I've been trying to reverse engineer the whole philosophy... lol
Comment #44
mstef CreditAttribution: mstef commentedHaha yes. I knew it'd prove to be helpful. The confusion between that inside OG was one of the reasons why this module was created.
Have you tried the latest patch?
Comment #45
lightsurge CreditAttribution: lightsurge commentedNot yet, was mulling over whether or not to keep Ezra's changes in #1271454: Limit sending ability to group admins only and ran out of time today, but now I understand the og_invite_link group types I don't think I need to.
Although, the setting to allow inviting of non-users to sites that don't normally accept new users might have some usefulness to some. (Edit: Sorry that was part of this patch, so all's good).
Comment #46
mstef CreditAttribution: mstef commentedUpdated patch.
Before, if you entered the same email more than once on the invite form, it only said it was sent once, but it was actually sending for each occurrence.
Comment #47
mstef CreditAttribution: mstef commentedI went ahead and committed this. All looks good. Big thanks for everyone's contributions. Feel free to reopen and continue with this if we want changes.
Comment #48
mstef CreditAttribution: mstef commentedOops..wrong status.
Comment #49
mstef CreditAttribution: mstef commentedAny reason why the update hook is 6201 and not 6100?
Comment #50
konrad1811 CreditAttribution: konrad1811 commentedSorry I dont' know where to paste the patch??
Anonymous users is just greate to invite!
My case is Facebook connecte - users dont have to register!!! XD
So I'd like to invite them directly to a group :)
I'd also like any member to be allowed to invite, or maybe better to be able to set permissions.
Comment #51
lightsurge CreditAttribution: lightsurge commentedThis has been committed to the dev release on the project page.
Comment #52
konrad1811 CreditAttribution: konrad1811 commentedThank
You mean commited is already implemented in current dev version ? :]
Comment #53
lightsurge CreditAttribution: lightsurge commentedYes
Comment #54
mstef CreditAttribution: mstef commentedPlease test and report any bugs in new issue(s). Thanks.
Comment #55
konrad1811 CreditAttribution: konrad1811 commentedsure I will test ;]
do you think it is possibly safe for production site?
Comment #56
mstef CreditAttribution: mstef commentedwell, that's what testing is for.
Comment #57
lightsurge CreditAttribution: lightsurge commentedUsing this and all seem's fine.
Just one small thing, the invalid text doesn't appear (Second Edit: the invalid text does appear, I was looking in the wrong place - like on the registration screen - time to sleep I think).
Edit: thought this might be down to a typo of invitation ($invitiation_result) but I see you're declaring that.
Comment #58
mstef CreditAttribution: mstef commentedGood catch - committed that change. Thanks.
Comment #59
lightsurge CreditAttribution: lightsurge commentedAnother smallish problem with this.
When a non-admin member of an Open group sends out an invitation, the process is treated as with a moderated/invite-only group - the invitee gets the message that their request is awaiting approval, and the group administrator has to approve access.
I know this is true for inviting non-members, not sure about members.
Comment #60
mstef CreditAttribution: mstef commentedIs the problem with the message that is sent, or the action that takes place? If you feel this is a bug, please open a new issue with details.
Thanks
Comment #61
konrad1811 CreditAttribution: konrad1811 commentedseems to be fine :)
Comment #62
konrad1811 CreditAttribution: konrad1811 commentedOk I did some more testing
When inviting a new user (not registered) using his e-mail he gets a link in his invitation:
mysite.com/user/register?mail=hisemail@gmail.com&og-invite-token=1ee38022a97f3122913f52dfb607e51e
He goes to register BUT he only registers to site, not to a group, and after all he is not in a group from which he got invitation :/
But after registering, when he gets invitation again, he gets this link in invitation:
mysite.com/group/20/join/8/32b55405af0dd178fc3e92d34c6c27a7
This time he clicks and becomes a group member.
Summary:
Invitation works in 2 steps, which is not really user friendly as we suppose it is possible in 1 step only.
Requested behavior is to get that working in one e-mail only (invitation to both site and group approved during registration without the need of additional e-mail)...
Comment #63
mstef CreditAttribution: mstef commentedWhen you visit the site registration page for the first time, after following the link in the email, there should be a fieldset with checkboxes for each group you've been invited to. Are you not seeing that?
Comment #64
konrad1811 CreditAttribution: konrad1811 commentedYou are right - if user is registering (first time visit) it's just fine :)
However if a user has invite link, but he's also logged in via Facebook connect [not have to work out a new login and pass - USER FRIENDLY] he does not get the option to join the group.
This may work with facebook connect only if a user has prevously visited your site, and you invite him using the e-mail address he has on Facebook [and the e-mail address is saved in Drupal database.
If he is connected via Facebook but You use other e-mail to invite him - won't work.
If he didn't yet connected via Facebook - won't work.
Right now - it's fine. But would be great to have max user friendly ways of getting users, and would be greate to get this to work with FB connect [Drupal for Facebook].
Regards
Comment #66
markconroy CreditAttribution: markconroy commentedI keep getting this message when trying to send an email to people who are not site users:
The following invitees are either not users, or are invalid email addresses: you@example.com
[even though I have a real email address used]Using Drupal Commons 2.2 (with og_invite_link 1.0xDev
Comment #67
nnotario CreditAttribution: nnotario commentedMark C probably your problem is that you have to set the "og_invite_link_invite_unregistered" variable to 1
drush @nivariakm.pre vset og_invite_link_invite_unregistered 1
Comment #68
markconroy CreditAttribution: markconroy commentedIt'd be great if it was that simple. What would I need to do if not using Drush to set the "og_invite_link_invite_unregistered" to the correct number? Also, what is the correct number? 0?
In my og_invite_link.admin.inc it says:
and og_invite_link.module has this (amongst other references to "og_invite_link_invite_unregistered"):
Thanks for the reply.
Comment #69
vasi1186 CreditAttribution: vasi1186 commentedYou can also set it in the settings.php file. At the end of the file you can add this:
Comment #70
markconroy CreditAttribution: markconroy commentedThanks. I'll give that a shot. Really appreciate all the help, folks.
Comment #71
jandekezel CreditAttribution: jandekezel commentedSorry for making this active again; overrule me if not appropriate.
I still get issue with empty token (token=). I have installed the latest version of 6.x-1.X, dating from Oct 15. I assume the patch mentioned here was already incorporated?
I have to add that my groups are private and moderated, but I still want users to be able to invite non-members. The registration-page does appear, but once registered or for already members, the message 'access denied' appears, no surprise since the token is missing.
Any known conflicts with other modules? I use commons 6.X-2.3.
Comment #72
jandekezel CreditAttribution: jandekezel commentedThe issue of sending out invitations without token is fixed. Nor sure how, maybe through running cron
Comment #73
dmenefee CreditAttribution: dmenefee commentedI'm sorry to re-open this, but it appears that the concern raised in #33 was not addressed. In the latest code for D6, the $sent_to variable in og_invite_link_mail() is populated by user_load(); if the uid is 0, the resultant displayed name in the email is blank. If the D6 version is still open for patches, please let me know and I'll submit one.
Comment #74
srees CreditAttribution: srees commentedConfirm #73, we also are not getting $sent_to populated when inviting someone by their email address instead of username. Latest version.
Comment #75
srees CreditAttribution: srees commentedI've attached a patch which uses the 'To' address for the 'sendto' variable if the username is empty.
Comment #76
jvieille CreditAttribution: jvieille commentedThere is a typo in the patch
'@sent-to' => (empty($sent_to->name)?"'".$invitiation->mail."'":$sent_to->name),
should read
'@sent-to' => (empty($sent_to->name)?"'".$invitation->mail."'":$sent_to->name),
Beside that, it is OK for me