Issue #2248969 by tstoeckler: Default the user status field to FALSE.

fa9e2b51 · Alex Pott · aedaf116 · fa9e2b51 · fa9e2b51 · fa9e2b51
Commit fa9e2b51 authored 10 years ago by Alex Pott
--- a/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php
+++ b/core/modules/entity_reference/src/Tests/EntityReferenceAutocompleteTest.php
@@ -140,9 +140,9 @@ protected function getAutocompleteResult($type, $input) {
   */
  public function testBaseField() {
    // Add two users.
-    $user_1 = entity_create('user', array('name' => 'auto1'));
+    $user_1 = entity_create('user', array('name' => 'auto1', 'status' => TRUE));
    $user_1->save();
-    $user_2 = entity_create('user', array('name' => 'auto2'));
+    $user_2 = entity_create('user', array('name' => 'auto2', 'status' => TRUE));
    $user_2->save();
    $request = Request::create('entity_reference/autocomplete/single/user_id/entity_test/entity_test/NULL');

--- a/core/modules/user/src/Entity/User.php
+++ b/core/modules/user/src/Entity/User.php
@@ -504,10 +504,7 @@ public static function baseFieldDefinitions(EntityTypeInterface $entity_type) {
    $fields['status'] = FieldDefinition::create('boolean')
      ->setLabel(t('User status'))
      ->setDescription(t('Whether the user is active or blocked.'))
-      // @todo As the status has access implications users should be created as
+      ->setSetting('default_value', FALSE);
-      //   blocked by default and activated explicitly if needed. See
-      //   https://drupal.org/node/2248969.
-      ->setSetting('default_value', TRUE);
    $fields['created'] = FieldDefinition::create('created')
      ->setLabel(t('Created'))

--- a/core/modules/user/src/RegisterForm.php
+++ b/core/modules/user/src/RegisterForm.php
@@ -29,6 +29,7 @@ public function __construct(EntityManagerInterface $entity_manager, LanguageMana
   */
  public function form(array $form, array &$form_state) {
    $user = $this->currentUser();
+    /** @var \Drupal\user\UserInterface $account */
    $account = $this->entity;
    $admin = $user->hasPermission('administer users');
    // Pass access information to the submit handler. Running an access check
@@ -47,6 +48,14 @@ public function form(array $form, array &$form_state) {
    $form['#attached']['library'][] = 'core/jquery.cookie';
    $form['#attributes']['class'][] = 'user-info-from-cookie';
+    // Because the user status has security implications, users are blocked by
+    // default when created programmatically and need to be actively activated
+    // if needed. When administrators create users from the user interface,
+    // however, we assume that they should be created as activated by default.
+    if ($admin) {
+      $account->activate();
+    }
    // Start with the default user account fields.
    $form = parent::form($form, $form_state, $account);

--- a/core/modules/user/src/Tests/UserCacheTagsTest.php
+++ b/core/modules/user/src/Tests/UserCacheTagsTest.php
@@ -46,6 +46,7 @@ protected function createEntity() {
    // Create a "Llama" user.
    $user = entity_create('user', array(
      'name' => 'Llama',
+      'status' => TRUE,
    ));
    $user->save();

--- a/core/modules/user/user.install
+++ b/core/modules/user/user.install
@@ -84,6 +84,7 @@ function user_install() {
      'uid' => 1,
      'name' => 'placeholder-for-uid-1',
      'mail' => 'placeholder-for-uid-1',
+      'status' => TRUE,
      'langcode' => $langcode,
    ))
    ->save();