Unapproved User Can Interact With Other Users

Good day @jonimueller

It kind of depends on exactly how they’re managing to trigger the messages. For example, are they still receiving the UI to start a message? Perhaps something more advanced that we had just never considered as a possibility? Many angles here admittedly.

We admittedly can’t guarantee 100% coverage, as other 3rd party plugins or themes may do things in ways that we don’t have covered. So when needed, we take by a case-by-case basis.

If you’re willing, I’d be fine with logging in with a moderated user and see what I can see and try to help offer some solutions.

Hi, thanks for the super fast reply. I am impressed!!! Before I take up any more of your time, I need to check the plugin settings to be sure there isn’t some setting that I’ve missed. Once I’ve done that, I can grant you access to the back end of the sandbox where we are developing this site. But I am not where I can do any of that right now so it will be ab it. But again,thanks so much for your quick reply.

For what it’s worth, our settings are pretty minimal. Internally we try and restrict/hide things as best we can at least with stock/out-of-box setups like BuddyPress core and the Twenty* themes. That said, we also have a “compatibility” file that we add bits that are meant to affect other non-BuddyPress core plugins that extend it. This may be a case for that, but until I can see it in action, hard to verify. Understood on the not letting in quite yet, and wanting to check your own P’s and Q’s first ??

Hello @tw2113

Thank you for your plugin. It’s the best for this purpose. But we can improve it:)
Is it possible to use plugin not as a blacklist, but as a white list functionality?

For example, Allow the users:
Log in
Edit his avatar
Edit his profile fields.

All other functions are as for unregistered visitors until moderator decision (including invisible mode for unmoderated users.)

What do you think?

• This reply was modified 6 years, 6 months ago by wegosi.

I can’t say it can’t be done, but I also can’t say exactly how easily it would be done. I do have to believe there would be some significant rewriting or at least unhooking of our default code. If you or someone else involved is a developer, by all means feel free to fork and create your own version based off of this. I’d be interested in seeing the eventual product.

We have a similar issue where we want to corral the new user and restrict her from interacting with the rest of the members until she has been vetted and approved by an admin.

I found some code that would disable private messaging, walls, and feeds for a custom user type. Once the user is vetted and approved, their status is changed and they can then have access to the entire site.

Could this code be beneficial to your purposes? I can share it if so.

We can definitely give it a look over and go from there. Better than nothing, by all means.

Hi!
This problem is very close to mine.
I really need the option in the settings of the plugin that would enable the mode when user registration without approval would not allow him to log in. So that he could not enter the site as a registered user.
Since I have a lot of information to hide from unregistered users. But now anyone can easily get credentials and login to the site and get access as a registered user even if it isn’t approved.

And Now I think what to do – use the less convenient Eonet Manual User Approve plugin or find another solution.

I added this to the theme’s functions.php file. This creates another custom user role (we call ours “Unapproved Member” but you can call it whatever you want):

‘// Set Unapproved Member as default role before registration and approval
function lois_set_default_role( $user_id ) {
$user = new WP_User( $user_id );
$user->set_role( ‘unapproved_member’ ); // role can be whatever you like
}
add_action( ‘bp_core_signup_user’, ‘lois_set_default_role’ );

// Remove certain tabs from user profile based on member role.
function buddydev_remove_tabs_based_on_member_roles() {
if ( ! bp_is_user() ) {
return;
}

if ( ! $unapproved_member ) {
bp_core_remove_nav_item( ‘friends’ ); //removes the tab friends
bp_core_remove_nav_item( ‘messages’ ); //removes the tab messages
bp_core_remove_nav_item( ‘reviews’ ); //removes the tab reviews
}

}

add_action( ‘bp_setup_nav’, ‘buddydev_remove_tabs_based_on_member_roles’, 1001 );
‘

The theme uses BuddyPress which is somewhat interwoven. Good news is none of the “forbidden” panels on the left appear using this code. HOWEVER, there is a dropdown menu in the upper right of the site/dashboard once the user is logged in, and those “forbidden” areas still appear there. But when you click on them, the page throws out a 404 error. To get around that, we just customized our 404 to explain that user might also see the 404 page pending their approval. A crude workaround but at least it seems to do the job.

Hope this helps someone else.

@morgunovvit

If you use the “Private Network” setting, it will limit the logged in user to just their profile. However the plugin as a whole limits the user when trying to access BuddyPress/bbPress areas only. It would not prevent access from a woocommerce store or the primary blog.

We also have two filters that you can return true or false for, for whether or not an area should be restricted. However they’re only enacted and used when in a private network. The filters are below. Shouldn’t be anything that prevents them from being used for ANY part of the website, if I recall right.

bprwg_bbpress_allowed_areas
bprwg_buddypress_allowed_areas

Definitely one way to handle things there @jonimueller. We also have the bp_registration_get_moderation_status() function available for others to use. Just pass the user ID you want to check for, and the function will return either true or false for if they’re presently moderated, based on the user meta key we set. May be more convenient than messing with user roles.