Account registration with signup policy acceptance #16

New Issue

2026-06-05T18:16:53Z

thatguygriff commented

2026-06-05 18:16:53 +00:00

Let people register for an account, accepting any signup-scoped policies at that time. Prerequisite for students to self-serve booking.

Decisions (confirmed with owner)

Per-policy acceptance scope — extend us_policies with acceptance_scope: signup / booking / both. Signup-scoped (and both) policies must be accepted when the account is created; booking-scoped (and both) remain enforced at booking (existing gate, #6).
Invite-only for now, but build a settings seam (us_registration_mode: invite | self_approval) so it can later switch to open self-registration with studio-admin approval.
Standalone registration page via a new [us_student_register] shortcode (alongside [us_student_login]).

Scope

Policy model extension (Policy domain): add acceptance_scope column; add account to PolicyAcceptance registration types (registration_id = WP user ID). Signup gate requires acceptance of every signup/both published policy.
Invites (Auth domain): us_invites table (email, token hash, role, status pending/accepted/revoked, invited_by, accepted_user_id, timestamps). Studio-admin Invites admin page to create/list/revoke invites; generates a tokenised registration link.
Registration page: [us_student_register] — validates the invite token, pre-fills email, collects name + password, renders and requires the signup-scoped published policies, creates the us_student account, records acceptances (account type), marks the invite accepted, logs the user in.
Capability: gate invite management on a studio-admin cap (proposed manage_students, added to STUDIO_ADMIN_CAPS so administrators get it via the existing user_has_cap filter).
Future (not in this issue): self_approval mode — public registration creating a pending-approval account that a studio admin activates.

Implementation sketch

Auth/Invite, Auth/InviteRepository, Auth/RegistrationController (admin invites page), Auth/RegistrationPage (front-end shortcode)
Extend Policy/Policy + PolicyRepository with acceptance_scope; PolicyAcceptance::REG_ACCOUNT
Schema: us_invites; alter us_policies
docs/features/account-registration.md (write first, per the Adding a Feature workflow); update docs/features/policies.md

Acceptance

Studio admin can invite a student; the invitee completes registration, must accept all signup-scoped policies, and lands logged in as us_student.
Acceptances recorded with account type against the new user ID.
composer test, cs, PHPStan level 6 green.

Depends on #6 (Policies). Slots after Availability (#2) and before Lesson booking (#3).

Let people register for an account, accepting any signup-scoped policies at that time. Prerequisite for students to self-serve booking. ## Decisions (confirmed with owner) - **Per-policy acceptance scope** — extend `us_policies` with `acceptance_scope`: `signup` / `booking` / `both`. Signup-scoped (and `both`) policies must be accepted when the account is created; booking-scoped (and `both`) remain enforced at booking (existing gate, #6). - **Invite-only for now**, but build a settings seam (`us_registration_mode`: `invite` | `self_approval`) so it can later switch to open self-registration with studio-admin approval. - **Standalone registration page** via a new `[us_student_register]` shortcode (alongside `[us_student_login]`). ## Scope - **Policy model extension** (Policy domain): add `acceptance_scope` column; add `account` to `PolicyAcceptance` registration types (registration_id = WP user ID). Signup gate requires acceptance of every `signup`/`both` published policy. - **Invites** (Auth domain): `us_invites` table (email, token hash, role, status pending/accepted/revoked, invited_by, accepted_user_id, timestamps). Studio-admin **Invites** admin page to create/list/revoke invites; generates a tokenised registration link. - **Registration page**: `[us_student_register]` — validates the invite token, pre-fills email, collects name + password, renders and requires the signup-scoped published policies, creates the `us_student` account, records acceptances (`account` type), marks the invite accepted, logs the user in. - **Capability**: gate invite management on a studio-admin cap (proposed `manage_students`, added to `STUDIO_ADMIN_CAPS` so administrators get it via the existing `user_has_cap` filter). - **Future (not in this issue)**: `self_approval` mode — public registration creating a pending-approval account that a studio admin activates. ## Implementation sketch - `Auth/Invite`, `Auth/InviteRepository`, `Auth/RegistrationController` (admin invites page), `Auth/RegistrationPage` (front-end shortcode) - Extend `Policy/Policy` + `PolicyRepository` with `acceptance_scope`; `PolicyAcceptance::REG_ACCOUNT` - Schema: `us_invites`; alter `us_policies` - `docs/features/account-registration.md` (write first, per the Adding a Feature workflow); update `docs/features/policies.md` ## Acceptance - Studio admin can invite a student; the invitee completes registration, must accept all signup-scoped policies, and lands logged in as `us_student`. - Acceptances recorded with `account` type against the new user ID. - `composer test`, `cs`, PHPStan level 6 green. Depends on #6 (Policies). Slots after Availability (#2) and before Lesson booking (#3).

thatguygriff added the feature label 2026-06-05 18:16:53 +00:00

thatguygriff referenced this issue from a commit

2026-06-05 19:39:42 +00:00

Add account registration with signup policy acceptance

thatguygriff referenced this issue

2026-06-05 19:48:19 +00:00

Add account registration with signup policy acceptance #18

thatguygriff referenced this issue

2026-06-07 13:25:09 +00:00

Invite links: page selector + auto-redirect for stray tokens #19

thatguygriff closed this issue

2026-06-08 19:05:27 +00:00