Unsupervised/unsupervised-scheduler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add account registration with signup policy acceptance #18

Merged
thatguygriff merged 1 commits from feature/account-registration into main 2026-06-05 19:52:57 +00:00
Conversation 0 Commits 1 Files Changed 25
+957 -21
thatguygriff commented 2026-06-05 19:48:19 +00:00
Owner
Copy Link
Copy Source

Implements #16 — invite-only student self-registration through a front-end page, accepting signup-scoped policies at account creation. Unblocked now that Policies (#6) is merged.

Policy domain extension (the "when to accept" model)

  • us_policies.acceptance_scope (signup / booking / both); Policy::appliesTo(); PolicyRepository::findForScope().
  • PolicyAcceptance::REG_ACCOUNT — account-time acceptance, registration_id = the new user's ID.
  • Scope threaded through PolicyService::createPolicy(), the REST create, the admin controller, and the Policies form (an "Accept at" selector).

Auth — invites + registration

  • Invite value object + InviteRepository; new us_invites table.
  • RegistrationController + Invites admin page (manage_students): invite an email, copy the registration link, revoke.
  • RegistrationPage ([us_student_register] shortcode): validates the invite token, collects name/password, renders signup-scoped published policies with required acceptance, creates the us_student user, records account-type acceptances (with IP), marks the invite accepted, and logs the user in.
  • RoleManager: new manage_students capability in STUDIO_ADMIN_CAPS (administrators inherit it via the existing user_has_cap filter).

Modes

Invite-only is implemented. The us_registration_mode self_approval path (public registration → pending approval) is documented as a future seam.

Notes

  • Front-end POST is nonce-checked in render(); handleSubmit() uses a scoped phpcs:disable NonceVerification with that rationale (phpcs can't trace cross-method).
  • The invite link points the token at home_url() with a note to aim it at whichever page hosts the shortcode (no hard-coded page slug).

Tests

  • tests/Unit/Auth/Invite, InviteRepository; plus Policy scope test updates.
  • composer test (104 tests), composer cs, and PHPStan level 6 all pass.

Refs #16

🤖 Generated with Claude Code

Implements **#16** — invite-only student self-registration through a front-end page, accepting signup-scoped policies at account creation. Unblocked now that Policies (#6) is merged. ## Policy domain extension (the "when to accept" model) - `us_policies.acceptance_scope` (`signup` / `booking` / `both`); `Policy::appliesTo()`; `PolicyRepository::findForScope()`. - `PolicyAcceptance::REG_ACCOUNT` — account-time acceptance, `registration_id` = the new user's ID. - Scope threaded through `PolicyService::createPolicy()`, the REST create, the admin controller, and the **Policies** form (an "Accept at" selector). ## Auth — invites + registration - `Invite` value object + `InviteRepository`; new `us_invites` table. - `RegistrationController` + **Invites** admin page (`manage_students`): invite an email, copy the registration link, revoke. - `RegistrationPage` (`[us_student_register]` shortcode): validates the invite token, collects name/password, renders signup-scoped published policies with required acceptance, creates the `us_student` user, records `account`-type acceptances (with IP), marks the invite accepted, and logs the user in. - `RoleManager`: new `manage_students` capability in `STUDIO_ADMIN_CAPS` (administrators inherit it via the existing `user_has_cap` filter). ## Modes Invite-only is implemented. The `us_registration_mode` `self_approval` path (public registration → pending approval) is documented as a future seam. ## Notes - Front-end POST is nonce-checked in `render()`; `handleSubmit()` uses a scoped `phpcs:disable NonceVerification` with that rationale (phpcs can't trace cross-method). - The invite link points the token at `home_url()` with a note to aim it at whichever page hosts the shortcode (no hard-coded page slug). ## Tests - `tests/Unit/Auth/` — `Invite`, `InviteRepository`; plus Policy scope test updates. - `composer test` (104 tests), `composer cs`, and PHPStan level 6 all pass. Refs #16 🤖 Generated with [Claude Code](https://claude.com/claude-code)
thatguygriff added 1 commit 2026-06-05 19:48:19 +00:00
Add account registration with signup policy acceptance
CI / Tests (PHP 8.1) (pull_request) Successful in 47s
Details
CI / No Debug Code (pull_request) Successful in 2s
Details
CI / Build Plugin Zip (pull_request) Has been skipped
Details
CI / Coding Standards (pull_request) Successful in 52s
Details
CI / PHPStan (pull_request) Successful in 1m1s
Details
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
Details
CI / Tests (PHP 8.3) (pull_request) Successful in 45s
Details
9c900d6553 
Implements #16: invite-only student self-registration through a front-end
page, accepting signup-scoped policies at account creation.

Policy domain:
- us_policies.acceptance_scope (signup/booking/both); Policy::appliesTo();
  PolicyRepository::findForScope(); scope threaded through PolicyService,
  the REST create, the admin controller, and the Policies form.
- PolicyAcceptance::REG_ACCOUNT (registration_id = the new user's ID).

Auth:
- Invite value object + InviteRepository; us_invites table.
- RegistrationController + Invites admin page (manage_students): invite an
  email, share the registration link, revoke.
- RegistrationPage ([us_student_register] shortcode): validates the invite
  token, collects name/password, renders signup-scoped published policies
  with required acceptance, creates the us_student user, records account-type
  acceptances, marks the invite accepted, and logs the user in.
- RoleManager: manage_students cap added to STUDIO_ADMIN_CAPS.

Invite-only is implemented; the us_registration_mode self_approval path is a
documented future seam.

Docs: docs/features/account-registration.md; policies.md updated.
Tests: tests/Unit/Auth/ (Invite, InviteRepository) plus Policy scope
updates. composer test (104), cs, and PHPStan level 6 all pass.

Refs #16

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
thatguygriff merged commit 9b8fa5d698 into main 2026-06-05 19:52:57 +00:00
thatguygriff deleted branch feature/account-registration 2026-06-05 19:52:57 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 enhancement
Extends an existing feature
 feature
New user-facing capability
 payments
Billing, Stripe, receipts, reporting
 security
Security vulnerability or hardening
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
thatguygriff (James Griffin-Allwood)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Unsupervised/unsupervised-scheduler#18
Delete Branch "feature/account-registration"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?