feat: allow users to change their names #3071
Conversation
| ->requiresConfirmation() | ||
| ->modalDescription("Are you sure you'd like to do this? The username change will go into effect immediately.") | ||
| ->color('success') | ||
| ->icon('heroicon-o-check'), |
There was a problem hiding this comment.
There doesn't seem to be any way to "Disapprove" a request. If the user wants to be something inappropriate, do we just ignore it for 30 days?
There was a problem hiding this comment.
Deleting the request (which is only available through the bulk actions menu) immediately lets the user try a different username, despite the warning they get when requesting one:
There was a problem hiding this comment.
denied_at column added in latest. When a request is denied, the user is put on a 30 day cooldown.
I've removed the bulk action in latest - I suspect bulk approve/deny is undesirable given whoever is doing approvals will need to check if Discord aliases need to be updated.
There was a problem hiding this comment.
Should we also email the user if their request is denied?
There was a problem hiding this comment.
I'm not sure. I see both pros and cons of sending a decline notification.
On one hand, it would be nice to notify them so they know not to submit the same request again.
On the other hand, I'm worried it might foment resentment from the user towards staff, especially given they have to wait potentially weeks to try again.
There was a problem hiding this comment.
They'd have to wait weeks anyway. At least this way they know we aren't just ignoring them.
There was a problem hiding this comment.
Added a decline email in latest.
| @@ -366,6 +366,9 @@ protected function mapWebRoutes(): void | |||
| Route::put('password', [UserSettingsController::class, 'updatePassword'])->name('api.settings.password.update'); | |||
| Route::put('email', [UserSettingsController::class, 'updateEmail'])->name('api.settings.email.update'); | |||
|
|
|||
| Route::post('username-change-request', [UserSettingsController::class, 'storeUsernameChangeRequest']) | |||
| ->name('api.settings.username-change-request.store'); | |||
There was a problem hiding this comment.
Validation errors aren't reported correctly.
There was a problem hiding this comment.
I'm having trouble reproducing this:
I did make one minor change to client-side validation in latest (users cannot request a change to the name they are currently set to). But, even before this change, I was seeing server-side validation messages appear in the toast.
There was a problem hiding this comment.
Try with invalid characters. I think I was using "It's-a-me, Mario" as my display name.
There was a problem hiding this comment.
That worked, thanks.
I've made an update in latest, but it's client-side. I think for these particular requests, it may be best to catch them before they get sent to the server:
There was a problem hiding this comment.
Suggest changing message to match sign up.
vs
There was a problem hiding this comment.
Updated these client-side validation messages in latest.
| default => $query, | ||
| }; | ||
| }) | ||
| ->default('pending'), |
There was a problem hiding this comment.
It seems unlikely, but if a request is not addressed within 30 days, it falls off the default filter and the user is allowed to make new requests. The existing request is still present and can be accessed (and approved/denied) by removing this filter.
To test: update the created_at of a pending request to be more than 30 days ago.
There was a problem hiding this comment.
In latest, the table will only show non-expired rows.
| ->requiresConfirmation() | ||
| ->modalDescription("Are you sure you'd like to do this? The username change will go into effect immediately.") | ||
| ->color('success') | ||
| ->icon('heroicon-o-check'), |
There was a problem hiding this comment.
Should we also email the user if their request is denied?
| @@ -366,6 +366,9 @@ protected function mapWebRoutes(): void | |||
| Route::put('password', [UserSettingsController::class, 'updatePassword'])->name('api.settings.password.update'); | |||
| Route::put('email', [UserSettingsController::class, 'updateEmail'])->name('api.settings.email.update'); | |||
|
|
|||
| Route::post('username-change-request', [UserSettingsController::class, 'storeUsernameChangeRequest']) | |||
| ->name('api.settings.username-change-request.store'); | |||
There was a problem hiding this comment.
Suggest changing message to match sign up.
vs
This PR gives users the ability to request name changes.
How it works
A new form has been added to
/settings:When the user attempts to submit the form, they get a confirm with this warning:
If the user confirms, the request is submitted and lives in the
user_usernamestable:(note the new
approved_atcolumn)In the management app, a new tool has been added:
The (1) badge indicates there is a pending username change request.
As an admin or moderator, I can view the list of pending username change requests:
If I click approve, the user's
display_namevalue will be changed, something will be recorded to their account's audit log, and an email will be fired off:This is the happy path case.
Alternatively, after 30 days, the username change request will "expire". It will no longer appear in the list of active requests, and the user will be able to request a new username change.
Other notes:
display_name, users do have the ability to request reverting back to their original username (they can bypass this uniqueness check).display_name.display_namechange is approved, users are put on a 30 day cooldown before they can request another change.