Replace new user permission override hook [Was: New users are not being disabled]

[marcus]

Seems to be a problem with the shortcutted permission check new_user_enable_permissions_check(), also same bug as extensions #193

[marcus]

This is a result of fixing the last action code.

Last action is updated on save and so the override hook new_user_enable_permissions_check() returns false.

This is not a security problem as they must still activate their accounts before being able to log in, however it prevents user counting from working properly and they are still "activated".

This has an effect on both deactivation and activation.

[marcus]

The problem is that after the first save of the newly created user it's last action value is set - this means that the identification for newly created users in the hack new_user_enable_permissions_check() will fail the second time arround when it comes to disable the user.

We need a better way of identifying new users so that we can selectively and securely allow a permission override for them.

[brettp]

Ref'd in commit 3377 but I can't type so it's not showing up here.

[marcus]

Can this issue be closed? Fix appears to be in place.

[brettp]

I left it open pending a better fix than the hook. If you're content with the hook, it can be closed.

[marcus]

I think I will downgrade the priority and rename the issue. We have fixed the main problem, now we're talking about improvements...

[brettp]

The need for this hook was removed by fixing #617 and #2271.