Readonly profile

MIT license Latest Stable Version Total Downloads Donate

This extension removes the ability for users to perform various actions on the forum.
It removes both the UI controls and disables the underlying REST API endpoints.

This is intended for forums where administrators are the only person editing user profiles or to be used in custom integrations where the data is synced from a different platform.

Available options:

  • Disable Login: disable regular login endpoint, but preserve ability to create access tokens. Sessions can still be started through the use of manually created remember tokens.
  • Disable Access Token Creation: completely disables ability to create regular and remember access tokens. This makes it impossible to start new sessions. Disable Login is implicit with this option. API keys are not affected.
  • Disable Email Change: disables regular email change requests. Admins can still edit other users.
  • Disable Password Change and Reset: disables regular password edit. Admins can still set a password on other users.
  • Disable Avatar Edit: disables avatar upload and removal. Admins can still use the endpoint.

If you enable Disable Login or Disable Access Token Creation you will lock yourself out of the forum if no other login/authentication system is in place.
To recover access to the forum in case of an issue you need to either:

  • Use an API Key to disable the settings or extension through the REST API.
  • Disable the setting or extension by manually editing the database.
  • Removing the Composer package.

If you use an external login system and have set a random password on Flarum user accounts, Disable Login, Disable Access Token Creation and Disable Email Change aren't strictly needed because users cannot use these endpoints without knowing the Flarum user password anyway.
You could just hide the buttons from the UI with CSS and it would be enough.

Installation

composer require clarkwinkelmann/flarum-ext-readonly-profile

Support

This extension is under minimal maintenance.

It was developed for a client and released as open-source for the benefit of the community.
I might publish simple bugfixes or compatibility updates for free.

You can contact me to sponsor additional features or updates.

Support is offered on a "best effort" basis through the Flarum community thread.

Sponsors: Dater.com

Links

    5 months later

    Version 1.0.1

    Fix inability to turn off disable email change.

    Ziven there was indeed an issue, the code wasn't checking the setting. This should be fixed in the new version.

      6 months later

      This extension can forbid a single user to change the avatar or can set suspended user should be unable to remove and upload the avatar or will disable the avatar upload and removal for all users?

        peopleinside each setting is a global toggle. It will affect all users except admins. All users will be stuck with their current avatar selection and can neither add or remove it.

        It shouldn't be very complicated to adapt the code if you wanted it to only affect disabled users.

        But the real solution here would be to add a permission for this in Flarum core, because this extension uses a hacky solution to achieve it given the lack of gated permission.

            clarkwinkelmann so your extension is not for me sorry.
            Where we can track this issue of the user avatar?

            I can create an issue in GitHub or some core developer can do?
            I want track this issue.

              8 months later

              Wulfheart if the feature isn't re-using any code from the other features I would suggest releasing it as a standalone extension.

              Flarum already has a setting to disable sign up though. When disabled all links should already be hidden automatically.

                  5 days later

                  Wulfheart in the settings grid, you should see "Registration" (maybe it's "Sign Up") "open"/"closed". Technically it's a setting and not a permission but it's on that page.