Tracked under ADR 004 (#60).
Build the admin surface where a domainManager reviews and approves
or blocks pending accounts.
Scope
- Route
/admin/users/pending listing users with status = Pending,
restricted to users with domainManager = true (voter / IsGranted
on the controller).
- Actions on each row:
- Approve →
status = Approved. User can now sign in.
- Block →
status = Blocked. User row preserved for audit.
- Same surface lets an approver flip an
Approved user to Blocked
and back (admin only).
- A thin service (
App\Security\UserApproval or extension on
App\Security\UserManager) owns the status transitions; the
controller stays thin per project conventions.
- Twig templates re-use the existing layout / component primitives.
- Tests:
- approver can approve a pending user; user can now log in
- approver can block an approved user; user is rejected by the
UserCheckerInterface from the sibling issue
- non-approver (
domainManager = false) is denied access (403)
Out of scope
- Bulk actions, filtering / search on the queue.
- Notifications (email the user when approved). Track separately if
wanted.
Related
Tracked under ADR 004 (#60).
Build the admin surface where a
domainManagerreviews and approvesor blocks pending accounts.
Scope
/admin/users/pendinglisting users withstatus = Pending,restricted to users with
domainManager = true(voter /IsGrantedon the controller).
status = Approved. User can now sign in.status = Blocked. User row preserved for audit.Approveduser toBlockedand back (admin only).
App\Security\UserApprovalor extension onApp\Security\UserManager) owns the status transitions; thecontroller stays thin per project conventions.
UserCheckerInterfacefrom the sibling issuedomainManager = false) is denied access (403)Out of scope
wanted.
Related
domainManagerflag we gate on).status+domainManager).