CHANGE: New user signups now require admin approval

Given that I intend to reveal much more data to new users this seems necessary...

RIGS/admin.py

@@ -22,13 +22,20 @@ admin.site.register(models.Invoice)
 admin.site.register(models.Payment)
 
 
+def approve_user(modeladmin, request, queryset):
+    queryset.update(is_approved=True)
+approve_user.short_description = "Approve selected users"
+
+
 @admin.register(models.Profile)
 class ProfileAdmin(UserAdmin):
+    # Don't know how to add 'is_approved' whilst preserving the default list...
+    list_filter = ('is_approved', 'is_active', 'is_staff', 'is_superuser', 'groups')
     fieldsets = (
         (None, {'fields': ('username', 'password')}),
         (_('Personal info'), {
             'fields': ('first_name', 'last_name', 'email', 'initials', 'phone')}),
-        (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
+        (_('Permissions'), {'fields': ('is_approved', 'is_active', 'is_staff', 'is_superuser',
                                        'groups', 'user_permissions')}),
         (_('Important dates'), {
             'fields': ('last_login', 'date_joined')}),
@@ -41,6 +48,7 @@ class ProfileAdmin(UserAdmin):
     )
     form = forms.ProfileChangeForm
     add_form = forms.ProfileCreationForm
+    actions = [approve_user]
 
 
 class AssociateAdmin(VersionAdmin):

RIGS/forms.py

@@ -4,6 +4,7 @@ from django.conf import settings
 from django.core import serializers
 from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AuthenticationForm, PasswordResetForm
 from registration.forms import RegistrationFormUniqueEmail
+from django.contrib.auth.forms import AuthenticationForm
 from captcha.fields import ReCaptchaField
 import simplejson
 
@@ -54,6 +55,13 @@ class ProfileChangeForm(UserChangeForm):
         model = models.Profile
 
 
+class CheckApprovedForm(AuthenticationForm):
+    def confirm_login_allowed(self, user):
+        if not user.is_approved:
+            raise forms.ValidationError("Your account hasn't been approved by an administrator yet. Please check back in a few minutes!")
+        return AuthenticationForm.confirm_login_allowed(self, user)
+
+
 # Events Shit
 class EventForm(forms.ModelForm):
     datetime_input_formats = formats.get_format_lazy("DATETIME_INPUT_FORMATS") + list(settings.DATETIME_INPUT_FORMATS)

RIGS/migrations/0036_profile_is_approved.py

@@ -0,0 +1,19 @@
+# Generated by Django 2.0.13 on 2020-01-10 14:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('RIGS', '0035_auto_20191124_1319'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='profile',
+            name='is_approved',
+            # Approve existing profiles automatically, new ones default false. 
+            field=models.BooleanField(default=True),
+        ),
+    ]

RIGS/models.py

@@ -27,6 +27,7 @@ class Profile(AbstractUser):
     initials = models.CharField(max_length=5, unique=True, null=True, blank=False)
     phone = models.CharField(max_length=13, null=True, blank=True)
     api_key = models.CharField(max_length=40, blank=True, editable=False, null=True)
+    is_approved = models.BooleanField(default=False)
 
     @classmethod
     def make_api_key(cls):

RIGS/views.py

@@ -41,7 +41,7 @@ def login(request, **kwargs):
     else:
         from django.contrib.auth.views import login
 
-        return login(request)
+        return login(request, authentication_form=forms.CheckApprovedForm)
 
 
 # This view should be exempt from requiring CSRF token.