-
Notifications
You must be signed in to change notification settings - Fork 21
Member creation 2 of 3 ‐ Creating an Member
When an applicant signs their membership agreement, they are officially a member of the cooperative. Members, current past or future, are represented by the ShareOwner model. The CreateShareOwnerFromDraftUserView has a few interesting features.
The button to create a member from an applicant is in the DraftUser detail template. This button is disabled if the member cannot be created yet, typically if the membership agreement has not been signed yet, so for normal, innocent users it is not possible to access CreateShareOwnerFromDraftUserView if the member cannot be created. However, it is still very important to check that the member can be created in the view: the button can be enabled with the browser dev tools, another user could have created the member at the same time, an malicious user could try to manipulate our data...
Therefore, while it is useful to have our UI show which actions are possible and which are not for usability reasons, it is not sufficient to ensure data integrity and security. Always check that the actions can be performed, even if you are sure that the UI only allows valid cases.