This is a membership management system, it's chiefly a database of member data for legal purposes, setting up subscription payments, managing access control permissions, logging events, and interfacing with Discourse permissions.
South London Makerspace is migrating to a new membership system, based on Wordpress/WooCommerce. Benefits include PCI compliance, regular security updates and (expensive) support. The new system also incorpoates tool control - a feature that SLMS members have been waiting for a very long time for.
OK, but why didn't we try to just improve this membership system to do all of those things? Well ... the reason is mostly over-zealous information security.
South London Makerspace assigned the role of looking after all systems to one person. That person did not trust anyone else to look at or touch any system that was running in production. They also didn't trust the process of updating the software to work correctly, and therefore did not allow any updates to be performed on the system either.
This left us, the developers of the membership system, in a difficult position - users were reporting bugs, we were fixing them, and applying security updates to dependencies, adding new functionality that the users wanted and indeed needed - but had absolutely no ability to make them live.
Even without touching the live system, even testing it became difficult. We were forced to use a somewhat inexplicable "data drier" to test against data from the live system with the personal information removed (which, as you might expect, is close to useless in terms of actually validating functionality).
The most ironic thing is that, in the name of security, no security updates were performed on the live system for almost 2 years. Sometimes, you can go infosec so hard you end up coming right back around the other side...
As you may imagine, this caused the developers to become rather disenfranchised, as we were spending our volunteered time delivering functionality that never saw the light of day. So we all buggered off to do something less futile with our time - whilst the rest of the makerspace moaned about various bugs we had already addressed, and features we had already built.
There were also concerns about legislatory compliance including GDPR and PCI. We absolutely worked towards improving GDPR related features (the system is compliant from a software point of view, it entirely depends on how it's been configured and deployed) - but there are features that would make life easier for administrators (like the self-service personal data exporter). There is no need for this membership system to be PCI compliant as it never recieves, stores or forwards any payment card or bank account details (GoCardless handles all sensitive payment data - that is in fact half the point of using their service :) ).
With all the developers gone, SLMS had to figure out what to do next. They got something off the shelf which mostly does what they need, with a little fettling. Now we have to figure out how to port the data from this system to that one.
After that, there's no point in us doing any more work on this - so this will be the last release.
tl;dr: if you want to kill a perfectly good open source project, prevent the developers from ever releasing the software they're working on :)
Without further ado, here are the things to expect in this release:
/profile/discourse
When upgrading from a previous version, you will NEED to go through each existing API key that has been issued and assign capabilities to them. By default, all keys created in previous versions will have no permissions!
The main headline of this release is the implementation of a membership cap, required by South London Makerspace. This feature enables a threshold number of users with the member permission to trigger the disabling of new subscriptions - effectively preventing users from becoming members.
/profile/discourse