[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Sam Lau changed: What|Removed |Added Attachment #153250|0 |1 is obsolete|| --- Comment #23 from Sam Lau --- Created attachment 153292 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153292=edit Bug 30700: (follow-up) Redirect to patron page after changing password This patch ensures the logged in user is redirected to the patron detail page after successfully changing another patron's password (rather than the homepage). Signed-off-by: Sam Lau -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Sam Lau changed: What|Removed |Added Attachment #153249|0 |1 is obsolete|| --- Comment #22 from Sam Lau --- Created attachment 153291 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153291=edit Bug 30700: (follow-up) Add system preference StaffLoginResetPassword This syspref wraps around the functionality added for patrons with the 'catalogue' permission to reset their own password via the staff client. Signed-off-by: Sam Lau -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Sam Lau changed: What|Removed |Added Attachment #153248|0 |1 is obsolete|| --- Comment #21 from Sam Lau --- Created attachment 153290 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153290=edit Bug 30700: Allow staff users to change their password via staff client Patrons who can log into the staff client (have the 'catalogue' permission) should be able to change their own password. To test: 0) Apply the patch, install database updates, restart services. Go to System preferences and enable the StaffLoginResetPassword system preference. 1) Create a user with only 'catalogue' permissions (Patron A) 2) Log in to the staff client as Patron A 3) Click the menu with your username in the top-right of the window. Click the 'your account' menu link. 4) Confirm you are forced to a login screen, so you cannot view your account, which is where the 'change password' link is normally found. 5) Try to access the page to change your password directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap Patron A's borrowernumber in). Confirm you are forced to a login screen. 6) Apply this patch and restart services. Go back to the mainpage logged in as Patron A. 7) Click the menu with your username in the top-right of the window. Notice there is now a 'Change password' menu link. Go to 'change password'. 8) Confirm you are now shown a page to change your password. Change your password, and confirm you are redirect to the mainpage. 9) Try to access the page to change someone else's page directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap some other borrowernumber in). Confirm you are redirected to a 404. 10) Log out and log back in as your original borrower. Confirm you are able to change your password as normal. Sponsored-by: Education Services Australia SCIS Signed-off-by: David Nind Signed-off-by: Sam Lau -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Sam Lau changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 --- Comment #20 from Aleisha Amohia --- Created attachment 153250 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153250=edit Bug 30700: (follow-up) Redirect to patron page after changing password This patch ensures the logged in user is redirected to the patron detail page after successfully changing another patron's password (rather than the homepage). -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Attachment #135176|0 |1 is obsolete|| --- Comment #19 from Aleisha Amohia --- Created attachment 153249 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153249=edit Bug 30700: (follow-up) Add system preference StaffLoginResetPassword This syspref wraps around the functionality added for patrons with the 'catalogue' permission to reset their own password via the staff client. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Attachment #135173|0 |1 is obsolete|| --- Comment #18 from Aleisha Amohia --- Created attachment 153248 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153248=edit Bug 30700: Allow staff users to change their password via staff client Patrons who can log into the staff client (have the 'catalogue' permission) should be able to change their own password. To test: 0) Apply the patch, install database updates, restart services. Go to System preferences and enable the StaffLoginResetPassword system preference. 1) Create a user with only 'catalogue' permissions (Patron A) 2) Log in to the staff client as Patron A 3) Click the menu with your username in the top-right of the window. Click the 'your account' menu link. 4) Confirm you are forced to a login screen, so you cannot view your account, which is where the 'change password' link is normally found. 5) Try to access the page to change your password directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap Patron A's borrowernumber in). Confirm you are forced to a login screen. 6) Apply this patch and restart services. Go back to the mainpage logged in as Patron A. 7) Click the menu with your username in the top-right of the window. Notice there is now a 'Change password' menu link. Go to 'change password'. 8) Confirm you are now shown a page to change your password. Change your password, and confirm you are redirect to the mainpage. 9) Try to access the page to change someone else's page directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap some other borrowernumber in). Confirm you are redirected to a 404. 10) Log out and log back in as your original borrower. Confirm you are able to change your password as normal. Sponsored-by: Education Services Australia SCIS Signed-off-by: David Nind -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Hammat wele changed: What|Removed |Added CC||hammat.w...@inlibro.com Status|Needs Signoff |Failed QA --- Comment #17 from Hammat wele --- After apply this patch: - When i click on the menu with my username 'Patran A' in the top-right there is no link 'Change password' as expected. - I can directly access to http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X and change the 'Patran A' password - But i can also access to http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X of other users and i'm not redirected to a 404 page as expected. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Emmanuel Bétemps changed: What|Removed |Added CC||e.bete...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Lucas Gass changed: What|Removed |Added CC||lu...@bywatersolutions.com --- Comment #16 from Lucas Gass --- > But when I change a patron's password when logged in as a superlibrarian I'm > redirected to the main page rather than back to their account. This is the behavior I get as well. When I reset someone else's password as a superlibrarian I am redirected back to the staff main page. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Status|Failed QA |Needs Signoff --- Comment #15 from Aleisha Amohia --- (In reply to Owen Leonard from comment #13) > But when I change a patron's password when logged in as a superlibrarian I'm > redirected to the main page rather than back to their account. Sorry Owen I wasn't able to reproduce this ... When I'm logged in as a superlibrarian and click Change password I'm not redirected to the mainpage. Then when I reset the password, it is successful and I'm still not redirected to the mainpage. Can you please test again? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 --- Comment #14 from David Cook --- (In reply to Owen Leonard from comment #13) > I don't understand what's going on here, which may just be me: > > if ( !$patron->has_permission({ borrowers => 'edit_borrowers' }) ) { > print $input->redirect("/cgi-bin/koha/mainpage.pl"); > } > > But when I change a patron's password when logged in as a superlibrarian I'm > redirected to the main page rather than back to their account. Looks like Koha::Patron->has_permission uses C4::Auth::haspermission, which has this line: return $flags if $flags->{superlibrarian}; So if you're a superlibrarian then that should be returning true. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Owen Leonard changed: What|Removed |Added Status|Needs Signoff |Failed QA --- Comment #13 from Owen Leonard --- I don't understand what's going on here, which may just be me: if ( !$patron->has_permission({ borrowers => 'edit_borrowers' }) ) { print $input->redirect("/cgi-bin/koha/mainpage.pl"); } But when I change a patron's password when logged in as a superlibrarian I'm redirected to the main page rather than back to their account. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Attachment #135174|0 |1 is obsolete|| --- Comment #12 from Aleisha Amohia --- Created attachment 135176 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=135176=edit Bug 30700: (follow-up) Add system preference StaffLoginResetPassword This syspref wraps around the functionality added for patrons with the 'catalogue' permission to reset their own password via the staff client. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Attachment #135087|0 |1 is obsolete|| --- Comment #11 from Aleisha Amohia --- Created attachment 135174 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=135174=edit Bug 30700: (follow-up) Add system preference StaffLoginResetPassword This syspref wraps around the functionality added for patrons with the 'catalogue' permission to reset their own password via the staff client. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Attachment #134772|0 |1 is obsolete|| --- Comment #10 from Aleisha Amohia --- Created attachment 135173 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=135173=edit Bug 30700: Allow staff users to change their password via staff client Patrons who can log into the staff client (have the 'catalogue' permission) should be able to change their own password. To test: 1) Create a user with only 'catalogue' permissions (Patron A) 2) Log in to the staff client as Patron A 3) Click the menu with your username in the top-right of the window. Click the 'your account' menu link. 4) Confirm you are forced to a login screen, so you cannot view your account, which is where the 'change password' link is normally found. 5) Try to access the page to change your password directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap Patron A's borrowernumber in). Confirm you are forced to a login screen. 6) Apply this patch and restart services. Go back to the mainpage logged in as Patron A. 7) Click the menu with your username in the top-right of the window. Notice there is now a 'Change password' menu link. Go to 'change password'. 8) Confirm you are now shown a page to change your password. Change your password, and confirm you are redirect to the mainpage. 9) Try to access the page to change someone else's page directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap some other borrowernumber in). Confirm you are redirected to a 404. 10) Log out and log back in as your original borrower. Confirm you are able to change your password as normal. Sponsored-by: Education Services Australia SCIS Signed-off-by: David Nind -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Status|Patch doesn't apply |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Séverine Queune changed: What|Removed |Added CC||severine.que...@bulac.fr Status|Needs Signoff |Patch doesn't apply --- Comment #9 from Séverine Queune --- Hi Aleisha, I got this error trying to install the patch : Apply? [(y)es, (n)o, (i)nteractive] y Applying: Bug 30700: Allow staff users to change their password via staff client Applying: Bug 30700: (follow-up) Add system preference StaffLoginResetPassword error: sha1 information is lacking or useless (installer/data/mysql/mandatory/sysprefs.sql). error: could not build fake ancestor Patch failed at 0001 Bug 30700: (follow-up) Add system preference StaffLoginResetPassword hint: Use 'git am --show-current-patch=diff' to see the failed patch I'd be happy to test this new feature when it's fixed ! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 --- Comment #8 from Aleisha Amohia --- Created attachment 135087 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=135087=edit Bug 30700: (follow-up) Add system preference StaffLoginResetPassword This syspref wraps around the functionality added for patrons with the 'catalogue' permission to reset their own password via the staff client. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Status|Failed QA |ASSIGNED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Andrew Fuerste-Henry changed: What|Removed |Added Status|Signed Off |Failed QA --- Comment #7 from Andrew Fuerste-Henry --- > I suppose it is a fairly significant feature > change, and we do tend to make new features opt-in. If nothing else, this is true. You are proposing a large behavior change. Our established practice is to make such things optional. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 --- Comment #6 from David Cook --- (In reply to Aleisha Amohia from comment #5) > Having multiple people using one account sounds like it's own security > risk... I don't think we should compromise on functionality to support that > use case. Agreed. While account sharing is a common practice, it isn't one that we should encourage or support. (In reply to Andrew Fuerste-Henry from comment #4) > Whether or not users can change their password via the OPAC is governed by > the OpacPasswordChange system preference. This enhancement should contain > either a comparable syspref for the staff interface or a new user permission > to change one's own password. That's a good point too though. I suppose it is a fairly significant feature change, and we do tend to make new features opt-in. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 --- Comment #5 from Aleisha Amohia --- Having multiple people using one account sounds like it's own security risk... I don't think we should compromise on functionality to support that use case. The real issue is what David has mentioned in Comment 1. If a person can log into the staff client, it's illogical to then have to direct them to the OPAC (another site) to change their own password. Many Koha libraries don't use the OPAC, or if they do, they may have OpacPasswordChange disabled, and then what? Additionally, I can't think of any online accounts I have where I can't change my own password on the site I've logged into. I don't believe we need to wrap this in a syspref or new permission. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Andrew Fuerste-Henry changed: What|Removed |Added CC||and...@bywatersolutions.com --- Comment #4 from Andrew Fuerste-Henry --- I don't know that we can assume any user that can log into the staff client should be able to change their own password. For example, many libraries create shared logins for the circulation desk, where multiple people use the same account and any individual changing the password would be quite disruptive. Whether or not users can change their password via the OPAC is governed by the OpacPasswordChange system preference. This enhancement should contain either a comparable syspref for the staff interface or a new user permission to change one's own password. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 David Nind changed: What|Removed |Added Attachment #134669|0 |1 is obsolete|| --- Comment #3 from David Nind --- Created attachment 134772 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=134772=edit Bug 30700: Allow staff users to change their password via staff client Patrons who can log into the staff client (have the 'catalogue' permission) should be able to change their own password. To test: 1) Create a user with only 'catalogue' permissions (Patron A) 2) Log in to the staff client as Patron A 3) Click the menu with your username in the top-right of the window. Click the 'your account' menu link. 4) Confirm you are forced to a login screen, so you cannot view your account, which is where the 'change password' link is normally found. 5) Try to access the page to change your password directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap Patron A's borrowernumber in). Confirm you are forced to a login screen. 6) Apply this patch and restart services. Go back to the mainpage logged in as Patron A. 7) Click the menu with your username in the top-right of the window. Notice there is now a 'Change password' menu link. Go to 'change password'. 8) Confirm you are now shown a page to change your password. Change your password, and confirm you are redirect to the mainpage. 9) Try to access the page to change someone else's page directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap some other borrowernumber in). Confirm you are redirected to a 404. 10) Log out and log back in as your original borrower. Confirm you are able to change your password as normal. Sponsored-by: Education Services Australia SCIS Signed-off-by: David Nind -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 David Nind changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 --- Comment #2 from Aleisha Amohia --- Created attachment 134669 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=134669=edit Bug 30700: Allow staff users to change their password via staff client Patrons who can log into the staff client (have the 'catalogue' permission) should be able to change their own password. To test: 1) Create a user with only 'catalogue' permissions (Patron A) 2) Log in to the staff client as Patron A 3) Click the menu with your username in the top-right of the window. Click the 'your account' menu link. 4) Confirm you are forced to a login screen, so you cannot view your account, which is where the 'change password' link is normally found. 5) Try to access the page to change your password directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap Patron A's borrowernumber in). Confirm you are forced to a login screen. 6) Apply this patch and restart services. Go back to the mainpage logged in as Patron A. 7) Click the menu with your username in the top-right of the window. Notice there is now a 'Change password' menu link. Go to 'change password'. 8) Confirm you are now shown a page to change your password. Change your password, and confirm you are redirect to the mainpage. 9) Try to access the page to change someone else's page directly http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X (swap some other borrowernumber in). Confirm you are redirected to a 404. 10) Log out and log back in as your original borrower. Confirm you are able to change your password as normal. Sponsored-by: Education Services Australia SCIS -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Patch complexity|--- |Small patch Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au --- Comment #1 from David Cook --- That's a really good point. That would be a great enhancement. I'm not a fan of directing staff to the OPAC for things like password changes. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 Aleisha Amohia changed: What|Removed |Added Status|NEW |ASSIGNED Assignee|koha-b...@lists.koha-commun |alei...@catalyst.net.nz |ity.org | Change sponsored?|--- |Sponsored -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/