[Koha-bugs] [Bug 29272] API not respecting $category->effective_change_password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 19 15:32:13 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29272
--- Comment #2 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
Created attachment 126502
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126502&action=edit
Bug 29272: Make public password changing honour category constraints
This patch makes the public API routes validate
$user->category->effective_change_password before allowing the change.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_password.t
=> FAIL: Tests fail, it allows the first change instead of returning
403.
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list