[Koha-bugs] [Bug 29272] API not respecting $category->effective_change_password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Oct 21 01:20:11 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29272
David Nind <david at davidnind.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #126502|0 |1
is obsolete| |
--- Comment #5 from David Nind <david at davidnind.com> ---
Created attachment 126633
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126633&action=edit
Bug 29272: Make public password changing honour category constraints
This patch makes the public API routes validate
$user->category->effective_change_password before allowing the change.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_password.t
=> FAIL: Tests fail, it allows the first change instead of returning
403.
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: David Nind <david at davidnind.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list