[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password

Fri May 6 04:30:34 CEST 2022

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700

--- Comment #2 from Aleisha Amohia <aleisha at catalyst.net.nz> ---
Created attachment 134669
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=134669&action=edit
Bug 30700: Allow staff users to change their password via staff client

Patrons who can log into the staff client (have the 'catalogue'
permission) should be able to change their own password.

To test:
1) Create a user with only 'catalogue' permissions (Patron A)
2) Log in to the staff client as Patron A
3) Click the menu with your username in the top-right of the window.
Click the 'your account' menu link.
4) Confirm you are forced to a login screen, so you cannot view your
account, which is where the 'change password' link is normally found.
5) Try to access the page to change your password directly
http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X
(swap Patron A's borrowernumber in). Confirm you are forced to a login
screen.
6) Apply this patch and restart services. Go back to the mainpage logged
in as Patron A.
7) Click the menu with your username in the top-right of the window.
Notice there is now a 'Change password' menu link. Go to 'change
password'.
8) Confirm you are now shown a page to change your password. Change your
password, and confirm you are redirect to the mainpage.
9) Try to access the page to change someone else's page directly
http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X
(swap some other borrowernumber in). Confirm you are redirected to a
404.
10) Log out and log back in as your original borrower. Confirm you are
able to change your password as normal.

Sponsored-by: Education Services Australia SCIS

-- 
You are receiving this mail because:
You are watching all bug changes.