[Koha-bugs] [Bug 30700] Patrons who can log into staff interface should be able to change their own password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 6 13:10:28 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700
--- Comment #31 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
(In reply to Marcel de Rooy from comment #30)
> The approach here feels a bit like a workaround.
>
> member-password:
> flagsrequired => { borrowers => 'edit_borrowers' },
> Shouldnt we lower that permission?
Maybe we could make it 'edit_borrowers or circulate_remaining_permissions'
which are the 2 permissions most of the pages use that have the 'change
password' button. We don't have a real 'view borrowers' right now.
> And then there is moremember. It also needs edit_borrowers. Which is a bit
> weird for your own account.
> Should we rework the checks there a bit to include seeing your account
> (including password change)?
We could make it so you can see your own with catalogue maybe, but it feels
like this would be for a separate bug. 2FA uses catalog - but how do you get
there in the first place if you can't access pages that have the button?
> If we do so, there is no need to add another link (we already have my
> account).
> And no pref is needed as well.
I think allowing a user to change their own password could be done without a
preference. Since we started using Koha this has only caused confusion.
> Currently, you can set a user to Staff access. He has the account link. But
> if he clicks, he gets No permission. Not user friendly.
I think we should try not to get out of scope here and maybe move some
weirdness to a separate bug.
But adjusting the permission checks and maybe even forego the pref would make
sense to me.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list