https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700 --- Comment #31 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- (In reply to Marcel de Rooy from comment #30)
The approach here feels a bit like a workaround.
member-password: flagsrequired => { borrowers => 'edit_borrowers' }, Shouldnt we lower that permission?
Maybe we could make it 'edit_borrowers or circulate_remaining_permissions' which are the 2 permissions most of the pages use that have the 'change password' button. We don't have a real 'view borrowers' right now.
And then there is moremember. It also needs edit_borrowers. Which is a bit weird for your own account. Should we rework the checks there a bit to include seeing your account (including password change)?
We could make it so you can see your own with catalogue maybe, but it feels like this would be for a separate bug. 2FA uses catalog - but how do you get there in the first place if you can't access pages that have the button?
If we do so, there is no need to add another link (we already have my account). And no pref is needed as well.
I think allowing a user to change their own password could be done without a preference. Since we started using Koha this has only caused confusion.
Currently, you can set a user to Staff access. He has the account link. But if he clicks, he gets No permission. Not user friendly.
I think we should try not to get out of scope here and maybe move some weirdness to a separate bug. But adjusting the permission checks and maybe even forego the pref would make sense to me. -- You are receiving this mail because: You are watching all bug changes.