https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29272 --- Comment #2 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 126502 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126502&action=edit Bug 29272: Make public password changing honour category constraints This patch makes the public API routes validate $user->category->effective_change_password before allowing the change. To test: 1. Apply the regression tests patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/patrons_password.t => FAIL: Tests fail, it allows the first change instead of returning 403. 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! 5. Sign off :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.