Hi David, Thanks very much for your reply. I'm glad you like the idea of moderating OPAC self-registrations. Yes, as you say we could use the borrower_modifications table. Adding an auto-number primary key and making borrower_modifications.borrowernumber nullable. Then when a user self registered a row is added to the borrower_modifications table with a null borrowernumber, and no cardnumber, userid and password. If approved the row could be shifted to the borrowers table with a borrowernumber, cardnumber, userid set. The password could be set by the new borrower via the password reset link emailed to them. I'm not sure if it is 'cleaner' to re-work the existing borrower_modifications table or make a new database table. I might try out with both locally and see how it goes, unless anyone else has strong opinions on this? A generic pending_action table sounds like a great long term goal for sure! I think for bug 25090 if I do go with a new table it would only be for OPAC self registrations though. Thanks again for your thoughts and yes if you would be happy to test once it is ready that would be amazing! Kind regards, Alex On 30/08/22 16:22, dcook@prosentient.com.au wrote:
Hi Alex,
Overall, I like the idea of moderating OPAC self-registrations.
Locally, we customize the self-registration to add a restriction to new borrowers, and email the library that there is a pending self-registration. But I think you make a good point about the accessing of electronic content.
At a glance, it doesn’t look like you could use the borrower_modifications table at present since it requires a borrowernumber.
Maybe one option would be to create the OPAC patron account but without a cardnumber, userid, or password (which you could then provide via borrower_modifications)? I suppose though that user could still be found by some APIs and that might still let them get too far. It looks like borrower_modifications is missing an autonumber primary key… that could be added and then borrowernumber could potentially be made nullable?
If you don’t alter borrower_modifications, then you probably need a new table.
I wonder about a generic “pending_action” table that incorporated a lot of the tracking of “suggestions”, and then a linking table of “pending_action_borrower_registrations”, and then a table of “borrower_registrations”. (In theory, eventually “suggestions” and “borrower_modifications” could be refactored to hook into this more generic system, and pave the way for easily adding other “pending actions” that need to be moderated. In fact… I think there is a moderation/review process for “reviews” (also known as Comments I think?)… “problem_reports” could’ve benefitted from that too. Hypothetically even “tags_approval”. That’s all a bit grand though.
I’d be interested in testing whatever you come up with in any case.
David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia
Office: 02 9212 0899
Online: 02 8005 0595
*From:*Koha-devel <koha-devel-bounces@lists.koha-community.org> *On Behalf Of *Alex Buckley *Sent:* Tuesday, 30 August 2022 8:46 AM *To:* koha-devel@lists.koha-community.org *Subject:* [Koha-devel] Enable libraries to moderate OPAC self-registrations
Kia ora/Hello Koha community,
I am currently working on reviving bug 25090 <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25090> ( Moderate OPAC self-registrations before a patron account is created ).
*New proposed functionality:*
Step 1: The library enables both the new 'PatronSelfRegistrationModeration' syspref and the existing 'OpacResetPassword' syspref.
Step 2: When a user submits an OPAC self-registration their Koha patron account is not created immediately - i.e. they cannot yet log into the OPAC.
Step 3: A pending registration link appears at the bottom of the staff client home page (like what's currently done with new purchase suggestions, or OPAC patron modification requests).
Step 4: Librarians can click on the link to go to a page to approve or decline the registration.
Step 4a: If approved the user is sent an email notice, containing their Koha username and an OPAC reset password link.
Step 4b: If declined the user is sent a different email notice.
*The rationale for adding this feature:* You can currently limit the circulation of self-registered patrons - by using the PatronSelfRegistrationDefaultCategory syspref and creating circulation rule(s) for that category.
However, users only need an OPAC login (without the ability to circulate) to access electronic content providers (integrated with Koha via STunnel/SIP2). Some electronic content providers charge libraries based on their usage. Meaning it might not be optimal having anyone from around the world self-registering for a library OPAC login and accessing electronic content from some providers, therefore, incurring extra costs for the library.
Bug 25090 was originally developed in the early days of the pandemic to ensure new self-registering OPAC users accessing 3rd party databases were coming from acceptable locations i.e. they were members of the organisation the library is in.
More details can be found here: https://www.catalyst.net.nz/blog/mental-health-education-resource-library-no...
*Questions I would like to hear your thoughts on please:*
Q1: Are you in favour of this as a new feature in Koha?
Q2: Would you prefer a new database table be added for self-registrations awaiting approval, or should I use the borrowers_modifications table - as is used by OPAC patron modification requests?
Q3: How would you envisage this self-registration moderation feature fitting in with the existing PatronSelfRegistrationVerifyByEmail and PatronSelfRegistrationDefaultCategory sysprefs?
Any thoughts much appreciated.
Kind regards,
Alex
-- Alex Buckley Koha Developer | Implementation Lead Catalyst IT - Expert Open Source Solutions Catalyst.Net Ltd - a Catalyst IT group company CONFIDENTIALITY NOTICE: This email is intended for the named recipients only. It may contain privileged, confidential or copyright information. If you are not the named recipient, any use, reliance upon, disclosure or copying of this email or its attachments is unauthorised. If you have received this email in error, please reply via email or call +64 4 499 2267.