[Koha-bugs] [Bug 26912] New: Expired staff accounts can still log in to Koha staff intranet
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 3 16:48:01 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26912
Bug ID: 26912
Summary: Expired staff accounts can still log in to Koha staff
intranet
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: koha-bugs at lists.koha-community.org
Reporter: kyle at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
We just discovered that staff accounts can be used for staff logins, SIP, API,
etc even if they are expired. The question we don't have an answer to is;
should this be allowed?
We could prevent staff logins for expired accounts, or perhaps add a new
'enabled' column to explicitly enable/disable accounts from logging in to Koha.
Right now, the only way to disable an account without deleting it is to remove
user permissions, which may be non trivial if the account has complicated
permissions and may need to be 'restored' in the future.
What do you all think?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list