[Koha-bugs] [Bug 26912] New: Expired staff accounts can still log in to Koha staff intranet

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26912

            Bug ID: 26912
           Summary: Expired staff accounts can still log in to Koha staff
                    intranet
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Architecture, internals, and plumbing
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: kyle at bywatersolutions.com
        QA Contact: testopia at bugs.koha-community.org

We just discovered that staff accounts can be used for staff logins, SIP, API,
etc even if they are expired. The question we don't have an answer to is;
should this be allowed?

We could prevent staff logins for expired accounts, or perhaps add a new
'enabled' column to explicitly enable/disable accounts from logging in to Koha. 

Right now, the only way to disable an account without deleting it is to remove
user permissions, which may be non trivial if the account has complicated
permissions and may need to be 'restored' in the future.

What do you all think?

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.