[Koha-bugs] [Bug 26912] Expired staff accounts can still log in to Koha staff intranet, SIP, API, etc.
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Nov 5 00:36:43 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26912
--- Comment #7 from David Cook <dcook at prosentient.com.au> ---
(In reply to Kyle M Hall from comment #6)
> (In reply to David Cook from comment #5)
> > (In reply to Katrin Fischer from comment #2)
> > > A changed password can't be queried, I like the idea of an enable/disable
> > > functionality for the permissions. You would still want to allow OPAC
> > > logins, but block staff.
> >
> > We could query it if we changed the password field to "!". I feel that's
> > something that Koha sometimes does?
>
> I'm not seeing the in the code with some basic grepping. The problem I see
> with that is, again, that it changes data about the user. The user's
> password is then lost, and without additional data ( public note, private
> note ), the reason for the password being changed would be unknown.
Hmm maybe that's something from the past then. I thought we used to set the
password field to ! when we didn't have a password for users. Or maybe that's
something we did locally...
But I agree about the reasons not to do it.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list