[Koha-devel] Request for discussion: bugs 3674, 6220, 6224 and 6218

Fernando Canizo conan at lugmen.org.ar
Tue Apr 26 17:59:18 CEST 2011 

I found bug 6220, the bug is the first paragraph only, the rest is me 
rambling on because I thought there were some default password for newly 
created koha users when no password was provided.

6224 explains the same bug better and without rambling.

3674 is an implementation of users with disabled login from biblibre.

And 6218 has a tiny patch to auto generate logins upon user creation if 
none provided.

These all leave me thinking:
	1. what's the purpose of creating users? and
	2. what would be desirable upon user creation?

And those two questions is what I want to discuss here so answer may 
clear my view on this.

There was some prior talking in the comments to bug 6220 with Katrin 
Fischer.

The answer to my first question is pretty simple to me: we create users 
to use the system! But this leads to some defaults we were not enforcing:

- they will require a login (implemented on my patch for 3674), we 
cannot allow users on database without a login

- they will require a password. I think, but on biblibre it seems they 
need users with no password at all and also disabled users, which was 
implemented by making borrowers.password = '!'. It's not clear to me if 
they need both or just the = '!' one.

This leads to the second question:

- do we need empty passwords? or can we cope with disabled ones (='!')

- if we allow disabled logins, then shouldn't we provide a way to 
disable/enable them (right now you can only get a disabled login upon 
user creation, and you cannot disable it again once you enabled it)

- should it be desirable to have auto-generated passwords? If so, we 
need to decide if they would be viewable by superlibrarian upon creation 
(to tell it to the user), or if we silently will send it by mail 
directly to the user. If the second option is choosen, then we need to 
get sure KohaAdminEmailAddress is a valid email on installation and also 
require upon user creation to provide an email (and what if the user 
doesn't have one?)

- KF also suggested these auto-generated passwords should be made 'one 
time only' and force user to provide a new one on first login, which 
means we would need to add a new column to database, something like 
borrowers.password_valid_until which should be a timestamp.

I might be rambling again, so I'll summarize:

- I think database should not have users which don't have a login 
defined. Then we should enforce it by default making 
systempreferences.BorrowerMandatoryField include OPAC login field, and 
also provide a mechanism to avoid empty logins just in case some 
superlibrarian modifies it.

- I would like to hear from you to know how to close all these 
bugs/enhancements propositions.

-- 
Fernando Canizo (a.k.a. conan) - http://conan.muriandre.com/
GCS d? s:+ a C++ P--- L++++ E--- W+++ w--- M-- PE-- !tv b+++ h---- y+++

More information about the Koha-devel mailing list