https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26912
Bug ID: 26912 Summary: Expired staff accounts can still log in to Koha staff intranet Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: k...@bywatersolutions.com QA Contact: testo...@bugs.koha-community.org We just discovered that staff accounts can be used for staff logins, SIP, API, etc even if they are expired. The question we don't have an answer to is; should this be allowed? We could prevent staff logins for expired accounts, or perhaps add a new 'enabled' column to explicitly enable/disable accounts from logging in to Koha. Right now, the only way to disable an account without deleting it is to remove user permissions, which may be non trivial if the account has complicated permissions and may need to be 'restored' in the future. What do you all think? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/