https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26912
Bug ID: 26912
Summary: Expired staff accounts can still log in to Koha staff
intranet
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
We just discovered that staff accounts can be used for staff logins, SIP, API,
etc even if they are expired. The question we don't have an answer to is;
should this be allowed?
We could prevent staff logins for expired accounts, or perhaps add a new
'enabled' column to explicitly enable/disable accounts from logging in to Koha.
Right now, the only way to disable an account without deleting it is to remove
user permissions, which may be non trivial if the account has complicated
permissions and may need to be 'restored' in the future.
What do you all think?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
