https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700
--- Comment #31 from Katrin Fischer <[email protected]> --- (In reply to Marcel de Rooy from comment #30) > The approach here feels a bit like a workaround. > > member-password: > flagsrequired => { borrowers => 'edit_borrowers' }, > Shouldnt we lower that permission? Maybe we could make it 'edit_borrowers or circulate_remaining_permissions' which are the 2 permissions most of the pages use that have the 'change password' button. We don't have a real 'view borrowers' right now. > And then there is moremember. It also needs edit_borrowers. Which is a bit > weird for your own account. > Should we rework the checks there a bit to include seeing your account > (including password change)? We could make it so you can see your own with catalogue maybe, but it feels like this would be for a separate bug. 2FA uses catalog - but how do you get there in the first place if you can't access pages that have the button? > If we do so, there is no need to add another link (we already have my > account). > And no pref is needed as well. I think allowing a user to change their own password could be done without a preference. Since we started using Koha this has only caused confusion. > Currently, you can set a user to Staff access. He has the account link. But > if he clicks, he gets No permission. Not user friendly. I think we should try not to get out of scope here and maybe move some weirdness to a separate bug. But adjusting the permission checks and maybe even forego the pref would make sense to me. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
