Browse Source

Bug 30611: Add ability for staff to send password reset emails

This patch adds the ability for staff with the edit_borrowers permission
to send password reset emails to users.

The staff initiated password reset has it's own notice,
STAFF_PASSWORD_RESET, and the reset link produced has an extended
timeout of 5 days, as apposed to the usual 2 day limit.

Test plan
1) Apply patch and run the database update
2) Login to the staff client with a user who has the 'edit_borrowers'
   permission.
3) Note that a new, 'Send password reset' option appears under the
   'More' menu on the patron details page.
4) Clicking the button will queue the STAFF_PASSWORD_RESET notice and
   redirect the user to the Notices tab.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
master
Martin Renvoize 3 weeks ago
committed by Fridolin Somers
parent
commit
b5a93edea5
  1. 6
      Koha/Patron/Password/Recovery.pm
  2. 4
      koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
  3. 19
      members/notices.pl

6
Koha/Patron/Password/Recovery.pm

@ -104,6 +104,7 @@ sub SendPasswordRecoveryEmail {
my $borrower = shift; # Koha::Patron
my $userEmail = shift; #to_address (the one specified in the request)
my $update = shift;
my $staff = shift // 0;
my $schema = Koha::Database->new->schema;
@ -114,8 +115,9 @@ sub SendPasswordRecoveryEmail {
} while ( substr ( $uuid_str, -1, 1 ) eq '.' );
# insert into database
my $days = $staff ? 5 : 2;
my $expirydate =
dt_from_string()->add( days => 2 );
dt_from_string()->add( days => $days );
if ($update) {
my $rs =
$schema->resultset('BorrowerPasswordRecovery')
@ -141,7 +143,7 @@ sub SendPasswordRecoveryEmail {
# prepare the email
my $letter = C4::Letters::GetPreparedLetter(
module => 'members',
letter_code => 'PASSWORD_RESET',
letter_code => $staff ? 'STAFF_PASSWORD_RESET' : 'PASSWORD_RESET',
branchcode => $borrower->branchcode,
lang => $borrower->lang,
substitute =>

4
koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc

@ -72,6 +72,10 @@
<li><a id="sendwelcome" href="/cgi-bin/koha/members/notices.pl?borrowernumber=[% patron.borrowernumber | uri %]&op=send_welcome">Send welcome email</a></li>
[% END %]
[% IF CAN_user_borrowers_edit_borrowers %]
<li><a id="resetpassword" href="/cgi-bin/koha/members/notices.pl?borrowernumber=[% patron.borrowernumber | uri %]&op=send_password_reset">Send password reset</a></li>
[% END %]
[% IF CAN_user_borrowers_delete_borrowers %]
<li><a id="deletepatron" href="#">Delete</a></li>
[% ELSE %]

19
members/notices.pl

@ -27,6 +27,7 @@ use C4::Members;
use C4::Letters qw( GetPreparedLetter EnqueueLetter );
use Koha::Patrons;
use Koha::Patron::Categories;
use Koha::Patron::Password::Recovery qw( SendPasswordRecoveryEmail ValidateBorrowernumber );
my $input=CGI->new;
@ -93,6 +94,24 @@ if ( $op eq 'send_welcome' ) {
print $input->redirect("/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
}
if ( $op eq 'send_password_reset' ) {
my $emailaddr = $patron->notice_email_address;
if ($emailaddr) {
# check if there's already a recovery in process
my $update = ValidateBorrowernumber( $patron->borrowernumber );
# send staff initiated password recovery
SendPasswordRecoveryEmail( $patron, $emailaddr, $update, 1 );
}
# redirect to self to avoid form submission on refresh
print $input->redirect(
"/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
}
# Getting the messages
my $queued_messages = C4::Letters::GetQueuedMessages({borrowernumber => $borrowernumber});

Loading…
Cancel
Save