]> git.koha-community.org Git - koha.git/commit
Bug 29272: Make public password changing honour category constraints
authorTomas Cohen Arazi <tomascohen@theke.io>
Tue, 19 Oct 2021 13:29:55 +0000 (10:29 -0300)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 28 Oct 2021 10:16:37 +0000 (12:16 +0200)
commitd91d813e5ca9b5592957c3c561d83d3b507e61f9
treed2bc2c34f852b2ea67f9b41c881c7bacb8520950
parent81ec1ad5b5319233255a78e63eabcc88faa8e8fa
Bug 29272: Make public password changing honour category constraints

This patch makes the public API routes validate
$user->category->effective_change_password before allowing the change.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons_password.t
=> FAIL: Tests fail, it allows the first change instead of returning
         403.
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Koha/REST/V1/Patrons/Password.pm