https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30724
David Nind <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #186235|0 |1 is obsolete| | --- Comment #17 from David Nind <[email protected]> --- Created attachment 186251 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186251&action=edit Bug 30724: Allow superlibrarians to manage 2FA for other patrons This enhances the two-factor authentication management interface to allow superlibrarians to disable 2FA for other patrons when they lose access to their authenticator device. Controller changes (members/two_factor_auth.pl): * Accept borrowernumber parameter to select target patron * Implement authorization checks (self-service or superlibrarian) * Use proper HTTP status codes (403/404) for error conditions * Update all patron operations to use selected patron * Integrate with new reset_2fa() method for consistency * Pass another_user flag to template for conditional display Template changes (two_factor_auth.tt): * Use has_2fa_enabled() method instead of auth_method string comparison * Prevent superlibrarians from enabling 2FA for other users * Show explanatory message when 2FA setup is restricted * Maintain proper conditional display logic UI Integration changes: * Update members toolbar to show 2FA option for superlibrarians * Pass borrowernumber parameter in all 2FA-related URLs * Maintain context when canceling 2FA registration * Use consistent parameter naming (borrowernumber vs patron_id) To test: 1. Enable TwoFactorAuthentication system preference 2. Set up 2FA for a test patron 3. As superlibrarian, visit patron details page 4. Click 'Manage two-factor authentication' in toolbar => SUCCESS: 2FA management page loads for the selected patron 5. Disable 2FA for the patron => SUCCESS: 2FA is disabled for the target patron, not the superlibrarian 6. Verify 'Enable 2FA' button is hidden with explanatory text => SUCCESS: Shows message that users must enable 2FA themselves 7. Test authorization: try accessing as non-superlibrarian for different patron => FAIL: Returns 403 Forbidden error 8. Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Martin Renvoize <[email protected]> Signed-off-by: David Nind <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
