KarlAdmin should not change KarlStaff password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Medium
|
Chris Rossi |
Bug Description
Problem
========
Since the new user administration functionality went into the system, a user with the KarlAdmin role is unable to change their password correctly. In the OSI system, all password changes are routed through a change password form in GSA, our staff administrator application. The GSA change password page also sets the user's password in other internal OSI apps.
When a KarlAdmin user edits their own profile, the paragraph at the top that contains the link to change password is not shown so there is no way to get to the proper change password process. There is, however, a form field to change the password. This form field is confusing as changing the password there would cause the user's password to be out of sync with the other OSI apps. Since this is for admins only and there are only a few, we can educate around that problem, but having the link to change password properly still displayed is important.
Solution
===========
- If this is OSI, and not one of the partners, and...
- If you are on the admin_edit_
- You are editing someone's profile that is KarlStaff (for example, but not limited to, your own profile), then....
- Replace the two password change fields with a something explaining this combination of circumstances, and the link you describe to the proper change password facility.
description: | updated |
summary: |
- KarlAdmin cannot change password + KarlAdmin should not change KarlStaff password |
Can you test this on staging and see if it is also buggy there? It's possible that we can get this fixed for free, simply by the workflow-security work that is about to land.