Confusing situation regarding users, employees, admins #5809
Replies: 5 comments
-
|
Additional finding: the results of the 'get_all_users' function from LedgerSMB::DBObject::User doesn't return the 'entity_id' column, so there's no way to traverse the relation diagram from LedgerSMB::DBObject::User to LedgerSMB::Entity::User, whereas the latter allows saving of roles and resetting passwords and the former doesn't... |
Beta Was this translation helpful? Give feedback.
-
|
LedgerSMB/DBObject/User.pm is a library/backend object, but goes directly to the web authentication layer to retrieve the current password... (layer violation which prevents me of using it for the purpose of setup.pm growing user management) |
Beta Was this translation helpful? Give feedback.
-
|
As it turns out, there are multiple ways to code a password reset:
And maybe others, but especially for the last one, I had to read the code of the admin__save_user() function to see that this is its main purpose for existing users (!). |
Beta Was this translation helpful? Give feedback.
-
|
A couple thoughts on this.
Right. Wondering if change_my_password should be moved to session object
|
Beta Was this translation helpful? Give feedback.
-
|
For 1.6 what I would like to do is refactor this a bit:
Then we can also clean up our object model code since this is also both setup and installation-related. |
Beta Was this translation helpful? Give feedback.
-
Currently the concepts of "users", "employees", "admins" and "login accounts/authentication entities" are conflated. This results in the following problems:
In addition, the current design hard-wires logins (=users) to employees (=persons). Which means it becomes unnatural to create per-department accounts or even accounts for automated interfacing.
Beta Was this translation helpful? Give feedback.
All reactions