Allow a staff or administrator to change someone else's password.
Opened this issue · 0 comments
deeppunster commented
Is your feature request related to a problem? Please describe.
There are two situations where this is needed:
- A user has forgotten their password and wants a staff person or an administrator to force a new password.
Describe the solution you'd like
An administrator or staff person should be able to go to System Maintenance ==> System User Maintenance ==> Edit for that user and change the password.
Describe alternatives you've considered
- A separate menu pick could be added for this, but it would be less convenient for security and other reasons.
- A mechanism for a user to reset their own password is available in Django.
- Studies have shown, these email-based mechanisms can potentially be abused.
- This author feels that the user base will be small enough that the frequency will not be a burden on staff or administrators.
- This author also feels that a number of the volunteers will lack the computer skills to deal with self-service password resets.
Additional context
- Password constraints should be the same as for changing passwords.
- If the need arises for a user to be blocked from the system, unchecking the active flag is sufficient.