w-a-r-m-inventory-system/Food-Pantry-Inventory

Allow a staff or administrator to change someone else's password.

Opened this issue · 0 comments

deeppunster commented

Is your feature request related to a problem? Please describe.
There are two situations where this is needed:

  • A user has forgotten their password and wants a staff person or an administrator to force a new password.

Describe the solution you'd like
An administrator or staff person should be able to go to System Maintenance ==> System User Maintenance ==> Edit for that user and change the password.

Describe alternatives you've considered

  • A separate menu pick could be added for this, but it would be less convenient for security and other reasons.
  • A mechanism for a user to reset their own password is available in Django.
    • Studies have shown, these email-based mechanisms can potentially be abused.
    • This author feels that the user base will be small enough that the frequency will not be a burden on staff or administrators.
    • This author also feels that a number of the volunteers will lack the computer skills to deal with self-service password resets.

Additional context

  • Password constraints should be the same as for changing passwords.
  • If the need arises for a user to be blocked from the system, unchecking the active flag is sufficient.