Bug 21533: Do not allow password recovery for administrative locked patrons

Depends on bug 21336 for the ADMINISTRATIVE_LOCKOUT constant.

This is a bit lazy solution (but good enough): The account will not be found
when recovering the password. The user should contact the library. Since
the library chose to lock the account, that seems appropriate.

Test plan:
Select a borrower and set login_attempts to -1. Via mysql command line or
with Koha::Patrons->find(borrowernumber)->lock.
Enable password recovery.
Try to recover password from OPAC. You should fail with 'Not found, contact
the library'.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl
index 5cc6bd3..a695165 100755 (executable)
--- a/opac/opac-password-recovery.pl
+++ b/opac/opac-password-recovery.pl
@@ -57,10 +57,10 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
 
     # Find the borrower by userid, card number, or email
     if ($username) {
-        $search_results = Koha::Patrons->search( { -or => { userid => $username, cardnumber => $username } } );
+        $search_results = Koha::Patrons->search( { -or => { userid => $username, cardnumber => $username }, login_attempts => { '!=', Koha::Patron::ADMINISTRATIVE_LOCKOUT } } );
     }
     elsif ($email) {
-        $search_results = Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email  => $email } } );
+        $search_results = Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email  => $email }, login_attempts => { '!=', Koha::Patron::ADMINISTRATIVE_LOCKOUT } } );
     }
 
     if ( !defined $search_results || $search_results->count < 1) {