[Koha-bugs] [Bug 25672] Administrators should be able to restrict client-side plugin upload to trusted sources

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Oct 25 18:25:00 CEST 2023 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25672

Victor Grousset/tuxayo <victor at tuxayo.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #157810|0                           |1
        is obsolete|                            |

--- Comment #82 from Victor Grousset/tuxayo <victor at tuxayo.net> ---
Created attachment 157836
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=157836&action=edit
Bug 25672: use enable_plugin_browser_upload flag to control plugin upload

This patch adds a enable_plugin_browser_upload flag to koha-conf.xml, which
controls whether or not Koha intranet users can upload Koha plugins via
their browser. Like "enable_plugins", it defaults to 0 for new installs.

This is useful when you want to provide Koha intranet users with plugins
that are pre-installed by administrators (by CLI) or restricting them
to plugins from a Github repo. See the following for more information:
Bug 23975 - Add ability to search and install plugins from GitHub
Bug 23191 - Administrators should be able to install plugins from the command
line

To test:
1) Apply the full patchset
2) Confirm <enable_plugins>1</enable_plugins> is present in koha-conf.xml
3) Add <plugins_restricted>1</plugins_restricted> to koha-conf.xml
4) Ensure that the <plugin_repos> block is not commented and contains at
   least one trusted organisation in koha-conf.xml
   If needed get it from: debian/templates/koha-conf-site.xml.in
5) Run restart_all (in koha-testing-docker)
6) Go to /cgi-bin/koha/plugins/plugins-home.pl and note that you don't see
   an option to upload plugins
7) You should however see a search option and upon search you should have
   results returned from the chosen trusted organisations listed in the
   <plugin_repos> block mentioned above.
8) Clicking install on one of the results should work as expected and install
   the plugin.
9) Go directly to /cgi-bin/koha/plugins/plugins-upload.pl and note that it says
   "Plugin upload is restricted to only those plugins listed by your server
   administrator" and gives instructions on how to enable unrestricted browser
   upload.

Signed-off-by: Nicolas Legrand <nicolas.legrand at bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: David Cook <dcook at prosentient.com.au>
Rebased-by: Victor Grousset/tuxayo <victor at tuxayo.net>
Signed-off-by: Victor Grousset/tuxayo <victor at tuxayo.net>

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list