Browse Source

Bug 20415: Remove UseKohaPlugins system preference

Owen Leonard 2018-03-16 10:47:47 UTC :
<<
I don't think the system preference adds any security. There are already multiple permissions required for working with plugins:

- Configure plugins
- Manage plugins ( install / uninstall )
- Use report plugins
- Use tool plugins

And even with those permissions your server must be configured to allow the use of plugins.
>>

Test plan :
1) Install kitchen sink plugin https://github.com/bywatersolutions/koha-plugin-kitchen-sink
2) Run misc/devel/install_plugins.pl
3) Set config enable_plugins=1
4) Check all parts of the plugin are working
5) Set config enable_plugins=0
6) Check all parts of the plugin are disabled

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
tags/v20.05.00
parent
commit
21c9b685bf
Signed by: martin.renvoize <martin.renvoize@ptfs-europe.com> GPG Key ID: 422B469130441A0F
28 changed files with 22 additions and 58 deletions
  1. +0
    -1
      C4/Auth.pm
  2. +1
    -1
      C4/Biblio.pm
  3. +0
    -1
      C4/UsageStats.pm
  4. +1
    -1
      Koha/Item.pm
  5. +2
    -5
      Koha/Patron.pm
  6. +1
    -2
      Koha/REST/Plugin/PluginRoutes.pm
  7. +1
    -2
      Koha/REST/V1/Static.pm
  8. +4
    -8
      Koha/Template/Plugin/KohaPlugins.pm
  9. +1
    -1
      admin/admin-home.pl
  10. +1
    -4
      admin/edi_accounts.pl
  11. +1
    -2
      catalogue/detail.pl
  12. +1
    -0
      installer/data/mysql/atomicupdate/bug_20415.sql
  13. +0
    -1
      installer/data/mysql/sysprefs.sql
  14. +0
    -7
      koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/enhanced_content.pref
  15. +1
    -3
      misc/devel/install_plugins.pl
  16. +1
    -2
      opac/opac-account.pl
  17. +1
    -2
      plugins/plugins-enable.pl
  18. +1
    -1
      plugins/plugins-home.pl
  19. +1
    -2
      plugins/plugins-uninstall.pl
  20. +1
    -1
      plugins/plugins-upload.pl
  21. +1
    -1
      plugins/run.pl
  22. +0
    -1
      t/db_dependent/ImportBatch.t
  23. +0
    -1
      t/db_dependent/Koha/Plugins/Biblio_and_Items_plugin_hooks.t
  24. +0
    -1
      t/db_dependent/Koha/Plugins/Patron.t
  25. +0
    -2
      t/db_dependent/Koha/REST/Plugin/PluginRoutes.t
  26. +0
    -2
      t/db_dependent/Koha/Template/Plugin/KohaPlugins.t
  27. +0
    -1
      t/db_dependent/UsageStats.t
  28. +1
    -2
      tools/stage-marc-import.pl

+ 0
- 1
C4/Auth.pm View File

@@ -506,7 +506,6 @@ sub get_template_and_user {
OPACLocalCoverImages => C4::Context->preference('OPACLocalCoverImages'),
AllowMultipleCovers => C4::Context->preference('AllowMultipleCovers'),
EnableBorrowerFiles => C4::Context->preference('EnableBorrowerFiles'),
UseKohaPlugins => C4::Context->preference('UseKohaPlugins'),
UseCourseReserves => C4::Context->preference("UseCourseReserves"),
useDischarge => C4::Context->preference('useDischarge'),
pending_checkout_notes => scalar Koha::Checkouts->search({ noteseen => 0 }),


+ 1
- 1
C4/Biblio.pm View File

@@ -3448,7 +3448,7 @@ sub _after_biblio_action_hooks {
my $biblio_id = $args->{biblio_id};
my $action = $args->{action};

if ( C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins") ) {
if ( C4::Context->config("enable_plugins") ) {

my @plugins = Koha::Plugins->new->GetPlugins({
method => 'after_biblio_action',


+ 0
- 1
C4/UsageStats.pm View File

@@ -213,7 +213,6 @@ sub BuildReport {
NovelistSelectEnabled
OpenLibraryCovers
OpenLibrarySearch
UseKohaPlugins
SyndeticsEnabled
TagsEnabled
CalendarFirstDayOfWeek


+ 1
- 1
Koha/Item.pm View File

@@ -807,7 +807,7 @@ sub _after_item_action_hooks {

my $action = $params->{action};

if ( C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins") ) {
if ( C4::Context->config("enable_plugins") ) {

my @plugins = Koha::Plugins->new->GetPlugins({
method => 'after_item_action',


+ 2
- 5
Koha/Patron.pm View File

@@ -230,10 +230,7 @@ sub store {
$self->privacy($default_privacy);

# Call any check_password plugins if password is passed
if ( C4::Context->preference('UseKohaPlugins')
&& C4::Context->config("enable_plugins")
&& $self->password )
{
if ( C4::Context->config("enable_plugins") && $self->password ) {
my @plugins = Koha::Plugins->new()->GetPlugins({
method => 'check_password',
});
@@ -749,7 +746,7 @@ sub set_password {
}
}

if ( C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins") ) {
if ( C4::Context->config("enable_plugins") ) {
# Call any check_password plugins
my @plugins = Koha::Plugins->new()->GetPlugins({
method => 'check_password',


+ 1
- 2
Koha/REST/Plugin/PluginRoutes.pm View File

@@ -45,8 +45,7 @@ sub register {

my @plugins;

if ( C4::Context->preference('UseKohaPlugins')
&& C4::Context->config("enable_plugins") )
if ( C4::Context->config("enable_plugins") )
{
# plugin needs to define a namespace
@plugins = Koha::Plugins->new()->GetPlugins(


+ 1
- 2
Koha/REST/V1/Static.pm View File

@@ -35,8 +35,7 @@ sub get {
my $self = shift;
my $c = $self->openapi->valid_input or return;

if ( C4::Context->preference('UseKohaPlugins')
&& C4::Context->config("enable_plugins") )
if ( C4::Context->config("enable_plugins") )
{
my $path = $c->req->url->path->leading_slash(1);



+ 4
- 8
Koha/Template/Plugin/KohaPlugins.pm View File

@@ -47,8 +47,7 @@ to output to the head section of opac pages.
=cut

sub get_plugins_opac_head {
return q{}
unless C4::Context->preference('UseKohaPlugins');
return q{} unless C4::Context->config("enable_plugins");

my $p = Koha::Plugins->new();

@@ -75,8 +74,7 @@ to output to the javascript section of at the bottom of opac pages.
=cut

sub get_plugins_opac_js {
return q{}
unless C4::Context->preference('UseKohaPlugins');
return q{} unless C4::Context->config("enable_plugins");

my $p = Koha::Plugins->new();

@@ -103,8 +101,7 @@ to output to the head section of intranet pages.
=cut

sub get_plugins_intranet_head {
return q{}
unless C4::Context->preference('UseKohaPlugins');
return q{} unless C4::Context->config("enable_plugins");

my $p = Koha::Plugins->new();

@@ -131,8 +128,7 @@ to output to the javascript section of at the bottom of intranet pages.
=cut

sub get_plugins_intranet_js {
return q{}
unless C4::Context->preference('UseKohaPlugins');
return q{} unless C4::Context->config("enable_plugins");

my $p = Koha::Plugins->new();



+ 1
- 1
admin/admin-home.pl View File

@@ -24,7 +24,7 @@ use Koha::Plugins;

my $query = new CGI;

my $plugins_enabled = C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins");
my $plugins_enabled = C4::Context->config("enable_plugins");
my $mana_url = C4::Context->config('mana_config');

my ( $template, $loggedinuser, $cookie ) = get_template_and_user(


+ 1
- 4
admin/edi_accounts.pl View File

@@ -52,10 +52,7 @@ if ( $op eq 'acct_form' ) {
);
$template->param( vendors => \@vendors );

my $plugins_enabled = C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins");
$template->param( plugins_enabled => $plugins_enabled );

if ( $plugins_enabled ) {
if ( C4::Context->config("enable_plugins") ) {
my @plugins = Koha::Plugins->new()->GetPlugins({
method => 'edifact',
});


+ 1
- 2
catalogue/detail.pl View File

@@ -64,8 +64,7 @@ my ( $template, $borrowernumber, $cookie, $flags ) = get_template_and_user(
);

# Determine if we should be offering any enhancement plugin buttons
if ( C4::Context->preference('UseKohaPlugins') &&
C4::Context->config('enable_plugins') ) {
if ( C4::Context->config('enable_plugins') ) {
# Only pass plugins that can offer a toolbar button
my @plugins = Koha::Plugins->new()->GetPlugins({
method => 'intranet_catalog_biblio_enhancements_toolbar_button'


+ 1
- 0
installer/data/mysql/atomicupdate/bug_20415.sql View File

@@ -0,0 +1 @@
DELETE FROM systempreferences WHERE variable='UseKohaPlugins';

+ 0
- 1
installer/data/mysql/sysprefs.sql View File

@@ -674,7 +674,6 @@ INSERT INTO systempreferences ( `variable`, `value`, `options`, `explanation`, `
('useDischarge','','','Allows librarians to discharge borrowers and borrowers to request a discharge','YesNo'),
('UseEmailReceipts','0','','Send email receipts for payments and write-offs','YesNo'),
('UseICU','0','1','Tell Koha if ICU indexing is in use for Zebra or not.','YesNo'),
('UseKohaPlugins','0','','Enable or disable the ability to use Koha Plugins.','YesNo'),
('UseTransportCostMatrix','0','','Use Transport Cost Matrix when filling holds','YesNo'),
('UseWYSIWYGinSystemPreferences','0','','Show WYSIWYG editor when editing certain HTML system preferences.','YesNo'),
('viewISBD','1','','Allow display of ISBD view of bibiographic records','YesNo'),


+ 0
- 7
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/enhanced_content.pref View File

@@ -349,13 +349,6 @@ Enhanced Content:
yes: "Embed"
no: "Don't embed"
- YouTube links as videos.
Plugins:
-
- pref: UseKohaPlugins
choices:
yes: Enable
no: "Don't enable"
- the ability to use Koha Plugins. Note, the plugin system must also be enabled in the Koha configuration file to be fully enabled.
OverDrive:
-
- Include OverDrive availability information with the client key


+ 1
- 3
misc/devel/install_plugins.pl View File

@@ -31,9 +31,7 @@ GetOptions( 'help|?' => \$help );

pod2usage(1) if $help;

my $plugins_enabled = C4::Context->preference('UseKohaPlugins')
&& C4::Context->config("enable_plugins");
unless ($plugins_enabled) {
unless ( C4::Context->config("enable_plugins") ) {
print
"The plugin system must be enabled for one to be able to install plugins\n";
exit 1;


+ 1
- 2
opac/opac-account.pl View File

@@ -84,8 +84,7 @@ $template->param(
payment_error => scalar $query->param('payment-error') || q{},
);

my $plugins_enabled = C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins");
if ( $plugins_enabled ) {
if ( C4::Context->config("enable_plugins") ) {
my @plugins = Koha::Plugins->new()->GetPlugins({
method => 'opac_online_payment',
});


+ 1
- 2
plugins/plugins-enable.pl View File

@@ -23,8 +23,7 @@ use C4::Context;
use C4::Auth qw(check_cookie_auth);
use Koha::Plugins::Handler;

die("Koha plugins are disabled!")
unless C4::Context->preference('UseKohaPlugins');
die("Koha plugins are disabled!") unless C4::Context->config("enable_plugins");

my $input = new CGI;



+ 1
- 1
plugins/plugins-home.pl View File

@@ -30,7 +30,7 @@ use C4::Output;
use C4::Debug;
use C4::Context;

my $plugins_enabled = C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins");
my $plugins_enabled = C4::Context->config("enable_plugins");

my $input = new CGI;
my $method = $input->param('method');


+ 1
- 2
plugins/plugins-uninstall.pl View File

@@ -29,8 +29,7 @@ use C4::Members;
use C4::Debug;
use Koha::Plugins::Handler;

die("Koha plugins are disabled!")
unless C4::Context->preference('UseKohaPlugins');
die("Koha plugins are disabled!") unless C4::Context->config("enable_plugins");

my $input = new CGI;



+ 1
- 1
plugins/plugins-upload.pl View File

@@ -31,7 +31,7 @@ use C4::Members;
use C4::Debug;
use Koha::Plugins;

my $plugins_enabled = C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins");
my $plugins_enabled = C4::Context->config("enable_plugins");

my $input = new CGI;



+ 1
- 1
plugins/run.pl View File

@@ -27,7 +27,7 @@ use C4::Output;
use C4::Debug;
use C4::Context;

my $plugins_enabled = C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins");
my $plugins_enabled = C4::Context->config("enable_plugins");

my $cgi = new CGI;



+ 0
- 1
t/db_dependent/ImportBatch.t View File

@@ -190,7 +190,6 @@ subtest "RecordsFromMarcPlugin" => sub {
close $fh;

t::lib::Mocks::mock_config( 'enable_plugins', 1 );
t::lib::Mocks::mock_preference( 'UseKohaPlugins', 1 );

my $plugins = Koha::Plugins->new;
$plugins->InstallPlugins;


+ 0
- 1
t/db_dependent/Koha/Plugins/Biblio_and_Items_plugin_hooks.t View File

@@ -39,7 +39,6 @@ BEGIN {
my $schema = Koha::Database->new->schema;
my $builder = t::lib::TestBuilder->new;

t::lib::Mocks::mock_preference( 'UseKohaPlugins', 1 );
t::lib::Mocks::mock_config( 'enable_plugins', 1 );

subtest 'after_biblio_action() and after_item_action() hooks tests' => sub {


+ 0
- 1
t/db_dependent/Koha/Plugins/Patron.t View File

@@ -40,7 +40,6 @@ BEGIN {
my $schema = Koha::Database->new->schema;
my $builder = t::lib::TestBuilder->new;

t::lib::Mocks::mock_preference( 'UseKohaPlugins', 1 );
t::lib::Mocks::mock_config( 'enable_plugins', 1 );

subtest 'check_password hook tests' => sub {


+ 0
- 2
t/db_dependent/Koha/REST/Plugin/PluginRoutes.t View File

@@ -48,7 +48,6 @@ subtest 'Bad plugins tests' => sub {

# enable plugins
t::lib::Mocks::mock_config( 'enable_plugins', 1 );
t::lib::Mocks::mock_preference( 'UseKohaPlugins', 1 );

# remove any existing plugins that might interfere
Koha::Plugins::Methods->search->delete;
@@ -84,7 +83,6 @@ subtest 'Disabled plugins tests' => sub {

# enable plugins
t::lib::Mocks::mock_config( 'enable_plugins', 1 );
t::lib::Mocks::mock_preference( 'UseKohaPlugins', 1 );

my $good_plugin;



+ 0
- 2
t/db_dependent/Koha/Template/Plugin/KohaPlugins.t View File

@@ -24,7 +24,6 @@ BEGIN {
use_ok('Koha::Plugin::Test');
}

t::lib::Mocks::mock_preference( 'UseKohaPlugins', 1 );
t::lib::Mocks::mock_config( 'enable_plugins', 1 );

my $schema = Koha::Database->new->schema;
@@ -53,7 +52,6 @@ ok( index( $plugin->get_plugins_opac_head, 'Koha::Plugin::Test::opac_head' ) !=
ok( index( $plugin->get_plugins_intranet_js, 'Koha::Plugin::Test::intranet_js' ) != -1, 'Test plugin intranet_js return value is part of code returned by get_plugins_intranet_js' );
ok( index( $plugin->get_plugins_intranet_head, 'Koha::Plugin::Test::intranet_head' ) != -1, 'Test plugin intranet_head return value is part of code returned by get_plugins_intranet_head' );

t::lib::Mocks::mock_preference('UseKohaPlugins',0);
t::lib::Mocks::mock_config('enable_plugins',0);
is( $plugin->get_plugins_opac_js, q{}, 'Test plugin opac_js return value is empty' );
is( $plugin->get_plugins_opac_head, q{}, 'Test plugin opac_head return value is empty' );


+ 0
- 1
t/db_dependent/UsageStats.t View File

@@ -474,7 +474,6 @@ sub mocking_systempreferences_to_a_set_value {
NovelistSelectEnabled
OpenLibraryCovers
OpenLibrarySearch
UseKohaPlugins
SyndeticsEnabled
TagsEnabled
CalendarFirstDayOfWeek


+ 1
- 2
tools/stage-marc-import.pl View File

@@ -218,8 +218,7 @@ if ($completedJobID) {
my @templates = GetModificationTemplates();
$template->param( MarcModificationTemplatesLoop => \@templates );

if ( C4::Context->preference('UseKohaPlugins') &&
C4::Context->config('enable_plugins') ) {
if ( C4::Context->config('enable_plugins') ) {

my @plugins = Koha::Plugins->new()->GetPlugins({
method => 'to_marc',


Loading…
Cancel
Save