[MDL-66119] Disable GUI plugin uninstalls (eg $CFG->uninstallclionly similar to $CFG->disableupdateautodeploy) - Moodle Tracker

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: Future Dev
Fix Version/s: 3.8
Component/s: Administration, Installation
Labels:

Fixed Branches:
MOODLE_38_STABLE
Pull from Repository:
https://github.com/Peterburnett/moodle
Pull Master Branch:
mdl-66119
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...Peterburnett:mdl-66119
Testing Instructions:
Hide

1) Open the plugin overview menu at Site Administration->Plugins->Plugin Overview. Verify that plugins can be uninstalled by clicking the uninstall button on one.

2) In config.php, add the line

$CFG->uninstallclionly = true;

3) Go back to the plugins menu, and verify that you are unable to uninstall plugins, as the uninstall button isn't present.

4) Attempt to uninstall a plugin using the CLI script uninstall_plugins.php, and verify that plugins can still be uninstalled from the command line.

5) Edit the line in config.php to false

$CFG->uninstallclionly = false;

6) Go back to the plugins menu, and verify that you are able to uninstall plugins again.
Show
1) Open the plugin overview menu at Site Administration->Plugins->Plugin Overview. Verify that plugins can be uninstalled by clicking the uninstall button on one. 2) In config.php, add the line $CFG->uninstallclionly = true ; 3) Go back to the plugins menu, and verify that you are unable to uninstall plugins, as the uninstall button isn't present. 4) Attempt to uninstall a plugin using the CLI script uninstall_plugins.php, and verify that plugins can still be uninstalled from the command line. 5) Edit the line in config.php to false $CFG->uninstallclionly = false ; 6) Go back to the plugins menu, and verify that you are able to uninstall plugins again.

Description

We want to harden moodle, one vector is if you get admin access in the gui we want to prevent people from covering their tracks and doing some malicious stuff.

We can easily log down the log stores and other settings but we can't stop people from uninstalling things in the gui, so proposing a new config.php only setting:

$CFG->uninstallclionly => 1;

Short circuit here:

https://github.com/moodle/moodle/blob/master/lib/classes/plugin_manager.php#L1174

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2019-07-31-09-25-59-317.png
350 kB
31/Jul/19 9:26 AM

Activity

People

Assignee:: Peter Burnett

Reporter:: Brendan Heywood

Peer reviewer:: Brendan Heywood

Integrator:: Adrian Greeve

Tester:: Janelle Barcega

Participants:: Adrian Greeve, Brendan Heywood, CiBoT, Janelle Barcega, Matt Porritt, Michael Hawkins, Peter Burnett

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 2 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 10/Jul/19 3:53 PM

Updated:: 06/Nov/19 9:48 PM

Resolved:: 01/Aug/19 11:42 PM

Fix Release Date:: 18/Nov/19

Time Tracking

Estimated:

Remaining:

Logged:

1h 11m