https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28957
--- Comment #8 from David Cook <[email protected]> --- Ok, I have an idea germinating. We change ./plugins/run.pl so that flagsrequired => { catalogue => 1 }. This means that anyone with staff interface access can execute this staff interface Perl script. We wrap Koha::Plugins::Handler->run() with a "C4::Auth::haspermission()" check. We take care of our existing known use cases of "report", "tool", "admin", and "configure" which are pre-existing "plugins" subpermissions. If a method is not "report", "tool", "admin", or "configure", then we need to do something else. This is the use case mentioned by Martin here. And historically these users have required full plugins permissions to run the plugin. So some options coming to mind: 1. We interpret any other method as requiring a "report", "tool", or "admin" permission. In some ways it would make things more secure (ie these people wouldn't need full/configure permissions in order to run the plugins), but in other ways it would be less secure because now anyone could run weird plugin methods if they have any of the 'report', 'tool', or 'admin'. Not very optimal... 2. We add a new plugin class method called "koha_authz". If $class->can('koha_authz'), we try to delegate authorization to the plugin. If it doesn't have that class method, then we fallback to the status quo of requiring full "plugins" permissions? Yet, this is still a problem as I noted before. People with full plugins permission have access to too many plugin methods... -- We're stuck in a tricky place. If we want to fix the security, we might have to break some plugins. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
