MokoConsulting/MokoSuiteClient
0
0
Fork 0
Code Issues 73 Pull Requests 1 Releases 1 Wiki Activity

Merge pull request 'Release 02.07.00-rc: Master god privs, settings protection, install API fix' (#40) from dev into main
Universal: Cascade Main → Dev / Cascade main → branches (push) Has been cancelled
Details
Joomla: Repo Health / Access control (push) Has been cancelled
Details
Joomla: Repo Health / Release configuration (push) Has been cancelled
Details
Joomla: Repo Health / Scripts governance (push) Has been cancelled
Details
Joomla: Repo Health / Repository health (push) Has been cancelled
Details

Browse Source
This commit was merged in pull request #40.
This commit is contained in:
Jonathan Miller
2026-05-26 01:58:39 +00:00
parent a734d381ac 0b8f492613
commit fad0170cef
7 changed files with 39 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+2
View File
@@ -35,6 +35,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added ### Added
- Alias offline bypass: aliases with offline=No override Joomla's global offline setting, allowing access via alias domain while main site is down - Alias offline bypass: aliases with offline=No override Joomla's global offline setting, allowing access via alias domain while main site is down
- Block non-master users from viewing or editing MokoWaaS plugin settings
- Master user bypasses ALL tenant restrictions (install from URL, global config, sysinfo, installer, templates)
### Fixed ### Fixed
- Install API endpoint: extract ZIP to temp directory before passing to Joomla Installer (was passing ZIP path directly) - Install API endpoint: extract ZIP to temp directory before passing to Joomla Installer (was passing ZIP path directly)
README.md
+1 -1
View File
@@ -9,7 +9,7 @@
DEFGROUP: Joomla.Plugin DEFGROUP: Joomla.Plugin
INGROUP: MokoWaaS INGROUP: MokoWaaS
REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
VERSION: 02.05.01 VERSION: 02.05.04
PATH: /README.md PATH: /README.md
BRIEF: MokoWaaS platform plugin for Joomla BRIEF: MokoWaaS platform plugin for Joomla
--> -->
src/packages/com_mokowaas/mokowaas.xml
+1 -1
View File
@@ -7,7 +7,7 @@
<license>GPL-3.0-or-later</license> <license>GPL-3.0-or-later</license>
<authorEmail>hello@mokoconsulting.tech</authorEmail> <authorEmail>hello@mokoconsulting.tech</authorEmail>
<authorUrl>https://mokoconsulting.tech</authorUrl> <authorUrl>https://mokoconsulting.tech</authorUrl>
<version>02.05.00</version> <version>02.05.02</version>
<description>Minimal API-only component for MokoWaaS. Provides REST endpoints for site health, cache, updates, and backups.</description> <description>Minimal API-only component for MokoWaaS. Provides REST endpoints for site health, cache, updates, and backups.</description>
<namespace path="api/src">Moko\Component\MokoWaaS\Api</namespace> <namespace path="api/src">Moko\Component\MokoWaaS\Api</namespace>
<administration> <administration>
src/packages/plg_system_mokowaas/Extension/MokoWaaS.php
+32 -7
View File
@@ -1025,6 +1025,31 @@ class MokoWaaS extends CMSPlugin
$this->app->redirect('index.php?option=com_plugins'); $this->app->redirect('index.php?option=com_plugins');
} }
} }
// Block non-master from viewing or editing MokoWaaS plugin settings
if ($option === 'com_plugins')
{
$view = $this->app->input->get('view', '');
$layout = $this->app->input->get('layout', '');
$extensionId = (int) $this->app->input->get('extension_id', 0);
if (($view === 'plugin' || $layout === 'edit') && $extensionId > 0)
{
$db = Factory::getDbo();
$query = $db->getQuery(true)
->select('COUNT(*)')
->from($db->quoteName('#__extensions'))
->where($db->quoteName('extension_id') . ' = ' . $extensionId)
->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
->where($db->quoteName('type') . ' = ' . $db->quote('plugin'));
if ((int) $db->setQuery($query)->loadResult() > 0)
{
$this->app->enqueueMessage('MokoWaaS settings are restricted to the master user.', 'warning');
$this->app->redirect('index.php?option=com_plugins');
}
}
}
} }
/** /**
@@ -3402,12 +3427,18 @@ class MokoWaaS extends CMSPlugin
*/ */
protected function enforceAdminRestrictions() protected function enforceAdminRestrictions()
{ {
// Master user bypasses ALL restrictions
if ($this->isMasterUser())
{
return;
}
$input = $this->app->input; $input = $this->app->input;
$option = $input->get('option', ''); $option = $input->get('option', '');
$view = $input->get('view', ''); $view = $input->get('view', '');
$task = $input->get('task', ''); $task = $input->get('task', '');
// Disable install-from-URL for ALL users (safety net) // Disable install-from-URL for non-master users
if ($this->params->get('disable_install_url', 1) if ($this->params->get('disable_install_url', 1)
&& $option === 'com_installer' && $option === 'com_installer'
&& stripos($task, 'install') !== false && stripos($task, 'install') !== false
@@ -3418,12 +3449,6 @@ class MokoWaaS extends CMSPlugin
return; return;
} }
// Remaining restrictions only apply to non-master users
if ($this->isMasterUser())
{
return;
}
$blocked = []; $blocked = [];
if ($this->params->get('restrict_installer', 1)) if ($this->params->get('restrict_installer', 1))
src/packages/plg_system_mokowaas/mokowaas.xml
+1 -1
View File
@@ -30,7 +30,7 @@
<license>GNU General Public License version 3 or later; see LICENSE.md</license> <license>GNU General Public License version 3 or later; see LICENSE.md</license>
<authorEmail>hello@mokoconsulting.tech</authorEmail> <authorEmail>hello@mokoconsulting.tech</authorEmail>
<authorUrl>https://mokoconsulting.tech</authorUrl> <authorUrl>https://mokoconsulting.tech</authorUrl>
<version>02.05.00</version> <version>02.05.02</version>
<description>This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform.</description> <description>This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform.</description>
<namespace path=".">Moko\Plugin\System\MokoWaaS</namespace> <namespace path=".">Moko\Plugin\System\MokoWaaS</namespace>
<scriptfile>script.php</scriptfile> <scriptfile>script.php</scriptfile>
src/packages/plg_webservices_mokowaas/mokowaas.xml
+1 -1
View File
@@ -7,7 +7,7 @@
<license>GPL-3.0-or-later</license> <license>GPL-3.0-or-later</license>
<authorEmail>hello@mokoconsulting.tech</authorEmail> <authorEmail>hello@mokoconsulting.tech</authorEmail>
<authorUrl>https://mokoconsulting.tech</authorUrl> <authorUrl>https://mokoconsulting.tech</authorUrl>
<version>02.05.00</version> <version>02.05.02</version>
<description>Joomla Web Services API routes for MokoWaaS site management — health checks, cache, updates, backups, and site info.</description> <description>Joomla Web Services API routes for MokoWaaS site management — health checks, cache, updates, backups, and site info.</description>
<namespace path="src">Moko\Plugin\WebServices\MokoWaaS</namespace> <namespace path="src">Moko\Plugin\WebServices\MokoWaaS</namespace>
<files> <files>
src/pkg_mokowaas.xml
+1 -1
View File
@@ -2,7 +2,7 @@
<extension type="package" method="upgrade"> <extension type="package" method="upgrade">
<name>MokoWaaS</name> <name>MokoWaaS</name>
<packagename>mokowaas</packagename> <packagename>mokowaas</packagename>
<version>02.05.00</version> <version>02.05.02</version>
<creationDate>2026-05-23</creationDate> <creationDate>2026-05-23</creationDate>
<author>Moko Consulting</author> <author>Moko Consulting</author>
<authorEmail>hello@mokoconsulting.tech</authorEmail> <authorEmail>hello@mokoconsulting.tech</authorEmail>