Plugin Installer GUI

Added by t. k. 3 months ago

I know this has already been discussed several times, such as in #6321, #12327, and #24611, but could anyone have any comments on whether the feature could be implemented in the following manner? Would this be a viable approach?

1. The sysadmin places a file containing a curated list of plugins in the redmine-x.x.x/config directory. The file contains information such as URL and (optional) version constraints, and would look something like this:

---
plugins:
  - name: redmine_aaa
    source: https://github.com/aaa/redmine_aaa/releases
    allowed_versions: >=1.0.0
  - name: redmine_bbb
    source: https://github.com/bbb/redmine_bbb/releases
  - name: redmine_ccc
    source: https://internal-website.com/redmine-plugins/redmine_ccc
  - name: redmine_ddd
    source: file:///opt/proprietary-redmine-plugins/redmine_ddd

2. Then let's say we have a new 'available plugins' page on Redmine, accessible only by admin Redmine users. When an admin user opens this page on the browser, Redmine reads the list above and displays them in a tabular format, with install/uninstall buttons on each plugin row. It might be possible to integrate this view into the current Administration -> Plugins page

3. The admin user can install/uninstall plugins in the list from the browser, but only as specified in the list file. In other words, the list file, like the example above, constrains where the plugins are fetched from and which versions are allowed.

From the point of view of privileges, there would be 3 distinct levels (highest to lowest):

  1. Sysadmin: has filesystem-level access to Redmine and thus can create/edit the plugins list file like the example above. They can also manually install plugins that are not in the list, from the terminal, i.e. the way plugin installation is currently done. Sysadmins usually also have their admin user accounts on Redmine.
  2. Admin Redmine users: Redmine users with admin privileges. They can install/uninstall plugins that are in the list on the 'available plugins' page
  3. Non-admin Redmine users: They use plugins that are enabled on the projects they are in, but can't install plugins in any way.

Background

  1. We need to delegate plugin installation tasks to admin users; a few sysadmins are managing over 100 Redmine instances. But we can't grant them direct access to the filesystem for a few reasons.
  2. We need to have tight control over which plugins are allowed to be installed. As such, it would not be suitable for us to adopt a public 'plugin store' model which lists all the available OSS plugins on the internet and let the user install whatever they want. In our experience, users tend to go down the rabbit hole trying all sorts of plugins, and this can have security/system stability implications.
  3. Users sometimes do require some esoteric plugins for good reasons, but this is relatively rare and is not any significant workload. When this happens, sysadmins can just manually install such plugins the same way they do now.