[PTRun][Enterprise]GPO for plugin enabled state (#27468)

* try code for gpo with pluginID param * fix typo * fixes * update admx * Add second policy to admx * spelling fixes * admx clean up * add gpo code * small fixes * fixes * fix cast * update settings code * bug fixes * fix plugins disabled warning * Info bar in settings * settings ui fixes * code clean up * fix spelling * fix spelling * code optimization * changes * fix code * switch to char* * update comments * validate plugin ID * spell fixes * spell fixes * fix IPlugin interface * Update Directory.Packages.props hopefully fixes unit tests * revert change of nuget pkg * fixes * fix spell check * add todo comment * improve gpo.h * improve gpo.h * update gpo.h * clean up code in gpo.h * fix build * try to fix build * xaml fix * Fix getting string value from the registry * communicate policy state suing settings.json * various changes and gpo docs * spell fixes * PT Run: Policy handling * spell fix * fix logging * fix admx revision * revision fix 2 * review feedback 1 * review feedback 2 * dev docs update * fix typo
2026-04-07 03:36:44 +02:00 · 2023-10-11 16:37:15 +02:00
parent 19827d0093
commit 602a3ff090
39 changed files with 377 additions and 15 deletions
--- a/src/modules/launcher/Wox.Plugin/IPlugin.cs
+++ b/src/modules/launcher/Wox.Plugin/IPlugin.cs
@@ -2,6 +2,7 @@
 // The Microsoft Corporation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.

+using System;
 using System.Collections.Generic;

 namespace Wox.Plugin
@@ -17,5 +18,11 @@ namespace Wox.Plugin

        // Localized description
        string Description { get; }
+
+        /* The two property lines are commented because they break the unit tests. (The Moq package used in the unit tests doesn't support the .Net 7 feature 'static abstract' properties yet.) - https://github.com/Moq/Moq/issues/1398
+        *
+        * // Plugin ID for validating the plugin.json entry (It must be static for accessing it before loading the plugin.)
+        * public static abstract string PluginID { get; }
+        */
    }
 }
--- a/src/modules/launcher/Wox.Plugin/PluginMetadata.cs
+++ b/src/modules/launcher/Wox.Plugin/PluginMetadata.cs
@@ -32,6 +32,10 @@ namespace Wox.Plugin

        public bool Disabled { get; set; }

+        // This property is used in PT Run only to decide whether to updated the Disabled property or not.
+        [JsonIgnore]
+        public bool IsEnabledPolicyConfigured { get; set; }
+
        [JsonInclude]
        public string ExecuteFilePath { get; private set; }

--- a/src/modules/launcher/Wox.Plugin/PluginPair.cs
+++ b/src/modules/launcher/Wox.Plugin/PluginPair.cs
@@ -63,20 +63,24 @@ namespace Wox.Plugin
                return;
            }

-            if (Metadata.Disabled && !setting.Disabled)
+            // If the enabled state is policy managed then we skip the update of the disabled state as it must be a manual settings.json manipulation.
+            if (!Metadata.IsEnabledPolicyConfigured)
            {
-                Metadata.Disabled = false;
-                InitializePlugin(api);
-
-                if (!IsPluginInitialized)
+                if (Metadata.Disabled && !setting.Disabled)
                {
-                    string description = $"{Resources.FailedToLoadPluginDescription} {Metadata.Name}\n\n{Resources.FailedToLoadPluginDescriptionPartTwo}";
-                    api.ShowMsg(Resources.FailedToLoadPluginTitle, description, string.Empty, false);
+                    Metadata.Disabled = false;
+                    InitializePlugin(api);
+
+                    if (!IsPluginInitialized)
+                    {
+                        string description = $"{Resources.FailedToLoadPluginDescription} {Metadata.Name}\n\n{Resources.FailedToLoadPluginDescriptionPartTwo}";
+                        api.ShowMsg(Resources.FailedToLoadPluginTitle, description, string.Empty, false);
+                    }
+                }
+                else
+                {
+                    Metadata.Disabled = setting.Disabled;
                }
-            }
-            else
-            {
-                Metadata.Disabled = setting.Disabled;
            }

            Metadata.ActionKeyword = setting.ActionKeyword;
@@ -167,6 +171,19 @@ namespace Wox.Plugin
                return false;
            }

+            // Validate plugin ID to prevent bypassing the GPO by changing the ID in the plugin.json file.
+            string pluginID = (string)type.GetProperty("PluginID", BindingFlags.Public | BindingFlags.Static)?.GetValue(null);
+            if (pluginID == null)
+            {
+                Log.Error($"Can't validate plugin ID of plugin <{Metadata.Name}> in {Metadata.ExecuteFilePath}: The static property <Main.PluginID> was not found.", MethodBase.GetCurrentMethod().DeclaringType);
+                return false;
+            }
+            else if (pluginID != Metadata.ID)
+            {
+                Log.Error($"Wrong plugin ID found in plugin.json of plugin <{Metadata.Name}>. ('{Metadata.ID}' != '{pluginID}')", MethodBase.GetCurrentMethod().DeclaringType);
+                return false;
+            }
+
            try
            {
                Plugin = (IPlugin)Activator.CreateInstance(type);