diff --git a/cmd/fleetctl/mdm.go b/cmd/fleetctl/mdm.go index 53ef15b3a518..2d54f2bc88e8 100644 --- a/cmd/fleetctl/mdm.go +++ b/cmd/fleetctl/mdm.go @@ -265,16 +265,6 @@ func mdmWipeCommand() *cli.Command { return err } - config, err := client.GetAppConfig() - if err != nil { - return err - } - - // linux hosts need scripts to be enabled in the org settings to wipe. - if host.Platform == "linux" && config.ServerSettings.ScriptsDisabled { - return errors.New("Can't wipe host because running scripts is disabled in organization settings.") - } - if err := client.MDMWipeHost(host.ID); err != nil { return fmt.Errorf("Failed to wipe host: %w", err) } diff --git a/ee/server/service/hosts.go b/ee/server/service/hosts.go index 33b795928505..8107f7666b32 100644 --- a/ee/server/service/hosts.go +++ b/ee/server/service/hosts.go @@ -91,18 +91,6 @@ func (svc *Service) LockHost(ctx context.Context, hostID uint, viewPIN bool) (un return "", ctxerr.Wrap(ctx, err, "check windows MDM enabled") } } - // on windows and linux, a script is used to lock the host so scripts must - // be enabled - appCfg, err := svc.ds.AppConfig(ctx) - if err != nil { - return "", ctxerr.Wrap(ctx, err, "get app config") - } - if appCfg.ServerSettings.ScriptsDisabled { - return "", ctxerr.Wrap( - ctx, - fleet.NewInvalidArgumentError("host_id", "Can't lock host because running scripts is disabled in organization settings."), - ) - } hostOrbitInfo, err := svc.ds.GetHostOrbitInfo(ctx, host.ID) switch { case err != nil: @@ -182,7 +170,7 @@ func (svc *Service) UnlockHost(ctx context.Context, hostID uint) (string, error) case "windows", "linux": // on windows and linux, a script is used to lock the host so scripts must - // be enabled + // be enabled on the host if host.FleetPlatform() == "windows" { if err := svc.VerifyMDMWindowsConfigured(ctx); err != nil { if errors.Is(err, fleet.ErrMDMNotConfigured) { @@ -191,13 +179,6 @@ func (svc *Service) UnlockHost(ctx context.Context, hostID uint) (string, error) return "", ctxerr.Wrap(ctx, err, "check windows MDM enabled") } } - appCfg, err := svc.ds.AppConfig(ctx) - if err != nil { - return "", ctxerr.Wrap(ctx, err, "get app config") - } - if appCfg.ServerSettings.ScriptsDisabled { - return "", ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("host_id", "Can't unlock host because running scripts is disabled in organization settings.")) - } hostOrbitInfo, err := svc.ds.GetHostOrbitInfo(ctx, host.ID) switch { case err != nil: @@ -286,14 +267,7 @@ func (svc *Service) WipeHost(ctx context.Context, hostID uint) error { requireMDM = true case "linux": - // on linux, a script is used to wipe the host so scripts must be enabled - appCfg, err := svc.ds.AppConfig(ctx) - if err != nil { - return ctxerr.Wrap(ctx, err, "get app config") - } - if appCfg.ServerSettings.ScriptsDisabled { - return ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("host_id", "Can't wipe host because running scripts is disabled in organization settings.")) - } + // on linux, a script is used to wipe the host so scripts must be enabled on the host hostOrbitInfo, err := svc.ds.GetHostOrbitInfo(ctx, host.ID) switch { case err != nil: diff --git a/ee/server/service/software_installers.go b/ee/server/service/software_installers.go index 623378d0db92..2024369f8a5e 100644 --- a/ee/server/service/software_installers.go +++ b/ee/server/service/software_installers.go @@ -836,18 +836,6 @@ func (svc *Service) installSoftwareTitleUsingInstaller(ctx context.Context, host } func (svc *Service) UninstallSoftwareTitle(ctx context.Context, hostID uint, softwareTitleID uint) error { - // First check if scripts are disabled globally. If so, no need for further processing. - cfg, err := svc.ds.AppConfig(ctx) - if err != nil { - svc.authz.SkipAuthorization(ctx) - return err - } - - if cfg.ServerSettings.ScriptsDisabled { - svc.authz.SkipAuthorization(ctx) - return fleet.NewUserMessageError(errors.New(fleet.RunScriptScriptsDisabledGloballyErrMsg), http.StatusForbidden) - } - // we need to use ds.Host because ds.HostLite doesn't return the orbit node key host, err := svc.ds.Host(ctx, hostID) if err != nil { diff --git a/server/service/orbit.go b/server/service/orbit.go index 79771afddad4..ddba84751102 100644 --- a/server/service/orbit.go +++ b/server/service/orbit.go @@ -295,7 +295,7 @@ func (svc *Service) GetOrbitConfig(ctx context.Context) (fleet.OrbitConfig, erro } // load the pending script executions for that host - if !appConfig.ServerSettings.ScriptsDisabled { + if !appConfig.ServerSettings.ScriptsDisabled { // TODO filter to only "special" scripts rather than skipping entirely when scripts disabled pending, err := svc.ds.ListPendingHostScriptExecutions(ctx, host.ID) if err != nil { return fleet.OrbitConfig{}, err