diff --git a/conf/local.py.j2 b/conf/local.py.j2 index 39ffa11..0654bae 100644 --- a/conf/local.py.j2 +++ b/conf/local.py.j2 @@ -43,39 +43,34 @@ EMAIL_HOST = '{{ domain }}' EMAIL_HOST_USER = '{{ app }}@{{ domain }}' EMAIL_HOST_PASSWORD = '{{ mail_pwd }}' -# # Tous acces -# # parametrer SSO en protect_uris -# # OU -# # Pas d'acces -# # hook -# # parametrer SSO en protect_uris -# import ldap -# from django_auth_ldap.config import LDAPSearch, PosixGroupType -# AUTHENTICATION_BACKENDS = ( -# 'django_auth_ldap.backend.LDAPBackend', -# 'django.contrib.auth.backends.ModelBackend', -# ) -# AUTH_LDAP_SERVER_URI = "ldap://localhost:389" -# AUTH_LDAP_USER_SEARCH = LDAPSearch("uid={{ admin }},ou=users,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") -# AUTH_LDAP_USER_ATTR_MAP = { -# "username": "uid", -# "first_name": "givenName", -# "last_name": "sn", -# "email": "mail", -# } -# AUTH_LDAP_USER_FLAGS_BY_GROUP = { -# "is_active": "cn=sftpusers,ou=groups,dc=yunohost,dc=org", -# "is_staff": "cn=sftpusers,ou=groups,dc=yunohost,dc=org", -# "is_superuser": "cn=sftpusers,ou=groups,dc=yunohost,dc=org" -# } -# AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)") -# AUTH_LDAP_GROUP_TYPE = PosixGroupType() -# AUTH_LDAP_ALWAYS_UPDATE_USER = True -# AUTH_LDAP_AUTHORIZE_ALL_USERS = True -# AUTH_LDAP_FIND_GROUP_PERMS = True -# #AUTH_LDAP_CACHE_GROUPS = True -# #AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300 -# #import logging -# #logger = logging.getLogger('django_auth_ldap') -# #logger.addHandler(logging.StreamHandler()) -# #logger.setLevel(logging.DEBUG) +# Tous acces +import ldap +from django_auth_ldap.config import LDAPSearch, MemberDNGroupType +AUTHENTICATION_BACKENDS = ( + 'django_auth_ldap.backend.LDAPBackend', + 'django.contrib.auth.backends.ModelBackend', +) +AUTH_LDAP_SERVER_URI = "ldap://localhost:389" +AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") +AUTH_LDAP_USER_ATTR_MAP = { + "username": "uid", + "first_name": "givenName", + "last_name": "sn", + "email": "mail", +} +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_active": "cn={{ app }}.main,ou=permission,dc=yunohost,dc=org", + "is_staff": "cn={{ app }}.staff,ou=permission,dc=yunohost,dc=org", + "is_superuser": "cn={{ app }}.superadmin,ou=permission,dc=yunohost,dc=org" +} +AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=permission,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE) +AUTH_LDAP_GROUP_TYPE = MemberDNGroupType("inheritPermission", "permissionYnh") +AUTH_LDAP_ALWAYS_UPDATE_USER = True +AUTH_LDAP_AUTHORIZE_ALL_USERS = False +AUTH_LDAP_FIND_GROUP_PERMS = True +AUTH_LDAP_CACHE_GROUPS = True +AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1000 +# import logging +# logger = logging.getLogger('django_auth_ldap') +# logger.addHandler(logging.StreamHandler()) +# logger.setLevel(logging.DEBUG) diff --git a/manifest.toml b/manifest.toml index cc86077..6ebaab8 100644 --- a/manifest.toml +++ b/manifest.toml @@ -31,10 +31,6 @@ ram.runtime = "50M" # this is a generic question - ask strings are automatically handled by Yunohost's core type = "domain" - [install.admin] - # this is a generic question - ask strings are automatically handled by Yunohost's core - type = "user" - [install.email] ask.en = "Choose email were send notification" ask.fr = "Choisissez l'email vers lequel envoyer les notifications" @@ -53,6 +49,22 @@ ram.runtime = "50M" type = "string" example = "https://www.exemple.tld" + [install.init_staff_permission] + ask.en = "Which group will have the staff access" + ask.fr = "Quel groupe aura accès l'accès en tant que staff" + help.en = "Users of this group should have access to the Coin admin page" + help.fr = "Les utilisateurs de ce groupe devrait avoir accès à la page d'administration de Coin" + type = "group" + default = "admins" + + [install.init_superadmin_permission] + ask.en = "Which group will have the superadmin access" + ask.fr = "Quel groupe aura accès l'accès en tant que super admin" + help.en = "Users of this group should have all access on the Coin admin page" + help.fr = "Les utilisateurs de ce groupe devrait avoir tout les accès sur la page d'administration de Coin" + type = "group" + default = "admins" + [resources] [resources.sources.main] url = "https://code.ffdn.org/ffdn/coin/-/archive/bcaad5f.tar.gz" @@ -66,7 +78,13 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" - main.allowed = "visitors" + main.allowed = ["visitors", "all_users"] + + staff.show_tile = false + staff.label = "Staff" + + superadmin.show_tile = false + superadmin.label = "Super admin" [resources.apt] packages = "gunicorn, python3, python3-venv, libpq-dev, libsasl2-dev, libjpeg-dev, libxml2-dev, libxslt1-dev, libpango1.0-0, postgresql, postgresql-contrib, postgresql-server-dev-13" diff --git a/scripts/install b/scripts/install index 3133d5b..89507fb 100644 --- a/scripts/install +++ b/scripts/install @@ -28,7 +28,7 @@ pushd "$install_dir" python3 -m venv venv venv/bin/pip install --upgrade pip venv/bin/pip install gunicorn - #echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt + echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt venv/bin/pip install -r requirements.txt popd diff --git a/scripts/upgrade b/scripts/upgrade index d97a29d..d93dd70 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -32,7 +32,7 @@ pushd "$install_dir" python3 -m venv venv venv/bin/pip install --upgrade pip venv/bin/pip install gunicorn - #echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt + echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt venv/bin/pip install -r requirements.txt popd