From 768acccb1ba720ce9c687589800894b1558d3b0e Mon Sep 17 00:00:00 2001
From: squeak <squeak@eauchat.org>
Date: Wed, 31 Mar 2021 12:07:23 +0200
Subject: [PATCH 1/3] Small fixes and typos

---
 manifest.json      | 2 +-
 scripts/change_url | 2 +-
 scripts/upgrade    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/manifest.json b/manifest.json
index 8a52a26..b6071b5 100644
--- a/manifest.json
+++ b/manifest.json
@@ -62,7 +62,7 @@
         "name": "autosync_info",
         "type": "display_text",
         "ask": {
-          "en": "All the following option are useful only if you chose to enable autosynchronization. You can skip them all if you didn't.",
+          "en": "All the following options are useful only if you chose to enable autosynchronization. You can skip them all if you didn't.",
           "fr": "Les options qui suivent ne sont utiles que si vous avez choisi d'activer l'autosynchronisation. Vous pouvez toutes les ignorer si ce n'est pas le cas."
         }
       },
diff --git a/scripts/change_url b/scripts/change_url
index 9be1a3a..6409e72 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -75,7 +75,7 @@ fi
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
 
 #=================================================
 # MODIFY URL IN NGINX CONF
diff --git a/scripts/upgrade b/scripts/upgrade
index c72712b..a4cdefb 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -59,7 +59,7 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE

From 9b8c509b8d2be12470998d4f3247e99e12544420 Mon Sep 17 00:00:00 2001
From: squeak <squeak@eauchat.org>
Date: Wed, 31 Mar 2021 13:51:58 +0200
Subject: [PATCH 2/3] Fixed permissions for dato directory.

---
 scripts/install | 10 ++++------
 scripts/restore |  6 ++++--
 scripts/upgrade |  6 ++++--
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/scripts/install b/scripts/install
index f547500..3c11cc5 100755
--- a/scripts/install
+++ b/scripts/install
@@ -204,12 +204,10 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-### For security reason, any app should set the permissions to root: before anything else.
-### Then, if write authorization is needed, any access should be given only to directories
-### that really need such authorization.
-
-# Set permissions to app files
-chown -R "$app":"$app" $final_path
+# Set permissions to app files (let dato write right only to what it needs to modify)
+chown -R root: $final_path
+[ -d "$final_path/dist" ] || mkdir "$final_path/dist"
+chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
 #=================================================
 # SETUP LOGROTATE
diff --git a/scripts/restore b/scripts/restore
index ed4c7d3..4c004fc 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -71,8 +71,10 @@ ynh_system_user_create --username=$app
 # RESTORE USER RIGHTS
 #=================================================
 
-# Restore permissions on app files
-chown -R "$app":"$app" $final_path
+# Restore permissions on app files (let dato write right only to what it needs to modify)
+chown -R root: $final_path
+[ -d "$final_path/dist" ] || mkdir "$final_path/dist"
+chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
 # #=================================================
 # # RESTORE FAIL2BAN CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index a4cdefb..1a2833f 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -135,8 +135,10 @@ ynh_add_systemd_config --others_var="ynh_node_load_PATH"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions on app files
-chown -R "$app":"$app" $final_path
+# Set permissions on app files (let dato write right only to what it needs to modify)
+chown -R root: $final_path
+[ -d "$final_path/dist" ] || mkdir "$final_path/dist"
+chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
 #=================================================
 # SETUP LOGROTATE

From d38583e7c45682d9129146c213351686d8045a68 Mon Sep 17 00:00:00 2001
From: squeak <squeak@eauchat.org>
Date: Wed, 31 Mar 2021 13:52:16 +0200
Subject: [PATCH 3/3] 1.5.11~ynh2

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index b6071b5..0a8e1ed 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
     "en": "Store all kinds of data with an extremely customizable interface.",
     "fr": "Stockez tous types de données avec une interface complètement customizable."
   },
-  "version": "1.5.11~ynh1",
+  "version": "1.5.11~ynh2",
   "url": "https://squeak.eauchat.org/dato",
   "license": "AGPL-3.0-or-later",
   "maintainer": {