diff --git a/conf/local.protected.php b/conf/local.protected.php index 0604e4e..ddf37b3 100644 --- a/conf/local.protected.php +++ b/conf/local.protected.php @@ -14,15 +14,19 @@ $conf['useacl'] = 1; //Use Access Control Lists to restrict access? $conf['authtype'] = 'authldap'; //which authentication backend should be used $conf['passcrypt'] = 'sha1'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) -$conf['superuser'] = '__YNH_ADMIN_USER__'; //The admin can be user or @group or comma separated list user1,@group1,user2 -$conf['manager'] = '__YNH_ADMIN_USER__'; //The manager can be user or @group or comma separated list user1,@group1,user2 +$conf['superuser'] = '@__APP__.admin'; //The admin can be user or @group or comma separated list user1,@group1,user2 +$conf['manager'] = '@__APP__.admin'; //The manager can be user or @group or comma separated list user1,@group1,user2 /* LDAP Yunohost config */ $conf['plugin']['authldap']['server'] = 'localhost'; $conf['plugin']['authldap']['port'] = 389; $conf['plugin']['authldap']['version'] = 3; $conf['plugin']['authldap']['usertree'] = 'ou=users,dc=yunohost,dc=org'; -$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))'; +$conf['plugin']['authldap']['grouptree'] = 'ou=permission,dc=yunohost,dc=org'; +$conf['plugin']['authldap']['userfilter'] = '(&(objectClass=posixAccount)(uid=%{user})(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))'; +$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(memberUID=%{user})(cn=__APP__.*))'; +#$conf['plugin']['authldap']['debug'] = 1; + /* Advanced Settings */ $conf['updatecheck'] = 0; //automatically check for new releases? diff --git a/scripts/install b/scripts/install index 4ceb331..58accd4 100755 --- a/scripts/install +++ b/scripts/install @@ -22,7 +22,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH -admin=$YNH_APP_ARG_ADMIN +admin_user=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE @@ -46,8 +46,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language #================================================= @@ -108,8 +106,12 @@ ynh_script_progression --message="Configuring dokuwiki..." --weight=2 # It will only be updated by Yunohost package or directly by adventurous users cp ../conf/local.protected.php $final_path/conf -# Set the "admin" user -ynh_replace_string --match_string="__YNH_ADMIN_USER__" --replace_string="$admin" --target_file="$final_path/conf/local.protected.php" +# Create the "admin" group and add the "admin" user +ynh_permission_create --permission "admin" --allowed "$admin_user" + +# Customize admin group in case of multiple wiki install managed by different admins +# dokuwiki.admin; dokuwiki__1.admin; etc +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$final_path/conf/local.protected.php" # This file might be modified by dokuwiki admin panel or by plugins @@ -216,13 +218,14 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission "main" --add "visitors" fi #=================================================