From 1a2b8d4dc16ccb8e2e6d7c20f71032dce9cb1785 Mon Sep 17 00:00:00 2001
From: tituspijean <titus+yunohost@pijean.ovh>
Date: Wed, 11 Oct 2023 22:55:00 +0200
Subject: [PATCH] Improve admin permissions and setup

---
 manifest.toml   |  6 ++--
 scripts/config  | 77 +++++++++++++++++++++++++++++++++++++++++++++++++
 scripts/install |  5 +++-
 3 files changed, 84 insertions(+), 4 deletions(-)
 create mode 100644 scripts/config

diff --git a/manifest.toml b/manifest.toml
index 2c869ae..1d27a63 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -40,9 +40,10 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
     type = "group"
     default = "visitors"
 
-    [install.admin]
+    [install.init_admin_permission]
     type = "user"
-    help.en = "Choose the Dotclear super user. By default, all users in the admin group will be admins of Dotclear."
+    ask.en = "Choose the Dotclear super user."
+    help.en = "You can later on give admin permission to more users."
 
 [resources]
     [resources.sources.latest]
@@ -65,7 +66,6 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
     main.url = "/"
     admin.url = "/admin"
     admin.show_tile = false
-    admin.allowed = "admins"
 
     [resources.apt]
     packages = "mariadb-server, php8.2, php8.2-fpm, php8.2-mbstring, php8.2-mysql, php-iconv, php8.2-xml, php8.2-cli, php8.2-intl, php8.2-ldap"
diff --git a/scripts/config b/scripts/config
new file mode 100644
index 0000000..6939c07
--- /dev/null
+++ b/scripts/config
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC STARTING
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source /usr/share/yunohost/helpers
+
+ynh_abort_if_errors
+
+#=================================================
+# SPECIFIC SETTERS FOR TOML SHORT KEYS
+#=================================================
+set__blogs_list() {
+
+    declare -A domain_array
+    declare -A path_array
+
+    for blog in $(echo $blogs_list | sed "s/,/ /"); do
+        id=$(echo $blog | cut -d@ -f1)
+        domain=$(echo $blog | cut -d@ -f2 | cut -d/ -f1)
+        path="/$(echo $blog | cut -d@ -f2 | cut -d/ -f2)"
+
+        domain_array+=([$id]=$domain)
+        path_array+=([$id]=$path)
+    done
+
+    declare -A old_domain_array
+    declare -A old_path_array
+
+    for blog in $(echo ${old[blogs_list]} | sed "s/,/ /"); do
+        id=$(echo $blog | cut -d@ -f1)
+        domain=$(echo $blog | cut -d@ -f2 | cut -d/ -f1)
+        path="/$(echo $blog | cut -d@ -f2 | cut -d/ -f2)"
+
+        old_domain_array+=([$id]=$domain)
+        old_path_array+=([$id]=$path)
+    done
+
+    # https://stackoverflow.com/questions/2312762/compare-difference-of-two-arrays-in-bash
+    # Get added and removed blogs
+    added_ids_array=(`echo ${!domain_array[@]} ${!old_domain_array[@]} | tr ' ' '\n' | sort | uniq -u `)
+    removed_ids_array=(`echo ${!old_domain_array[@]} $!domain_array[@]} | tr ' ' '\n' | sort | uniq -D | uniq `)
+
+    for id in $removed_ids_array; do
+        if [ ynh_permission_exists --permission="$id" ]; then
+            ynh_permission_delete --permission="$id"
+        fi
+        ynh_secure_remove --file="/etc/nginx/conf.d/${old_domain_array[$id]}.d/$app.conf"
+    done
+
+    for id in $domain_array; do
+    
+        if [ $domain_array[$id] != $old_domain_array[$id] ]; then
+            mv /etc/nginx/conf.d/${old_domain_array[$id]}.d/$app.conf /etc/nginx/conf.d/${domain_array[$id]}.d/$app.conf
+        fi
+        
+        if [ $path_array[$id] != $old_path_array[$id] ]; then
+            domain=$domain_array[$id]
+            path=$path_array[$id]
+            ynh_add_config --template="nginx.conf" --destination="/etc/nginx/conf.d/${domain_array[$id]}.d/$app.conf"
+        fi
+
+        if [ ynh_permission_exists --permission="$id" ]; then
+            ynh_permission_url --permission="$id" --url="$domain_array[$id]$path_array[$id]"
+            ynh_permission_url --permission="$id.admin" --url="$domain_array[$id]$path_array[$id]/admin"
+        else
+            ynh_permission_create --permission="$id" --url="$domain_array[$id]$path_array[$id]"
+            ynh_permission_create --permission="$id.admin" --url="$domain_array[$id]$path_array[$id]/admin"
+        fi
+        
+    done
+    
+    ynh_app_setting_set $app blogs_list $blogs_list
+}
diff --git a/scripts/install b/scripts/install
index 862b3da..7dc7ec3 100755
--- a/scripts/install
+++ b/scripts/install
@@ -55,6 +55,8 @@ ynh_script_progression --message="Adding a configuration file..."
 
 php_config=$install_dir/inc/config.php
 
+admin=$(yunohost user permission info "$app.admin" --output-as json | jq -r '.allowed | .[]')
+
 master_key=$(ynh_string_random --length=30)
 ynh_app_setting_set --app=$app --key=master_key --value=$master_key
 
@@ -62,6 +64,7 @@ cp $php_config.in $php_config
 
 admin_url="${path%/}/admin/"
 
+admin=$(yunohost user permission info "$app.admin" --output-as json | jq -r '.allowed | .[]')
 email=$(ynh_user_get_info --username=$admin --key=mail)
 
 # Config as if we called in admin/install/wizard.php
@@ -117,7 +120,7 @@ chown $app:$app "$php_config"
 ynh_script_progression --message="Finalizing installation..." --weight=14
 
 # Give the admin the proper permission and give temporary admin access to visitors
-ynh_permission_update --permission="admin" --add="$admin" "visitors"
+ynh_permission_update --permission="admin" --add="visitors"
 
 firstname=$(ynh_user_get_info --username=$admin --key=firstname)
 lastname=$(ynh_user_get_info --username=$admin --key=lastname)