Merge pull request #31 from YunoHost-Apps/testing

Testing
2024-09-03 18:26:29 +02:00 · 2021-08-30 12:33:07 +02:00 · 2021-08-30 12:33:07 +02:00 · 3ed436721f
commit 3ed436721f
parent feb70cb399 4840a385e3
12 changed files with 185 additions and 197 deletions
--- a/README.md
+++ b/README.md
@ -9,7 +9,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to
 ## Overview
 Dotclear is an open-source web publishing software.

-**Shipped version:** 2.18
+**Shipped version:** 2.18.1

 ## Screenshots

--- a/12
+++ b/12
@ -1,11 +1,9 @@
-# See here for more informations
-# https://github.com/YunoHost/package_check#syntax-check_process-file
 ;; Test complet
 	; Manifest
-		domain="domain.tld"	(DOMAIN)
-		path="/path"	(PATH)
-		admin="john"	(USER)
-		is_public=1	(PUBLIC|public=1|private=0)
+		domain="domain.tld"
+		path="/path"
+		admin="john"
+		is_public=1
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=1
@ -19,8 +17,6 @@
 		multi_instance=1
 		port_already_use=0
 		change_url=1
-;;; Levels
-	Level 5=auto
 ;;; Options
 Email=
 Notification=none
--- a/conf/app.src
+++ b/conf/app.src
@ -1,6 +1,7 @@
-SOURCE_URL=http://download.dotclear.org/latest/dotclear-2.18.tar.gz
-SOURCE_SUM=6a99672db2c20e392d776c680dc87d5bc66962e8307ecf81a63feb6c5d2f398a
+SOURCE_URL=http://download.dotclear.org/latest/dotclear-2.18.1.zip
+SOURCE_SUM=ea9874c0a796c798efa31c9a8b747707dc678b7244a4d385975466dc4ff5b88e
 SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=tar.gz
-SOURCE_IN_SUBDIR=2
+SOURCE_FORMAT=zip
+SOURCE_IN_SUBDIR=true
 SOURCE_FILENAME=
+SOURCE_EXTRACT=true
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -11,10 +11,13 @@ location __PATH__/ {

  index index.php;

+  # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
+  client_max_body_size 50M;
+
  try_files $uri $uri/ index.php;
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-    fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
+    fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;

    fastcgi_index index.php;
    include fastcgi_params;
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@ -33,7 +33,7 @@ group = __USER__
 ;                            (IPv6 and IPv4-mapped) on a specific port;
 ;   '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
+listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock

 ; Set listen(2) backlog.
 ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
        "en": "Blog publishing application",
        "fr": "Moteur de blog"
    },
-    "version": "2.18~ynh1",
+    "version": "2.18.1~ynh1",
    "license": "GPL-2.0-or-later",
    "url": "https://dotclear.org/",
    "maintainer": {
@ -19,41 +19,30 @@
    "multi_instance": true,
    "services": [
        "nginx",
-        "php7.0-fpm",
+        "php7.3-fpm",
        "mysql"
    ],
    "arguments": {
-        "install": [
+        "install" : [
            {
                "name": "domain",
                "type": "domain",
-                "ask": {
-                    "en": "Choose a domain for DotClear 2"
-                },
-                "example": "domain.org"
+                "example": "example.com"
            },
            {
                "name": "path",
                "type": "path",
-                "ask": {
-                    "en": "Choose a path for DotClear 2"
-                },
                "example": "/dotclear2",
                "default": "/dotclear2"
            },
            {
                "name": "admin",
                "type": "user",
-                "ask": {
-                    "en": "Choose a yunohost user as dotclear admin"
-                }
+                "example": "johndoe"
            },
            {
                "name": "is_public",
                "type": "boolean",
-                "ask": {
-                    "en": "Is it a public application ?"
-                },
                "default": true
            }
        ]
--- a/scripts/backup
+++ b/scripts/backup
@ -6,7 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================

-#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers

@ -20,54 +20,54 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..."
+ynh_print_info --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)

 #=================================================
-# STANDARD BACKUP STEPS
+# DECLARE DATA AND CONF FILES TO BACKUP
+#=================================================
+ynh_print_info --message="Declaring files to be backed up..."
+
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Backing up the main app directory..."

 ynh_backup --src_path="$final_path"

 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up nginx web server configuration..."

 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"

 #=================================================
 # BACKUP THE PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up php-fpm configuration..."

-ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
-
-#=================================================
-# BACKUP THE MYSQL DATABASE
-#=================================================
-ynh_script_progression --message="Backing up the MySQL database..."
-
-ynh_mysql_dump_db --database="$db_name" > db.sql
+ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"

 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up fail2ban configuration..."

 ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"

+#=================================================
+# BACKUP THE MYSQL DATABASE
+#=================================================
+ynh_print_info --message="Backing up the MySQL database..."
+
+ynh_mysql_dump_db --database="$db_name" > db.sql
+
 #=================================================
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
+ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
--- a/scripts/change_url
+++ b/scripts/change_url
@ -33,18 +33,18 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)

 #=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
 #=================================================
-ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=4
+ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."

 # Backup the current version of the app
 ynh_backup_before_upgrade
 ynh_clean_setup () {
-    # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
-    ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
+	# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
+	ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"

-    # restore it if the upgrade fails
-    ynh_restore_upgradebackup
+	# Restore it if the upgrade fails
+	ynh_restore_upgradebackup
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
@ -56,13 +56,13 @@ ynh_abort_if_errors
 change_domain=0
 if [ "$old_domain" != "$new_domain" ]
 then
-    change_domain=1
+	change_domain=1
 fi

 change_path=0
 if [ "$old_path" != "$new_path" ]
 then
-    change_path=1
+	change_path=1
 fi

 #=================================================
@ -70,30 +70,30 @@ fi
 #=================================================
 # MODIFY URL IN NGINX CONF
 #=================================================
-ynh_script_progression --message="Updating nginx web server configuration..." --weight=2
+ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2

 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf

-# Change the path in the nginx config file
+# Change the path in the NGINX config file
 if [ $change_path -eq 1 ]
 then
-    # Make a backup of the original nginx config file if modified
-    ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
-    # Set global variables for nginx helper
-    domain="$old_domain"
-    path_url="$new_path"
-    # Create a dedicated nginx config
-    ynh_add_nginx_config
+	# Make a backup of the original NGINX config file if modified
+	ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
+	# Set global variables for NGINX helper
+	domain="$old_domain"
+	path_url="$new_path"
+	# Create a dedicated NGINX config
+	ynh_add_nginx_config
 fi

-# Change the domain for nginx
+# Change the domain for NGINX
 if [ $change_domain -eq 1 ]
 then
-    # Delete file checksum for the old conf file location
-    ynh_delete_file_checksum --file="$nginx_conf_path"
-    mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
-    # Store file checksum for the new config file location
-    ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
+	# Delete file checksum for the old conf file location
+	ynh_delete_file_checksum --file="$nginx_conf_path"
+	mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
+	# Store file checksum for the new config file location
+	ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
 fi

 #=================================================
@ -126,12 +126,15 @@ ynh_replace_string --match_string="'DC_ADMIN_URL', 'https://$old_domain$old_admi

 ynh_store_file_checksum --file="$php_config"

+chmod 400 "$php_config"
+chown $app:$app "$php_config"
+
 #=================================================
 # GENERIC FINALISATION
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..."
+ynh_script_progression --message="Reloading NGINX web server..."

 ynh_systemd_action --service_name=nginx --action=reload

--- a/scripts/install
+++ b/scripts/install
@ -20,12 +20,13 @@ ynh_abort_if_errors
 # RETRIEVE ARGUMENTS FROM THE MANIFEST
 #=================================================

-app=$YNH_APP_INSTANCE_NAME
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 is_public=$YNH_APP_ARG_IS_PUBLIC
 admin=$YNH_APP_ARG_ADMIN

+app=$YNH_APP_INSTANCE_NAME
+
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
@ -46,6 +47,14 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin

+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=2
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir=$final_path
+
 #=================================================
 # CREATE A MYSQL DATABASE
 #=================================================
@ -71,35 +80,33 @@ if ! curl --output /dev/null --silent --head --fail "$src_url"; then
 	ynh_replace_string --match_string="latest" --replace_string="attic" --target_file="../conf/app.src"
 fi

+# Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"

+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring nginx web server..."
+ynh_script_progression --message="Configuring NGINX web server..."

-# Create a dedicated nginx config
+# Create a dedicated NGINX config
 ynh_add_nginx_config

-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=2
-
-# Create a system user
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring php-fpm..." --weight=2
+ynh_script_progression --message="Configuring PHP-FPM..." --weight=2

-# Create a dedicated php-fpm config
+# Create a dedicated PHP-FPM config
 ynh_add_fpm_config

 #=================================================
-# MODIFY A CONFIG FILE
+# ADD A CONFIGURATION
 #=================================================
+ynh_script_progression --message="Adding a configuration file..."

 php_config=$final_path/inc/config.php

@ -134,15 +141,17 @@ EOF

 ynh_store_file_checksum --file=$php_config

+chmod 400 "$php_config"
+chown $app:$app "$php_config"
+
 #=================================================
 # SETUP APPLICATION WITH CURL
 #=================================================

-# Set right permissions for curl install
-chown -R $app: $final_path
-
 # Set the app as temporarily public for curl call
-ynh_permission_update --permission "main" --add "visitors"
+ynh_script_progression --message="Configuring SSOwat..."
+# Making the app public for curl
+ynh_permission_update --permission="main" --add="visitors"

 # Reload Nginx
 ynh_systemd_action --service_name=nginx --action=reload
@ -160,22 +169,17 @@ installUrl="/admin/install/index.php"

 ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password"

+# Remove the public access
+ynh_permission_update --permission="main" --remove="visitors"
+
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions to app files
-chown -R root: $final_path
-chown -R $app $final_path/{public,cache,themes,plugins}
-
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
-ynh_script_progression --message="Configuring fail2ban..."
+ynh_script_progression --message="Configuring Fail2Ban..."

-# Create a dedicated fail2ban config
+# Create a dedicated Fail2Ban config
 ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path_url%/}/admin/auth.php"

 #=================================================
@ -183,17 +187,21 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
 #=================================================
 ynh_script_progression --message="Configuring permissions..."

-if [ $is_public -eq 0 ]; then
-	ynh_permission_update --permission "main" --remove "visitors"
+# Make app public if necessary
+if [ $is_public -eq 1 ]
+then
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
 fi

 # Only the admin can access the admin panel of the app (if the app has an admin panel)
-ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
+ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin

 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..."
+ynh_script_progression --message="Reloading NGINX web server..."

 ynh_systemd_action --service_name=nginx --action=reload

--- a/scripts/remove
+++ b/scripts/remove
@ -42,19 +42,27 @@ ynh_secure_remove --file="$final_path"
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing nginx web server configuration..."
+ynh_script_progression --message="Removing NGINX web server configuration..."

-# Remove the dedicated nginx config
+# Remove the dedicated NGINX config
 ynh_remove_nginx_config

 #=================================================
 # REMOVE PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing php-fpm configuration..."
+ynh_script_progression --message="Removing PHP-FPM configuration..."

-# Remove the dedicated php-fpm config
+# Remove the dedicated PHP-FPM config
 ynh_remove_fpm_config

+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing Fail2ban configuration..."
+
+# Remove the dedicated Fail2Ban config
+ynh_remove_fail2ban_config
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@ -65,14 +73,6 @@ ynh_script_progression --message="Removing the dedicated system user..."
 # Delete a system user
 ynh_system_user_delete --username=$app

-#=================================================
-# REMOVE FAIL2BAN CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing fail2ban configuration..."
-
-# Remove the dedicated fail2ban config
-ynh_remove_fail2ban_config
-
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -6,7 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================

-#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers

@ -20,7 +20,7 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading settings..."
+ynh_script_progression --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

@ -29,6 +29,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)

 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@ -45,9 +46,18 @@ test ! -d $final_path \
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
 #=================================================
+ynh_script_progression --message="Restoring the NGINX configuration..."

 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"

+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir=$final_path
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
@ -55,32 +65,21 @@ ynh_script_progression --message="Restoring the app main directory..."

 ynh_restore_file --origin_path="$final_path"

-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
-#=================================================
-# RESTORE USER RIGHTS
-#=================================================
-
-# Restore permissions on app files
-chown -R root: $final_path
-chown -R $app $final_path/{public,cache,themes,plugins}
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"

 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
+ynh_script_progression --message="Restoring the PHP-FPM configuration..."

-ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"

 #=================================================
-# RESTORE THE FAIL2BAN CONFIGURATION
+# RESTORE FAIL2BAN CONFIGURATION
 #=================================================
-ynh_script_progression --message="Restoring the fail2ban configuration..."
+ynh_script_progression --message="Restoring the Fail2Ban configuration..."

 ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
@ -102,9 +101,9 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./
 #=================================================
 # RELOAD NGINX AND PHP-FPM
 #=================================================
-ynh_script_progression --message="Reloading nginx web server and php-fpm..."
+ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..."

-ynh_systemd_action --service_name=php7.0-fpm --action=reload
+ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload

 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -29,9 +29,26 @@ master_key=$(ynh_app_setting_get --app=$app --key=master_key)
 #=================================================
 # CHECK VERSION
 #=================================================
+ynh_script_progression --message="Checking version..."

 upgrade_type=$(ynh_check_app_version_changed)

+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+	# Restore it if the upgrade fails
+	ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# STANDARD UPGRADE STEPS
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
@ -66,33 +83,22 @@ if [ -n "$is_public" ]; then
 	ynh_app_setting_delete --app=$app --key=is_public
 fi

-#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
-#=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4
-
-# Backup the current version of the app
-ynh_backup_before_upgrade
-ynh_clean_setup () {
-	# restore it if the upgrade fails
-	ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
+if ! ynh_permission_exists --permission="admin"; then
+	# Create the required permissions
+	ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
+fi

 #=================================================
-# CHECK THE PATH
+# CREATE DEDICATED USER
 #=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..."

-# Normalize the URL path syntax
-path_url=$(ynh_normalize_url_path --path_url=$path_url)
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir=$final_path

-#=================================================
-# STANDARD UPGRADE STEPS
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
-ynh_script_progression --message="Upgrading source files..." --weight=4

 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
@ -102,40 +108,38 @@ then
 	if ! curl --output /dev/null --silent --head --fail "$src_url"; then
 		ynh_replace_string "latest" "attic" ../conf/app.src
 	fi
+	ynh_script_progression --message="Upgrading source files..."

 	# Download, check integrity, uncompress and patch the source from app.src
 	ynh_setup_source --dest_dir="$final_path"
 fi

+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Upgrading nginx web server configuration..."
+ynh_script_progression --message="Upgrading NGINX web server configuration..."

-# Create a dedicated nginx config
+# Create a dedicated NGINX config
 ynh_add_nginx_config

-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..."
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2
+ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2

-# Create a dedicated php-fpm config
+# Create a dedicated PHP-FPM config
 ynh_add_fpm_config

 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
-# MODIFY A CONFIG FILE
+# UPDATE A CONFIG FILE
 #=================================================
+ynh_script_progression --message="Updating a configuration file..."

 php_config=$final_path/inc/config.php

@ -170,33 +174,8 @@ EOF
 # Recalculate and store the checksum of the file for the next upgrade.
 ynh_store_file_checksum --file=$php_config

-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions on app files
-chown -R root: $final_path
-chown -R $app $final_path/{public,cache,themes,plugins}
-
-#=================================================
-# UPGRADE FAIL2BAN
-#=================================================
-ynh_script_progression --message="Reconfiguring fail2ban..."
-
-# Create a dedicated fail2ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path_url%/}/admin/auth.php"
-
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading permissions configuration..." --weight=2
-
-# Create the admin permission if needed
-if ! ynh_permission_exists --permission "admin"; then
-	ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
-fi
+chmod 400 "$php_config"
+chown $app:$app "$php_config"

 #=================================================
 # UPDATING DATABASE
@ -210,10 +189,20 @@ ynh_local_curl $adminUrl

 ynh_permission_update --permission "admin" --remove "visitors"

+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# UPGRADE FAIL2BAN
+#=================================================
+ynh_script_progression --message="Reconfiguring Fail2Ban..."
+
+# Create a dedicated Fail2Ban config
+ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path_url%/}/admin/auth.php"
+
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..."
+ynh_script_progression --message="Reloading NGINX web server..."

 ynh_systemd_action --service_name=nginx --action=reload