YunoHost-Apps/dotclear2_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dotclear2_ynh.git synced 2024-09-03 18:26:29 +02:00
Code Issues Activity Actions 1

Merge pull request #15 from YunoHost-Apps/new-system-permission

Browse source 
New System Permission
This commit is contained in:
Kayou 2020-03-27 02:27:05 +01:00 committed by GitHub
commit c76a7d7853
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 58 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
check_process
View file

@ -14,9 +14,9 @@
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=f356f5b8f496f626aba3ec0f9d9c40c4cb54e7f6
backup_restore=1 backup_restore=1
multi_instance=1 multi_instance=1
incorrect_path=1
port_already_use=0 port_already_use=0
change_url=0 change_url=0
;;; Levels ;;; Levels

47
conf/class.auth.ldap.php
View file

@ -26,28 +26,27 @@ class myDcAuth extends dcAuth
# Store the password # Store the password
$cur->user_pwd = $pwd; $cur->user_pwd = $pwd;
# If the user exist, then we just update his password. # search the user in ldap, and get infos
if ($this->core->userExists($user_id)) $filter="(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";
{ $sr=ldap_search($ds,$racine, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$this->sudo(array($this->core,'updUser'),$user_id,$cur); $info = ldap_get_entries($ds, $sr);
$this->con->commit();
}
# If not, we create him.
# In order for him to connect,
# it is necessary to give him at least
# a permission "usage" on the blog "default".
else
{
# search the user in ldap, and get infos
$sr=ldap_search($ds,$racine,"uid=$user_id",array( "dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$info = ldap_get_entries($ds, $sr);
if ($info["count"] == 1)
if ($info["count"] ==1) {
{ # If the user exist, then we just update his password.
$cur->user_id = $user_id; if ($this->core->userExists($user_id))
$cur->user_email = $info[0]['mail'][0]; {
$cur->user_name = $info[0]['givenname'][0]; $this->sudo(array($this->core,'updUser'),$user_id,$cur);
}
# If not, we create him.
# In order for him to connect,
# it is necessary to give him at least
# a permission "usage" on the blog "default".
else
{
$cur->user_id = $user_id;
$cur->user_email = $info[0]['mail'][0];
$cur->user_name = $info[0]['givenname'][0];
$cur->user_firstname = $info[0]['sn'][0]; $cur->user_firstname = $info[0]['sn'][0];
$cur->user_lang = 'fr'; # Can change this, PR are welcome $cur->user_lang = 'fr'; # Can change this, PR are welcome
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
@ -65,9 +64,9 @@ class myDcAuth extends dcAuth
#pages "manage pages" #pages "manage pages"
#blogroll "manage blogroll" #blogroll "manage blogroll"
$this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome $this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome
$this->con->commit(); }
} $this->con->commit();
} }
# The previous operations proceeded without error, # The previous operations proceeded without error,
# we can now call the parent method # we can now call the parent method

2
manifest.json
View file

@ -14,7 +14,7 @@
"email": "pierre@kayou.io" "email": "pierre@kayou.io"
}, },
"requirements": { "requirements": {
"yunohost": ">= 3.2.0" "yunohost": ">= 3.7.0"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [

19
scripts/install
View file

@ -49,7 +49,6 @@ ynh_webpath_register $app $domain $path_url
ynh_app_setting_set $app domain $domain ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path_url ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app admin $admin ynh_app_setting_set $app admin $admin
#================================================= #=================================================
@ -114,6 +113,7 @@ password=$(ynh_string_random 30)
cp $php_config.in $php_config cp $php_config.in $php_config
cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
admin_url=$(ynh_url_join $path_url admin/index.php) admin_url=$(ynh_url_join $path_url admin/index.php)
@ -154,10 +154,7 @@ ynh_store_file_checksum $php_config
chown -R $app: $final_path chown -R $app: $final_path
# Set the app as temporarily public for curl call # Set the app as temporarily public for curl call
ynh_app_setting_set $app skipped_uris "/" ynh_permission_update --permission "main" --add "visitors"
# Reload SSOwat config
yunohost app ssowatconf
# Reload Nginx # Reload Nginx
systemctl reload nginx systemctl reload nginx
@ -167,20 +164,16 @@ installUrl="/admin/install/index.php"
ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password" ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password"
ynh_app_setting_delete $app skipped_uris
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
# Make app public if necessary if [ $is_public -eq 0 ]; then
if [ $is_public -eq 1 ]; then ynh_permission_update --permission "main" --remove "visitors"
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set $app unprotected_uris "/"
# protect admin area
ynh_app_setting_set $app protected_uris "/admin"
fi fi
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================

41
scripts/upgrade
View file

@ -26,18 +26,18 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd)
password=$(ynh_app_setting_get $app password) password=$(ynh_app_setting_get $app password)
master_key=$(ynh_app_setting_get $app master_key) master_key=$(ynh_app_setting_get $app master_key)
skipped_uris=$(ynh_app_setting_get $app skipped_uris)
unprotected_uris=$(ynh_app_setting_get $app unprotected_uris)
protected_uris=$(ynh_app_setting_get $app protected_uris)
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
ynh_print_info "Ensuring downward compatibility..." ynh_print_info "Ensuring downward compatibility..."
# Fix is_public as a boolean value # Delete is_public if it exists
if [ "$is_public" = "Yes" ]; then if [ ! -z $is_public ]; then
ynh_app_setting_set $app is_public 1 ynh_app_setting_delete --app=$app --key=is_public
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set $app is_public 0
is_public=0
fi fi
# If db_name doesn't exist, create it # If db_name doesn't exist, create it
@ -52,6 +52,21 @@ if [ -z $final_path ]; then
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app final_path $final_path
fi fi
# Delete skipped_uris if it exists
if [ ! -z $skipped_uris ]; then
ynh_app_setting_delete $app skipped_uris
fi
# Delete unprotected_uris if it exists
if [ ! -z $unprotected_uris ]; then
ynh_app_setting_delete $app unprotected_uris
fi
# Delete protected_uris if it exists
if [ ! -z $protected_uris ]; then
ynh_app_setting_delete $app protected_uris
fi
# If password exists, remove it # If password exists, remove it
if [ ! -z $password ]; then if [ ! -z $password ]; then
ynh_app_setting_delete $app password ynh_app_setting_delete $app password
@ -137,6 +152,7 @@ ynh_add_fpm_config
cp $php_config.in $php_config cp $php_config.in $php_config
cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n') firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n')
lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n') lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n')
@ -185,15 +201,10 @@ chown -R $app: $final_path
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_print_info "Upgrading SSOwat configuration..."
# Make app public if necessary if ! ynh_permission_exists --permission "admin"; then
if [ $is_public -eq 1 ] ynh_print_info "Upgrading SSOwat configuration..."
then ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set $app unprotected_uris "/"
# protect admin area
ynh_app_setting_set $app protected_uris "/admin"
fi fi
#================================================= #=================================================