mirror of
https://github.com/YunoHost-Apps/dotclear2_ynh.git
synced 2024-09-03 18:26:29 +02:00
Merge pull request #15 from YunoHost-Apps/new-system-permission
New System Permission
This commit is contained in:
commit
c76a7d7853
5 changed files with 58 additions and 55 deletions
|
@ -14,9 +14,9 @@
|
|||
setup_private=1
|
||||
setup_public=1
|
||||
upgrade=1
|
||||
upgrade=1 from_commit=f356f5b8f496f626aba3ec0f9d9c40c4cb54e7f6
|
||||
backup_restore=1
|
||||
multi_instance=1
|
||||
incorrect_path=1
|
||||
port_already_use=0
|
||||
change_url=0
|
||||
;;; Levels
|
||||
|
|
|
@ -26,24 +26,23 @@ class myDcAuth extends dcAuth
|
|||
# Store the password
|
||||
$cur->user_pwd = $pwd;
|
||||
|
||||
# search the user in ldap, and get infos
|
||||
$filter="(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";
|
||||
$sr=ldap_search($ds,$racine, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
||||
$info = ldap_get_entries($ds, $sr);
|
||||
|
||||
if ($info["count"] == 1)
|
||||
{
|
||||
# If the user exist, then we just update his password.
|
||||
if ($this->core->userExists($user_id))
|
||||
{
|
||||
$this->sudo(array($this->core,'updUser'),$user_id,$cur);
|
||||
$this->con->commit();
|
||||
}
|
||||
# If not, we create him.
|
||||
# In order for him to connect,
|
||||
# it is necessary to give him at least
|
||||
# a permission "usage" on the blog "default".
|
||||
else
|
||||
{
|
||||
# search the user in ldap, and get infos
|
||||
$sr=ldap_search($ds,$racine,"uid=$user_id",array( "dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
||||
$info = ldap_get_entries($ds, $sr);
|
||||
|
||||
|
||||
if ($info["count"] ==1)
|
||||
{
|
||||
$cur->user_id = $user_id;
|
||||
$cur->user_email = $info[0]['mail'][0];
|
||||
|
@ -65,8 +64,8 @@ class myDcAuth extends dcAuth
|
|||
#pages "manage pages"
|
||||
#blogroll "manage blogroll"
|
||||
$this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome
|
||||
$this->con->commit();
|
||||
}
|
||||
$this->con->commit();
|
||||
}
|
||||
|
||||
# The previous operations proceeded without error,
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
"email": "pierre@kayou.io"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 3.2.0"
|
||||
"yunohost": ">= 3.7.0"
|
||||
},
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
|
|
|
@ -49,7 +49,6 @@ ynh_webpath_register $app $domain $path_url
|
|||
|
||||
ynh_app_setting_set $app domain $domain
|
||||
ynh_app_setting_set $app path $path_url
|
||||
ynh_app_setting_set $app is_public $is_public
|
||||
ynh_app_setting_set $app admin $admin
|
||||
|
||||
#=================================================
|
||||
|
@ -114,6 +113,7 @@ password=$(ynh_string_random 30)
|
|||
|
||||
cp $php_config.in $php_config
|
||||
cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
|
||||
ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
|
||||
|
||||
admin_url=$(ynh_url_join $path_url admin/index.php)
|
||||
|
||||
|
@ -154,10 +154,7 @@ ynh_store_file_checksum $php_config
|
|||
chown -R $app: $final_path
|
||||
|
||||
# Set the app as temporarily public for curl call
|
||||
ynh_app_setting_set $app skipped_uris "/"
|
||||
|
||||
# Reload SSOwat config
|
||||
yunohost app ssowatconf
|
||||
ynh_permission_update --permission "main" --add "visitors"
|
||||
|
||||
# Reload Nginx
|
||||
systemctl reload nginx
|
||||
|
@ -167,20 +164,16 @@ installUrl="/admin/install/index.php"
|
|||
|
||||
ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password"
|
||||
|
||||
ynh_app_setting_delete $app skipped_uris
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
|
||||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]; then
|
||||
# unprotected_uris allows SSO credentials to be passed anyway.
|
||||
ynh_app_setting_set $app unprotected_uris "/"
|
||||
# protect admin area
|
||||
ynh_app_setting_set $app protected_uris "/admin"
|
||||
if [ $is_public -eq 0 ]; then
|
||||
ynh_permission_update --permission "main" --remove "visitors"
|
||||
fi
|
||||
|
||||
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
|
|
@ -26,18 +26,18 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd)
|
|||
password=$(ynh_app_setting_get $app password)
|
||||
master_key=$(ynh_app_setting_get $app master_key)
|
||||
|
||||
skipped_uris=$(ynh_app_setting_get $app skipped_uris)
|
||||
unprotected_uris=$(ynh_app_setting_get $app unprotected_uris)
|
||||
protected_uris=$(ynh_app_setting_get $app protected_uris)
|
||||
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
ynh_print_info "Ensuring downward compatibility..."
|
||||
|
||||
# Fix is_public as a boolean value
|
||||
if [ "$is_public" = "Yes" ]; then
|
||||
ynh_app_setting_set $app is_public 1
|
||||
is_public=1
|
||||
elif [ "$is_public" = "No" ]; then
|
||||
ynh_app_setting_set $app is_public 0
|
||||
is_public=0
|
||||
# Delete is_public if it exists
|
||||
if [ ! -z $is_public ]; then
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
# If db_name doesn't exist, create it
|
||||
|
@ -52,6 +52,21 @@ if [ -z $final_path ]; then
|
|||
ynh_app_setting_set $app final_path $final_path
|
||||
fi
|
||||
|
||||
# Delete skipped_uris if it exists
|
||||
if [ ! -z $skipped_uris ]; then
|
||||
ynh_app_setting_delete $app skipped_uris
|
||||
fi
|
||||
|
||||
# Delete unprotected_uris if it exists
|
||||
if [ ! -z $unprotected_uris ]; then
|
||||
ynh_app_setting_delete $app unprotected_uris
|
||||
fi
|
||||
|
||||
# Delete protected_uris if it exists
|
||||
if [ ! -z $protected_uris ]; then
|
||||
ynh_app_setting_delete $app protected_uris
|
||||
fi
|
||||
|
||||
# If password exists, remove it
|
||||
if [ ! -z $password ]; then
|
||||
ynh_app_setting_delete $app password
|
||||
|
@ -137,6 +152,7 @@ ynh_add_fpm_config
|
|||
|
||||
cp $php_config.in $php_config
|
||||
cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
|
||||
ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
|
||||
|
||||
firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n')
|
||||
lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n')
|
||||
|
@ -185,15 +201,10 @@ chown -R $app: $final_path
|
|||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading SSOwat configuration..."
|
||||
|
||||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# unprotected_uris allows SSO credentials to be passed anyway
|
||||
ynh_app_setting_set $app unprotected_uris "/"
|
||||
# protect admin area
|
||||
ynh_app_setting_set $app protected_uris "/admin"
|
||||
if ! ynh_permission_exists --permission "admin"; then
|
||||
ynh_print_info "Upgrading SSOwat configuration..."
|
||||
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue