1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dotclear2_ynh.git synced 2024-09-03 18:26:29 +02:00

Merge pull request #15 from YunoHost-Apps/new-system-permission

New System Permission
This commit is contained in:
Kayou 2020-03-27 02:27:05 +01:00 committed by GitHub
commit c76a7d7853
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 58 additions and 55 deletions

View file

@ -14,9 +14,9 @@
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=f356f5b8f496f626aba3ec0f9d9c40c4cb54e7f6
backup_restore=1
multi_instance=1
incorrect_path=1
port_already_use=0
change_url=0
;;; Levels

View file

@ -26,24 +26,23 @@ class myDcAuth extends dcAuth
# Store the password
$cur->user_pwd = $pwd;
# search the user in ldap, and get infos
$filter="(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";
$sr=ldap_search($ds,$racine, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$info = ldap_get_entries($ds, $sr);
if ($info["count"] == 1)
{
# If the user exist, then we just update his password.
if ($this->core->userExists($user_id))
{
$this->sudo(array($this->core,'updUser'),$user_id,$cur);
$this->con->commit();
}
# If not, we create him.
# In order for him to connect,
# it is necessary to give him at least
# a permission "usage" on the blog "default".
else
{
# search the user in ldap, and get infos
$sr=ldap_search($ds,$racine,"uid=$user_id",array( "dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$info = ldap_get_entries($ds, $sr);
if ($info["count"] ==1)
{
$cur->user_id = $user_id;
$cur->user_email = $info[0]['mail'][0];
@ -65,8 +64,8 @@ class myDcAuth extends dcAuth
#pages "manage pages"
#blogroll "manage blogroll"
$this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome
$this->con->commit();
}
$this->con->commit();
}
# The previous operations proceeded without error,

View file

@ -14,7 +14,7 @@
"email": "pierre@kayou.io"
},
"requirements": {
"yunohost": ">= 3.2.0"
"yunohost": ">= 3.7.0"
},
"multi_instance": true,
"services": [

View file

@ -49,7 +49,6 @@ ynh_webpath_register $app $domain $path_url
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app admin $admin
#=================================================
@ -114,6 +113,7 @@ password=$(ynh_string_random 30)
cp $php_config.in $php_config
cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
admin_url=$(ynh_url_join $path_url admin/index.php)
@ -154,10 +154,7 @@ ynh_store_file_checksum $php_config
chown -R $app: $final_path
# Set the app as temporarily public for curl call
ynh_app_setting_set $app skipped_uris "/"
# Reload SSOwat config
yunohost app ssowatconf
ynh_permission_update --permission "main" --add "visitors"
# Reload Nginx
systemctl reload nginx
@ -167,20 +164,16 @@ installUrl="/admin/install/index.php"
ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password"
ynh_app_setting_delete $app skipped_uris
#=================================================
# SETUP SSOWAT
#=================================================
# Make app public if necessary
if [ $is_public -eq 1 ]; then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set $app unprotected_uris "/"
# protect admin area
ynh_app_setting_set $app protected_uris "/admin"
if [ $is_public -eq 0 ]; then
ynh_permission_update --permission "main" --remove "visitors"
fi
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
#=================================================
# RELOAD NGINX
#=================================================

View file

@ -26,18 +26,18 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd)
password=$(ynh_app_setting_get $app password)
master_key=$(ynh_app_setting_get $app master_key)
skipped_uris=$(ynh_app_setting_get $app skipped_uris)
unprotected_uris=$(ynh_app_setting_get $app unprotected_uris)
protected_uris=$(ynh_app_setting_get $app protected_uris)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_print_info "Ensuring downward compatibility..."
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set $app is_public 1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set $app is_public 0
is_public=0
# Delete is_public if it exists
if [ ! -z $is_public ]; then
ynh_app_setting_delete --app=$app --key=is_public
fi
# If db_name doesn't exist, create it
@ -52,6 +52,21 @@ if [ -z $final_path ]; then
ynh_app_setting_set $app final_path $final_path
fi
# Delete skipped_uris if it exists
if [ ! -z $skipped_uris ]; then
ynh_app_setting_delete $app skipped_uris
fi
# Delete unprotected_uris if it exists
if [ ! -z $unprotected_uris ]; then
ynh_app_setting_delete $app unprotected_uris
fi
# Delete protected_uris if it exists
if [ ! -z $protected_uris ]; then
ynh_app_setting_delete $app protected_uris
fi
# If password exists, remove it
if [ ! -z $password ]; then
ynh_app_setting_delete $app password
@ -137,6 +152,7 @@ ynh_add_fpm_config
cp $php_config.in $php_config
cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n')
lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n')
@ -185,15 +201,10 @@ chown -R $app: $final_path
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info "Upgrading SSOwat configuration..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set $app unprotected_uris "/"
# protect admin area
ynh_app_setting_set $app protected_uris "/admin"
if ! ynh_permission_exists --permission "admin"; then
ynh_print_info "Upgrading SSOwat configuration..."
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
fi
#=================================================