diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php index 0eaeda8..bb7b016 100644 --- a/conf/class.auth.ldap.php +++ b/conf/class.auth.ldap.php @@ -29,6 +29,11 @@ class ldapDcAuth extends dcAuth if ($info["count"] == 1) { + # To be case sensitive + if ($info[0]['dn'] != "uid=".$user_id.",ou=users,".$this->base) { + return parent::checkUser($user_id, $pwd); + } + try { $this->con->begin(); @@ -42,6 +47,13 @@ class ldapDcAuth extends dcAuth $cur->user_name = $info[0]['sn'][0]; $cur->user_firstname = $info[0]['givenname'][0]; $cur->user_displayname = $info[0]['cn'][0]; + $super_user = "__ADMIN__"; + if ($super_user == $user_id) { + $cur->user_super = 1; + } + else { + $cur->user_super = 0; + } # If the user exist, then we just update his password. if ($this->core->userExists($user_id)) @@ -59,18 +71,38 @@ class ldapDcAuth extends dcAuth $cur->user_default_blog = 'default'; # Can change this, PR are welcome $this->sudo(array($this->core,'addUser'), $cur); # Possible roles: - #admin "administrator" - #usage "manage their own entries and comments" - #publish "publish entries and comments" - #delete "delete entries and comments" - #contentadmin "manage all entries and comments" - #categories "manage categories" - #media "manage their own media items" - #media_admin "manage all media items" - #pages "manage pages" - #blogroll "manage blogroll" - $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome + # admin "administrator" + # contentadmin "manage all entries and comments" + # usage "manage their own entries and comments" + # publish "publish entries and comments" + # delete "delete entries and comments" + # categories "manage categories" + # media_admin "manage all media items" + # media "manage their own media items" + # pages "manage pages" + # blogroll "manage blogroll" + $permissions = array( + 'admin' => "__BLOG_ADMIN__", + 'contentadmin' => "__BLOG_CONTENTADMIN__", + 'usage' => "__BLOG_USAGE__", + 'publish' => "__BLOG_PUBLISH__", + 'delete' => "__BLOG_DELETE__", + 'categories' => "__BLOG_CATEGORIES__", + 'media_admin' => "__BLOG_MEDIA_ADMIN__", + 'media' => "__BLOG_MEDIA__", + 'pages' => "__BLOG_PAGES__", + 'blogroll' => "__BLOG_BLOGROLL__", + ); + $set_perms = []; + + foreach ($permissions as $perm_id => $v) { + if (is_string($v) && $v == "true") { + $set_perms[$perm_id] = true; + } + } + $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true); } + $this->con->commit(); } catch (Exception $e) @@ -89,7 +121,7 @@ class ldapDcAuth extends dcAuth error_log("Failed to connect with the user ".$user_id); } } - return parent::checkUser($user_id, $pwd); + return parent::checkUser($user_id, $pwd); } } ?> diff --git a/config_panel.toml b/config_panel.toml new file mode 100644 index 0000000..1733d40 --- /dev/null +++ b/config_panel.toml @@ -0,0 +1,105 @@ +version = "1.0" + +[main] +name = "Dotclear2 configuration" + + [main.super_user] + name = "Main permission for YunoHost users" + + [main.super_user.admin] + ask = "Super Administrator" + type = "user" + bind = "super_user:__FINALPATH__/inc/class.auth.ldap.php" + +[ynh_users] +name = "Yunohost users" +help = "These permissions apply to the first connection of the user, the super user can change them in dotclear." + + [ynh_users.main_permission] + name = "Permissions for YunoHost users" + + [ynh_users.main_permission.blog_admin] + ask = "Administrator" + type = "boolean" + yes = "true" + no = "false" + bind = "'admin':__FINALPATH__/inc/class.auth.ldap.php" + + [ynh_users.content] + name = "Content permissions" + visible = "blog_admin != 'true'" + + [ynh_users.content.blog_contentadmin] + ask = "Manage all entries and comments" + type = "boolean" + yes = "true" + no = "false" + bind = "'contentadmin':__FINALPATH__/inc/class.auth.ldap.php" + + [ynh_users.content.blog_usage] + ask = "Manage their own entries and comments" + type = "boolean" + yes = "true" + no = "false" + bind = "'usage':__FINALPATH__/inc/class.auth.ldap.php" + visible = "blog_contentadmin != 'true'" + + [ynh_users.content.blog_publish] + ask = "Publish entries and comments" + type = "boolean" + yes = "true" + no = "false" + bind = "'publish':__FINALPATH__/inc/class.auth.ldap.php" + visible = "blog_contentadmin != 'true'" + + [ynh_users.content.blog_delete] + ask = "Delete entries and comments" + type = "boolean" + yes = "true" + no = "false" + bind = "'delete':__FINALPATH__/inc/class.auth.ldap.php" + visible = "blog_contentadmin != 'true'" + + [ynh_users.media] + name = "Media permissions" + visible = "blog_admin != 'true'" + + [ynh_users.media.blog_media_admin] + ask = "Manage all media items" + type = "boolean" + yes = "true" + no = "false" + bind = "'media_admin':__FINALPATH__/inc/class.auth.ldap.php" + + [ynh_users.media.blog_media] + ask = "Manage their own media items" + type = "boolean" + yes = "true" + no = "false" + bind = "'media':__FINALPATH__/inc/class.auth.ldap.php" + visible = "blog_media_admin != 'true'" + + [ynh_users.other_permissions] + name = "Other permissions" + visible = "blog_admin != 'true'" + + [ynh_users.other_permissions.blog_categories] + ask = "Manage categories" + type = "boolean" + yes = "true" + no = "false" + bind = "'categories':__FINALPATH__/inc/class.auth.ldap.php" + + [ynh_users.other_permissions.blog_pages] + ask = "Manage pages" + type = "boolean" + yes = "true" + no = "false" + bind = "'pages':__FINALPATH__/inc/class.auth.ldap.php" + + [ynh_users.other_permissions.blog_blogroll] + ask = "Manage blogroll" + type = "boolean" + yes = "true" + no = "false" + bind = "'blogroll':__FINALPATH__/inc/class.auth.ldap.php" diff --git a/manifest.json b/manifest.json index 1ef5656..cf266d8 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Blog publishing application", "fr": "Moteur de blog" }, - "version": "2.20.1~ynh1", + "version": "2.20.1~ynh2", "license": "GPL-2.0-or-later", "url": "https://dotclear.org/", "maintainer": { @@ -14,7 +14,7 @@ "email": "pierre@kayou.io" }, "requirements": { - "yunohost": ">= 4.2.4" + "yunohost": ">= 4.3.2" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index e0c5949..59f7b7d 100755 --- a/scripts/install +++ b/scripts/install @@ -134,8 +134,28 @@ ynh_replace_string --match_string="'DC_ADMIN_URL', ''" --replace_string="'DC_ADM ynh_replace_string --match_string="'DC_ADMIN_MAILFROM', ''" --replace_string="'DC_ADMIN_MAILFROM', '$email'" --target_file=$php_config # Adding LDAP login -cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$final_path/inc/class.auth.ldap.php" +blog_admin="false" +blog_contentadmin="false" +blog_usage="true" +blog_publish="false" +blog_delete="false" +blog_categories="false" +blog_media_admin="false" +blog_media="false" +blog_pages="false" +blog_blogroll="false" +ynh_app_setting_set --app=$app --key=blog_admin --value=$blog_admin +ynh_app_setting_set --app=$app --key=blog_contentadmin --value=$blog_contentadmin +ynh_app_setting_set --app=$app --key=blog_usage --value=$blog_usage +ynh_app_setting_set --app=$app --key=blog_publish --value=$blog_publish +ynh_app_setting_set --app=$app --key=blog_delete --value=$blog_delete +ynh_app_setting_set --app=$app --key=blog_categories --value=$blog_categories +ynh_app_setting_set --app=$app --key=blog_media_admin --value=$blog_media_admin +ynh_app_setting_set --app=$app --key=blog_media --value=$blog_media +ynh_app_setting_set --app=$app --key=blog_pages --value=$blog_pages +ynh_app_setting_set --app=$app --key=blog_blogroll --value=$blog_blogroll + +ynh_add_config --template="../conf/class.auth.ldap.php" --destination="$final_path/inc/class.auth.ldap.php" cat << EOF >> $php_config diff --git a/scripts/upgrade b/scripts/upgrade index efc421c..6ef5931 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,6 +26,17 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) password=$(ynh_app_setting_get --app=$app --key=password) master_key=$(ynh_app_setting_get --app=$app --key=master_key) +blog_admin=$(ynh_app_setting_get --app=$app --key=blog_admin) +blog_contentadmin=$(ynh_app_setting_get --app=$app --key=blog_contentadmin) +blog_usage=$(ynh_app_setting_get --app=$app --key=blog_usage) +blog_publish=$(ynh_app_setting_get --app=$app --key=blog_publish) +blog_delete=$(ynh_app_setting_get --app=$app --key=blog_delete) +blog_categories=$(ynh_app_setting_get --app=$app --key=blog_categories) +blog_media_admin=$(ynh_app_setting_get --app=$app --key=blog_media_admin) +blog_media=$(ynh_app_setting_get --app=$app --key=blog_media) +blog_pages=$(ynh_app_setting_get --app=$app --key=blog_pages) +blog_blogroll=$(ynh_app_setting_get --app=$app --key=blog_blogroll) + #================================================= # CHECK VERSION #================================================= @@ -86,6 +97,38 @@ if ! ynh_permission_exists --permission="admin"; then ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin fi +if [ -z "$blog_admin" ] || + [ -z "$blog_contentadmin" ] || + [ -z "$blog_usage" ] || + [ -z "$blog_publish" ] || + [ -z "$blog_delete" ] || + [ -z "$blog_categories" ] || + [ -z "$blog_media_admin" ] || + [ -z "$blog_media" ] || + [ -z "$blog_pages" ] || + [ -z "$blog_blogroll" ]; then + blog_admin="false" + blog_contentadmin="false" + blog_usage="true" + blog_publish="false" + blog_delete="false" + blog_categories="false" + blog_media_admin="false" + blog_media="false" + blog_pages="false" + blog_blogroll="false" + ynh_app_setting_set --app=$app --key=blog_admin --value=$blog_admin + ynh_app_setting_set --app=$app --key=blog_contentadmin --value=$blog_contentadmin + ynh_app_setting_set --app=$app --key=blog_usage --value=$blog_usage + ynh_app_setting_set --app=$app --key=blog_publish --value=$blog_publish + ynh_app_setting_set --app=$app --key=blog_delete --value=$blog_delete + ynh_app_setting_set --app=$app --key=blog_categories --value=$blog_categories + ynh_app_setting_set --app=$app --key=blog_media_admin --value=$blog_media_admin + ynh_app_setting_set --app=$app --key=blog_media --value=$blog_media + ynh_app_setting_set --app=$app --key=blog_pages --value=$blog_pages + ynh_app_setting_set --app=$app --key=blog_blogroll --value=$blog_blogroll +fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -164,8 +207,7 @@ ynh_replace_string --match_string="'DC_ADMIN_URL', ''" --replace_string="'DC_ADM ynh_replace_string --match_string="'DC_ADMIN_MAILFROM', ''" --replace_string="'DC_ADMIN_MAILFROM', '$email'" --target_file=$php_config # Adding LDAP login -cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php -ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php +ynh_add_config --template="../conf/class.auth.ldap.php" --destination="$final_path/inc/class.auth.ldap.php" cat << EOF >> $php_config @@ -183,14 +225,10 @@ chown $app:$app "$php_config" # UPDATING DATABASE #================================================= -ynh_permission_update --permission "admin" --add "visitors" - # Navigate to the admin panel to upgrade the database: https://dotclear.org/documentation/2.0/admin/upgrades adminUrl="/admin/auth.php" ynh_local_curl $adminUrl -ynh_permission_update --permission "admin" --remove "visitors" - #================================================= # GENERIC FINALIZATION #=================================================