From f4527eb26689cf649548aadda56e617c738f0377 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 7 Jan 2022 18:06:55 +0100 Subject: [PATCH] Add blog permission management --- conf/class.auth.ldap.php | 51 ++++++++++++++++++++++++++++++---------- scripts/install | 21 +++++++++++++++++ scripts/upgrade | 43 +++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+), 12 deletions(-) diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php index 0eaeda8..cab3fda 100644 --- a/conf/class.auth.ldap.php +++ b/conf/class.auth.ldap.php @@ -42,6 +42,13 @@ class ldapDcAuth extends dcAuth $cur->user_name = $info[0]['sn'][0]; $cur->user_firstname = $info[0]['givenname'][0]; $cur->user_displayname = $info[0]['cn'][0]; + $super_user = "__ADMIN__"; + if ($super_user == $user_id) { + $cur->user_super = 1; + } + else { + $cur->user_super = 0; + } # If the user exist, then we just update his password. if ($this->core->userExists($user_id)) @@ -58,19 +65,39 @@ class ldapDcAuth extends dcAuth $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome $cur->user_default_blog = 'default'; # Can change this, PR are welcome $this->sudo(array($this->core,'addUser'), $cur); - # Possible roles: - #admin "administrator" - #usage "manage their own entries and comments" - #publish "publish entries and comments" - #delete "delete entries and comments" - #contentadmin "manage all entries and comments" - #categories "manage categories" - #media "manage their own media items" - #media_admin "manage all media items" - #pages "manage pages" - #blogroll "manage blogroll" - $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome } + # Possible roles: + # admin "administrator" + # contentadmin "manage all entries and comments" + # usage "manage their own entries and comments" + # publish "publish entries and comments" + # delete "delete entries and comments" + # categories "manage categories" + # media_admin "manage all media items" + # media "manage their own media items" + # pages "manage pages" + # blogroll "manage blogroll" + $permissions = array( + 'admin' => "__BLOG_ADMIN__", + 'contentadmin' => "__BLOG_CONTENTADMIN__", + 'usage' => "__BLOG_USAGE__", + 'publish' => "__BLOG_PUBLISH__", + 'delete' => "__BLOG_DELETE__", + 'categories' => "__BLOG_CATEGORIES__", + 'media_admin' => "__BLOG_MEDIA_ADMIN__", + 'media' => "__BLOG_MEDIA__", + 'pages' => "__BLOG_PAGES__", + 'blogroll' => "__BLOG_BLOGROLL__", + ); + $set_perms = []; + + foreach ($permissions as $perm_id => $v) { + if (is_string($v) && $v == "true") { + $set_perms[$perm_id] = true; + } + } + $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true); + $this->con->commit(); } catch (Exception $e) diff --git a/scripts/install b/scripts/install index d03ecaf..59f7b7d 100755 --- a/scripts/install +++ b/scripts/install @@ -134,6 +134,27 @@ ynh_replace_string --match_string="'DC_ADMIN_URL', ''" --replace_string="'DC_ADM ynh_replace_string --match_string="'DC_ADMIN_MAILFROM', ''" --replace_string="'DC_ADMIN_MAILFROM', '$email'" --target_file=$php_config # Adding LDAP login +blog_admin="false" +blog_contentadmin="false" +blog_usage="true" +blog_publish="false" +blog_delete="false" +blog_categories="false" +blog_media_admin="false" +blog_media="false" +blog_pages="false" +blog_blogroll="false" +ynh_app_setting_set --app=$app --key=blog_admin --value=$blog_admin +ynh_app_setting_set --app=$app --key=blog_contentadmin --value=$blog_contentadmin +ynh_app_setting_set --app=$app --key=blog_usage --value=$blog_usage +ynh_app_setting_set --app=$app --key=blog_publish --value=$blog_publish +ynh_app_setting_set --app=$app --key=blog_delete --value=$blog_delete +ynh_app_setting_set --app=$app --key=blog_categories --value=$blog_categories +ynh_app_setting_set --app=$app --key=blog_media_admin --value=$blog_media_admin +ynh_app_setting_set --app=$app --key=blog_media --value=$blog_media +ynh_app_setting_set --app=$app --key=blog_pages --value=$blog_pages +ynh_app_setting_set --app=$app --key=blog_blogroll --value=$blog_blogroll + ynh_add_config --template="../conf/class.auth.ldap.php" --destination="$final_path/inc/class.auth.ldap.php" cat << EOF >> $php_config diff --git a/scripts/upgrade b/scripts/upgrade index 3e28a6a..6ef5931 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,6 +26,17 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) password=$(ynh_app_setting_get --app=$app --key=password) master_key=$(ynh_app_setting_get --app=$app --key=master_key) +blog_admin=$(ynh_app_setting_get --app=$app --key=blog_admin) +blog_contentadmin=$(ynh_app_setting_get --app=$app --key=blog_contentadmin) +blog_usage=$(ynh_app_setting_get --app=$app --key=blog_usage) +blog_publish=$(ynh_app_setting_get --app=$app --key=blog_publish) +blog_delete=$(ynh_app_setting_get --app=$app --key=blog_delete) +blog_categories=$(ynh_app_setting_get --app=$app --key=blog_categories) +blog_media_admin=$(ynh_app_setting_get --app=$app --key=blog_media_admin) +blog_media=$(ynh_app_setting_get --app=$app --key=blog_media) +blog_pages=$(ynh_app_setting_get --app=$app --key=blog_pages) +blog_blogroll=$(ynh_app_setting_get --app=$app --key=blog_blogroll) + #================================================= # CHECK VERSION #================================================= @@ -86,6 +97,38 @@ if ! ynh_permission_exists --permission="admin"; then ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin fi +if [ -z "$blog_admin" ] || + [ -z "$blog_contentadmin" ] || + [ -z "$blog_usage" ] || + [ -z "$blog_publish" ] || + [ -z "$blog_delete" ] || + [ -z "$blog_categories" ] || + [ -z "$blog_media_admin" ] || + [ -z "$blog_media" ] || + [ -z "$blog_pages" ] || + [ -z "$blog_blogroll" ]; then + blog_admin="false" + blog_contentadmin="false" + blog_usage="true" + blog_publish="false" + blog_delete="false" + blog_categories="false" + blog_media_admin="false" + blog_media="false" + blog_pages="false" + blog_blogroll="false" + ynh_app_setting_set --app=$app --key=blog_admin --value=$blog_admin + ynh_app_setting_set --app=$app --key=blog_contentadmin --value=$blog_contentadmin + ynh_app_setting_set --app=$app --key=blog_usage --value=$blog_usage + ynh_app_setting_set --app=$app --key=blog_publish --value=$blog_publish + ynh_app_setting_set --app=$app --key=blog_delete --value=$blog_delete + ynh_app_setting_set --app=$app --key=blog_categories --value=$blog_categories + ynh_app_setting_set --app=$app --key=blog_media_admin --value=$blog_media_admin + ynh_app_setting_set --app=$app --key=blog_media --value=$blog_media + ynh_app_setting_set --app=$app --key=blog_pages --value=$blog_pages + ynh_app_setting_set --app=$app --key=blog_blogroll --value=$blog_blogroll +fi + #================================================= # CREATE DEDICATED USER #=================================================