YunoHost-Apps/duniter_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/duniter_ynh.git synced 2024-09-03 18:26:35 +02:00
Code Issues Activity Actions

[fix] #89: Use new permission system:

Browse source 
Requires YnH v4.1 which implements this new permission system
Use ynh_permission_create helper
Set Duniter admin interface accessible to the selected admin
BMA is set as accessible to visitors by default
Remove / −> /webui redirection, since this change adds a tile to the admin
Remove deprecated permission system settings
Re-enable the web admin since it is protected again
Rename f() name
This commit is contained in:
Moul 2021-04-01 22:05:49 +02:00
parent aacb2791d6
commit 67e49bfb1e
6 changed files with 16 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -3,8 +3,8 @@
- [YunoHost project](https://yunohost.org) - [YunoHost project](https://yunohost.org)
## Requirements ## Requirements
- Debian Stretch - Debian Buster
- YunoHost ≥ 3.7 - YunoHost ≥ v4.1
- `x64` or `armlv7` architecture - `x64` or `armlv7` architecture
- 200Mo free RAM - 200Mo free RAM
- A dedicated domain name to install the app on root path. For instance, `duniter.domain.tld`. - A dedicated domain name to install the app on root path. For instance, `duniter.domain.tld`.

2
conf/duniter.service
View file

@ -3,7 +3,7 @@ Description=Duniter node
After=network.target After=network.target
[Service] [Service]
Environment="DUNITER_WEB=" Environment="DUNITER_WEB=web"
Group=root Group=root
User=root User=root
Type=forking Type=forking

2
manifest.json
View file

@ -14,7 +14,7 @@
"url": "https://moul.re" "url": "https://moul.re"
}, },
"requirements": { "requirements": {
"yunohost": ">> 3.7.0" "yunohost": ">> 4.1.7"
}, },
"multi_instance": false, "multi_instance": false,
"services": [ "services": [

21
scripts/functions.sh
View file

@ -30,18 +30,17 @@ CONFIGURE_DUNITER () {
duniter config --ws2p-host 127.0.0.1 --ws2p-port 20901 --ws2p-remote-host $domain --ws2p-remote-port 443 --ws2p-noupnp duniter config --ws2p-host 127.0.0.1 --ws2p-port 20901 --ws2p-remote-host $domain --ws2p-remote-port 443 --ws2p-noupnp
} }
CONFIG_SSOWAT () { CONFIG_PERMISSIONS () {
# Add admin to the allowed users # Protect senstive sub-routes to Duniter web admin interface, give access to choosen admin
yunohost app addaccess $app -u $admin ynh_permission_delete --permission "admin"
ynh_permission_create --permission "admin" --url "/webui" --additional_urls "/webmin" --allowed "$admin" --label "Administration" --show_tile=true
# Protect senstive sub-routes # Remove deprecated permission system settings to remove their effects
ynh_app_setting_set "$app" protected_uris "/webui","/webmin" if [ ! -z "$(ynh_app_setting_get --app=$app --key=protected_uris)" ]; then
ynh_app_setting_delete --app=$app --key=protected_uris
# Duniter is public app, with only some parts restricted in nginx.conf ynh_app_setting_delete --app=$app --key=unprotected_uris
ynh_app_setting_set "$app" unprotected_uris "/" ynh_app_setting_delete --app=$app --key=redirected_urls
fi
# Set URL redirection from root to webadmin
ynh_app_setting_set "$app" redirected_urls "{'$domain/':'$domain/webui'}"
} }
CONFIG_NGINX () { CONFIG_NGINX () {

2
scripts/install
View file

@ -54,5 +54,5 @@ systemctl start duniter
# Add Duniter service to the YunoHost monitoring # Add Duniter service to the YunoHost monitoring
yunohost service add $app --log /root/.config/$app/"$app"_default/"$app".log yunohost service add $app --log /root/.config/$app/"$app"_default/"$app".log
CONFIG_SSOWAT CONFIG_PERMISSIONS
CONFIG_NGINX CONFIG_NGINX

2
scripts/upgrade
View file

@ -22,5 +22,5 @@ CONFIGURE_DUNITER
# Start duniter service # Start duniter service
systemctl start duniter systemctl start duniter
CONFIG_SSOWAT CONFIG_PERMISSIONS
CONFIG_NGINX CONFIG_NGINX