[fix] #89: Use new permission system:

Requires YnH v4.1 which implements this new permission system Use ynh_permission_create helper Set Duniter admin interface accessible to the selected admin BMA is set as accessible to visitors by default Remove / −> /webui redirection, since this change adds a tile to the admin Remove deprecated permission system settings Re-enable the web admin since it is protected again Rename f() name
2024-09-03 18:26:35 +02:00 · 2021-04-01 22:05:49 +02:00 · 2021-04-01 22:05:49 +02:00 · 67e49bfb1e
commit 67e49bfb1e
parent aacb2791d6
6 changed files with 16 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -3,8 +3,8 @@
 - [YunoHost project](https://yunohost.org)

 ## Requirements
- Debian Stretch
- YunoHost ≥ 3.7
+- Debian Buster
+- YunoHost ≥ v4.1
 - `x64` or `armlv7` architecture
 - 200Mo free RAM
 - A dedicated domain name to install the app on root path. For instance, `duniter.domain.tld`.
--- a/conf/duniter.service
+++ b/conf/duniter.service
@ -3,7 +3,7 @@ Description=Duniter node
 After=network.target

 [Service]
-Environment="DUNITER_WEB="
+Environment="DUNITER_WEB=web"
 Group=root
 User=root
 Type=forking
--- a/manifest.json
+++ b/manifest.json
@ -14,7 +14,7 @@
        "url": "https://moul.re"
    },
    "requirements": {
-        "yunohost": ">> 3.7.0"
+        "yunohost": ">> 4.1.7"
    },
    "multi_instance": false,
    "services": [
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@ -30,18 +30,17 @@ CONFIGURE_DUNITER () {
 	duniter config --ws2p-host 127.0.0.1 --ws2p-port 20901 --ws2p-remote-host $domain --ws2p-remote-port 443 --ws2p-noupnp
 }

-CONFIG_SSOWAT () {
-	# Add admin to the allowed users
-	yunohost app addaccess $app -u $admin
+CONFIG_PERMISSIONS () {
+	# Protect senstive sub-routes to Duniter web admin interface, give access to choosen admin
+	ynh_permission_delete --permission "admin"
+	ynh_permission_create --permission "admin" --url "/webui" --additional_urls "/webmin" --allowed "$admin" --label "Administration" --show_tile=true

-	# Protect senstive sub-routes
-	ynh_app_setting_set "$app" protected_uris "/webui","/webmin"
-
-	# Duniter is public app, with only some parts restricted in nginx.conf
-	ynh_app_setting_set "$app" unprotected_uris "/"
-
-	# Set URL redirection from root to webadmin
-	ynh_app_setting_set "$app" redirected_urls "{'$domain/':'$domain/webui'}"
+	# Remove deprecated permission system settings to remove their effects
+	if [ ! -z "$(ynh_app_setting_get --app=$app --key=protected_uris)" ]; then
+		ynh_app_setting_delete --app=$app --key=protected_uris
+		ynh_app_setting_delete --app=$app --key=unprotected_uris
+		ynh_app_setting_delete --app=$app --key=redirected_urls
+	fi
 }

 CONFIG_NGINX () {
--- a/scripts/install
+++ b/scripts/install
@ -54,5 +54,5 @@ systemctl start duniter
 # Add Duniter service to the YunoHost monitoring
 yunohost service add $app --log /root/.config/$app/"$app"_default/"$app".log

-CONFIG_SSOWAT
+CONFIG_PERMISSIONS
 CONFIG_NGINX
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -22,5 +22,5 @@ CONFIGURE_DUNITER
 # Start duniter service
 systemctl start duniter

-CONFIG_SSOWAT
+CONFIG_PERMISSIONS
 CONFIG_NGINX