Using new permissions system

2024-09-03 18:36:11 +02:00 · 2020-02-08 23:16:25 +07:00 · 2020-02-08 23:16:25 +07:00 · 86d348b312
commit 86d348b312
parent 15bf6f665e
3 changed files with 42 additions and 25 deletions
--- a/manifest.json
+++ b/manifest.json
@ -15,7 +15,7 @@
        "url": "http://example.com"
    },
    "requirements": {
-        "yunohost": ">= 3.5"
+        "yunohost": ">= 3.7"
    },
    "multi_instance": true,
    "services": [
--- a/scripts/install
+++ b/scripts/install
@ -72,7 +72,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=language --value=$language

 #=================================================
@ -233,10 +232,7 @@ ynh_script_progression --message="Finalizing installation..." --time --weight=1
 ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"

 # Remove the public access
-if [ $is_public -eq 0 ]
-then
-	ynh_app_setting_delete --app=$app --key=skipped_uris
-fi
+ynh_app_setting_delete --app=$app --key=skipped_uris

 #=================================================
 # MODIFY A CONFIG FILE
@ -336,15 +332,19 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
+ynh_script_progression --message="Configuring permissions..." --time --weight=1

 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission "main" --add "visitors"
 fi

+# Only the admin can access the admin panel of the app (if the app has an admin panel)
+ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
+
 #=================================================
 # RELOAD NGINX
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@ -41,15 +40,6 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1

-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
-
 # If db_name doesn't exist, create it
 if [ -z "$db_name" ]; then
 	db_name=$(ynh_sanitize_dbid --db_name=$app)
@ -62,6 +52,35 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi

+# If nobody installed your app before 3.7, then you may
+# safely remove these lines
+
+# Cleaning legacy permissions
+is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
+unprotected_uris=$(ynh_app_setting_get --app=$app --key=unprotected_uris)
+protected_uris=$(ynh_app_setting_get --app=$app --key=protected_uris)
+
+# Remove is_public if exists
+if [ ! -z "$is_public" ]; then
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+# Remove skipped_uris if exists
+if [ ! -z "$skipped_uris" ]; then
+	ynh_app_setting_delete --app=$app --key=skipped_uris
+fi
+
+# Remove unprotected_uris if exists
+if [ ! -z "$unprotected_uris" ]; then
+	ynh_app_setting_delete --app=$app --key=unprotected_uris
+fi
+
+# Remove protected_uris if exists
+if [ ! -z "$protected_uris" ]; then
+	ynh_app_setting_delete --app=$app --key=protected_uris
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@ -192,13 +211,11 @@ chown -R root: $final_path
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1

-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+# Create the admin permission if needed
+if ! ynh_permission_exists --permission "admin"; then
+	ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
 fi

 #=================================================