From 86d348b3122ab28272bec7563677b76af6d6e163 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 8 Feb 2020 23:16:25 +0700 Subject: [PATCH] Using new permissions system --- manifest.json | 2 +- scripts/install | 16 ++++++++-------- scripts/upgrade | 49 +++++++++++++++++++++++++++++++++---------------- 3 files changed, 42 insertions(+), 25 deletions(-) diff --git a/manifest.json b/manifest.json index e62ad56..44a6aa9 100644 --- a/manifest.json +++ b/manifest.json @@ -15,7 +15,7 @@ "url": "http://example.com" }, "requirements": { - "yunohost": ">= 3.5" + "yunohost": ">= 3.7" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index 4cbacc8..54d74a3 100755 --- a/scripts/install +++ b/scripts/install @@ -72,7 +72,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language #================================================= @@ -233,10 +232,7 @@ ynh_script_progression --message="Finalizing installation..." --time --weight=1 ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" # Remove the public access -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete --app=$app --key=skipped_uris -fi +ynh_app_setting_delete --app=$app --key=skipped_uris #================================================= # MODIFY A CONFIG FILE @@ -336,15 +332,19 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 +ynh_script_progression --message="Configuring permissions..." --time --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission "main" --add "visitors" fi +# Only the admin can access the admin panel of the app (if the app has an admin panel) +ynh_permission_create --permission "admin" --url "/admin" --allowed $admin + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 243e85b..19a361c 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) db_name=$(ynh_app_setting_get --app=$app --key=db_name) @@ -41,15 +40,6 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) @@ -62,6 +52,35 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# If nobody installed your app before 3.7, then you may +# safely remove these lines + +# Cleaning legacy permissions +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris) +unprotected_uris=$(ynh_app_setting_get --app=$app --key=unprotected_uris) +protected_uris=$(ynh_app_setting_get --app=$app --key=protected_uris) + +# Remove is_public if exists +if [ ! -z "$is_public" ]; then + ynh_app_setting_delete --app=$app --key=is_public +fi + +# Remove skipped_uris if exists +if [ ! -z "$skipped_uris" ]; then + ynh_app_setting_delete --app=$app --key=skipped_uris +fi + +# Remove unprotected_uris if exists +if [ ! -z "$unprotected_uris" ]; then + ynh_app_setting_delete --app=$app --key=unprotected_uris +fi + +# Remove protected_uris if exists +if [ ! -z "$protected_uris" ]; then + ynh_app_setting_delete --app=$app --key=protected_uris +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -192,13 +211,11 @@ chown -R root: $final_path #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1 -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +# Create the admin permission if needed +if ! ynh_permission_exists --permission "admin"; then + ynh_permission_create --permission "admin" --url "/admin" --allowed $admin fi #=================================================