From 75f9ad9a4cf586f547c1bbae539cad8f6ba05055 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 3 Feb 2021 21:57:21 +0100 Subject: [PATCH] New permissions --- manifest.json | 4 ++-- pull_request_template.md | 4 +--- scripts/install | 12 +++++++----- scripts/upgrade | 24 ++++++++++++------------ scripts/ynh_composer__2 | 14 +++++++++++--- 5 files changed, 33 insertions(+), 25 deletions(-) diff --git a/manifest.json b/manifest.json index 9ebfe3d..8dd9264 100644 --- a/manifest.json +++ b/manifest.json @@ -10,7 +10,7 @@ "url": "https://framagit.org/framasoft/framaforms", "license": "GPL-2.0-only", "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.0.0" }, "maintainer": { "name": "ljf", @@ -20,7 +20,7 @@ "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql" ], "arguments": { diff --git a/pull_request_template.md b/pull_request_template.md index 3679ea2..6c28fc5 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -13,6 +13,4 @@ ## Package_check results --- -*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* - -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/framaforms_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/framaforms_ynh%20PR-NUM-%20(USERNAME)/) +* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/install b/scripts/install index ad6db06..193a858 100644 --- a/scripts/install +++ b/scripts/install @@ -271,17 +271,19 @@ chown -R $app: $final_path #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --weight=1 - -ynh_permission_create --permission "admin" --url /admin/ +ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi +# Only the admin can access the admin panel of the app (if the app has an admin panel) +ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index f48a280..9fb7aff 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -58,6 +58,18 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -180,18 +192,6 @@ mkdir -p "/home/yunohost.app/$app/data" chown -R $app: "/home/yunohost.app/$app/data" chmod 775 "/home/yunohost.app/$app/data" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/ynh_composer__2 b/scripts/ynh_composer__2 index 762b7f7..ca68a65 100644 --- a/scripts/ynh_composer__2 +++ b/scripts/ynh_composer__2 @@ -1,5 +1,10 @@ #!/bin/bash +readonly YNH_DEFAULT_COMPOSER_VERSION=1.10.17 +# Declare the actual composer version to use. +# A packager willing to use another version of composer can override the variable into its _common.sh. +YNH_COMPOSER_VERSION=${YNH_COMPOSER_VERSION:-$YNH_DEFAULT_COMPOSER_VERSION} + # Execute a command with Composer # # usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$final_path] --commands="commands" @@ -25,26 +30,29 @@ ynh_composer_exec () { # Install and initialize Composer in the given directory # -# usage: ynh_install_composer [--phpversion=phpversion] [--workdir=$final_path] [--install_args="--optimize-autoloader"] +# usage: ynh_install_composer [--phpversion=phpversion] [--workdir=$final_path] [--install_args="--optimize-autoloader"] [--composerversion=composerversion] # | arg: -v, --phpversion - PHP version to use with composer # | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path. # | arg: -a, --install_args - Additional arguments provided to the composer install. Argument --no-dev already include +# | arg: -c, --composerversion - Composer version to install ynh_install_composer () { # Declare an array to define the options of this helper. local legacy_args=vwa - declare -Ar args_array=( [v]=phpversion= [w]=workdir= [a]=install_args=) + declare -Ar args_array=( [v]=phpversion= [w]=workdir= [a]=install_args= [c]=composerversion=) local phpversion local workdir local install_args + local composerversion # Manage arguments with getopts ynh_handle_getopts_args "$@" workdir="${workdir:-$final_path}" phpversion="${phpversion:-$YNH_PHP_VERSION}" install_args="${install_args:-}" + composerversion="${composerversion:-$YNH_COMPOSER_VERSION}" curl -sS https://getcomposer.org/installer \ | COMPOSER_HOME="$workdir/.composer" \ - php${phpversion} -- --quiet --install-dir="$workdir" \ + php${phpversion} -- --quiet --install-dir="$workdir" --version=$composerversion \ || ynh_die "Unable to install Composer." # update dependencies to create composer.lock