1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/garradin_ynh.git synced 2024-09-03 18:36:17 +02:00

Fix permissions for new helpers (#17)

* try to update source to 0.9.5
* refactoring and try to update version
* add hooks to copy file config.dist.php in config.local.php with good options
This commit is contained in:
Robles Rodolphe 2020-06-17 18:44:53 +02:00 committed by GitHub
parent b7d2abacc3
commit 52c95af69d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 82 additions and 53 deletions

View file

@ -3,7 +3,7 @@
"id": "garradin",
"packaging_format": 1,
"requirements": {
"yunohost": ">=3.5.0"
"yunohost": ">=3.7.0"
},
"description": {
"en": "Software to manage association",

View file

@ -8,3 +8,38 @@
pkg_dependencies="php7.0-sqlite3"
# ============= FUTURE YUNOHOST HELPER =============
# Check if a permission exists
#
# While waiting for this new helper https://github.com/YunoHost/yunohost/pull/905
# We have to use another one because the new helper use a new YunoHost command, not available for now.
#
# usage: ynh_permission_has_user --permission=permission --user=user
# | arg: -p, --permission - the permission to check
# | arg: -u, --user - the user seek in the permission
#
# example: ynh_permission_has_user --permission=main --user=visitors
#
# Requires YunoHost version 3.7.1 or higher.
ynh_permission_has_user() {
local legacy_args=pu
# Declare an array to define the options of this helper.
declare -Ar args_array=( [p]=permission= [u]=user= )
local permission
local user
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ! ynh_permission_exists --permission=$permission
then
return 1
fi
# List all permissions
# Filter only the required permission with a multiline sed (Here a cut from the permission to the next one), remove the url and his value
perm="$(yunohost user permission list --full --output-as plain | sed --quiet "/^#$app.$permission/,/^#[[:alnum:]]/p" | sed "/^##url/,+1d")"
# Remove all lines starting by # (got from the plain output before)
allowed_users="$(echo "$perm" | grep --invert-match '^#')"
# Grep the list of users an return the result if the user is indeed into the list
echo "$allowed_users" | grep --quiet --word "$user"
}

View file

@ -23,7 +23,6 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
#=================================================
@ -51,17 +50,13 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
#=================================================
# Install dependency to convert tracks to a readable format for the browser
#=================================================
ynh_script_progression --message="Installing dependencies..." --time --weight=1
if [ "$(lsb_release --codename --short)" != "jessie" ]
then
ynh_install_app_dependencies $pkg_dependencies
else
ynh_die --message="Votre version de Debian n'est pas compatible..." --time --weight=1
fi
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
@ -95,28 +90,29 @@ ynh_script_progression --message="Configuring php-fpm..." --time --weight=1
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# Files owned by user app
#=================================================
chown $app:$app $final_path -R
chmod 755 $final_path -R
# Remove the public access
ynh_app_setting_delete --app=$app --key=skipped_uris
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
ynh_script_progression --message="Configuring permissions..." --time --weight=1
if [ $is_public -eq 0 ]
then # Remove the public access
ynh_app_setting_delete $app skipped_uris
fi
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission "main" --add "visitors"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
systemctl reload nginx
# Only the users can access to the panel of the app
# ynh_permission_update --permission="main" --add "all_users"
#=================================================
# MODIFY A CONFIG FILE
@ -134,11 +130,11 @@ else
fi
#=================================================
# Files owned by user app
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
chown $app:$app $final_path -R
chmod 755 $final_path -R
systemctl reload nginx
#=================================================
# END OF SCRIPT

View file

@ -18,7 +18,6 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) || ynh_die "This path already contains a folder"
#=================================================
# CHECK VERSION
@ -37,21 +36,34 @@ upgrade_type=$(ynh_check_app_version_changed)
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=0
is_public=0
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
### If nobody installed your app before 3.7,
### then you may safely remove these lines
# Cleaning legacy permissions
# is_public=$(ynh_app_setting_get --app=$app --key=is_public)
if [ -n "$is_public" ]; then
# Remove unprotected_uris
ynh_app_setting_delete --app=$app --key=unprotected_uris
#Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
#Remove skipped_uris. If the app was public, add visitors again to the main permission
if ynh_permission_has_user --permission=main --user=visitors
then
ynh_app_setting_delete --app=$app --key=skipped_uris
ynh_permission_update --permission "main" --add "visitors"
else
ynh_app_setting_delete --app=$app --key=skipped_uris
fi
ynh_app_setting_delete --app=$app --key=is_public
fi
#=================================================
# Backup Data
#=================================================
@ -82,18 +94,6 @@ ynh_clean_setup () {
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# #=================================================
# # CHECK THE PATH
# #=================================================
# Normalize the URL path syntax
# N.B. : this is for app installations before YunoHost 2.7
# where this value might be something like /foo/ or foo/
# instead of /foo ....
# If nobody installed your app before 2.7, then you may
# safely remove this line
path_url=$(ynh_normalize_url_path --path_url=$path_url)
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -181,13 +181,11 @@ chmod 755 $final_path -R
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Create the visitors permission if needed
if ! ynh_permission_exists --permission "visitors"; then
ynh_permission_create --permission "visitors"
fi
#=================================================