mirror of
https://github.com/YunoHost-Apps/garradin_ynh.git
synced 2024-09-03 18:36:17 +02:00
Fix permissions for new helpers (#17)
* try to update source to 0.9.5 * refactoring and try to update version * add hooks to copy file config.dist.php in config.local.php with good options
This commit is contained in:
parent
b7d2abacc3
commit
52c95af69d
4 changed files with 82 additions and 53 deletions
|
@ -3,7 +3,7 @@
|
|||
"id": "garradin",
|
||||
"packaging_format": 1,
|
||||
"requirements": {
|
||||
"yunohost": ">=3.5.0"
|
||||
"yunohost": ">=3.7.0"
|
||||
},
|
||||
"description": {
|
||||
"en": "Software to manage association",
|
||||
|
|
|
@ -8,3 +8,38 @@
|
|||
pkg_dependencies="php7.0-sqlite3"
|
||||
|
||||
# ============= FUTURE YUNOHOST HELPER =============
|
||||
|
||||
# Check if a permission exists
|
||||
#
|
||||
# While waiting for this new helper https://github.com/YunoHost/yunohost/pull/905
|
||||
# We have to use another one because the new helper use a new YunoHost command, not available for now.
|
||||
#
|
||||
# usage: ynh_permission_has_user --permission=permission --user=user
|
||||
# | arg: -p, --permission - the permission to check
|
||||
# | arg: -u, --user - the user seek in the permission
|
||||
#
|
||||
# example: ynh_permission_has_user --permission=main --user=visitors
|
||||
#
|
||||
# Requires YunoHost version 3.7.1 or higher.
|
||||
ynh_permission_has_user() {
|
||||
local legacy_args=pu
|
||||
# Declare an array to define the options of this helper.
|
||||
declare -Ar args_array=( [p]=permission= [u]=user= )
|
||||
local permission
|
||||
local user
|
||||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
|
||||
if ! ynh_permission_exists --permission=$permission
|
||||
then
|
||||
return 1
|
||||
fi
|
||||
|
||||
# List all permissions
|
||||
# Filter only the required permission with a multiline sed (Here a cut from the permission to the next one), remove the url and his value
|
||||
perm="$(yunohost user permission list --full --output-as plain | sed --quiet "/^#$app.$permission/,/^#[[:alnum:]]/p" | sed "/^##url/,+1d")"
|
||||
# Remove all lines starting by # (got from the plain output before)
|
||||
allowed_users="$(echo "$perm" | grep --invert-match '^#')"
|
||||
# Grep the list of users an return the result if the user is indeed into the list
|
||||
echo "$allowed_users" | grep --quiet --word "$user"
|
||||
}
|
|
@ -23,7 +23,6 @@ ynh_abort_if_errors
|
|||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path_url=$YNH_APP_ARG_PATH
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
#=================================================
|
||||
|
@ -51,17 +50,13 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
||||
|
||||
|
||||
#=================================================
|
||||
# Install dependency to convert tracks to a readable format for the browser
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing dependencies..." --time --weight=1
|
||||
|
||||
if [ "$(lsb_release --codename --short)" != "jessie" ]
|
||||
then
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
else
|
||||
ynh_die --message="Votre version de Debian n'est pas compatible..." --time --weight=1
|
||||
fi
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
|
@ -95,28 +90,29 @@ ynh_script_progression --message="Configuring php-fpm..." --time --weight=1
|
|||
# Create a dedicated php-fpm config
|
||||
ynh_add_fpm_config
|
||||
|
||||
#=================================================
|
||||
# Files owned by user app
|
||||
#=================================================
|
||||
|
||||
chown $app:$app $final_path -R
|
||||
chmod 755 $final_path -R
|
||||
|
||||
# Remove the public access
|
||||
ynh_app_setting_delete --app=$app --key=skipped_uris
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
||||
ynh_script_progression --message="Configuring permissions..." --time --weight=1
|
||||
|
||||
if [ $is_public -eq 0 ]
|
||||
then # Remove the public access
|
||||
ynh_app_setting_delete $app skipped_uris
|
||||
fi
|
||||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# unprotected_uris allows SSO credentials to be passed anyway.
|
||||
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
|
||||
# Everyone can access the app.
|
||||
# The "main" permission is automatically created before the install script.
|
||||
ynh_permission_update --permission "main" --add "visitors"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
|
||||
|
||||
systemctl reload nginx
|
||||
# Only the users can access to the panel of the app
|
||||
# ynh_permission_update --permission="main" --add "all_users"
|
||||
|
||||
#=================================================
|
||||
# MODIFY A CONFIG FILE
|
||||
|
@ -134,11 +130,11 @@ else
|
|||
fi
|
||||
|
||||
#=================================================
|
||||
# Files owned by user app
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
|
||||
|
||||
chown $app:$app $final_path -R
|
||||
chmod 755 $final_path -R
|
||||
systemctl reload nginx
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
|
|
|
@ -18,7 +18,6 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path) || ynh_die "This path already contains a folder"
|
||||
#=================================================
|
||||
# CHECK VERSION
|
||||
|
@ -37,21 +36,34 @@ upgrade_type=$(ynh_check_app_version_changed)
|
|||
#=================================================
|
||||
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
|
||||
|
||||
# Fix is_public as a boolean value
|
||||
if [ "$is_public" = "Yes" ]; then
|
||||
ynh_app_setting_set --app=$app --key=is_public --value=1
|
||||
is_public=1
|
||||
elif [ "$is_public" = "No" ]; then
|
||||
ynh_app_setting_set --app=$app --key=is_public --value=0
|
||||
is_public=0
|
||||
fi
|
||||
|
||||
# If final_path doesn't exist, create it
|
||||
if [ -z "$final_path" ]; then
|
||||
final_path=/var/www/$app
|
||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||
fi
|
||||
|
||||
### If nobody installed your app before 3.7,
|
||||
### then you may safely remove these lines
|
||||
|
||||
# Cleaning legacy permissions
|
||||
# is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||
|
||||
if [ -n "$is_public" ]; then
|
||||
# Remove unprotected_uris
|
||||
ynh_app_setting_delete --app=$app --key=unprotected_uris
|
||||
|
||||
#Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
|
||||
#Remove skipped_uris. If the app was public, add visitors again to the main permission
|
||||
if ynh_permission_has_user --permission=main --user=visitors
|
||||
then
|
||||
ynh_app_setting_delete --app=$app --key=skipped_uris
|
||||
ynh_permission_update --permission "main" --add "visitors"
|
||||
else
|
||||
ynh_app_setting_delete --app=$app --key=skipped_uris
|
||||
fi
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# Backup Data
|
||||
#=================================================
|
||||
|
@ -82,18 +94,6 @@ ynh_clean_setup () {
|
|||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
# #=================================================
|
||||
# # CHECK THE PATH
|
||||
# #=================================================
|
||||
|
||||
# Normalize the URL path syntax
|
||||
# N.B. : this is for app installations before YunoHost 2.7
|
||||
# where this value might be something like /foo/ or foo/
|
||||
# instead of /foo ....
|
||||
# If nobody installed your app before 2.7, then you may
|
||||
# safely remove this line
|
||||
path_url=$(ynh_normalize_url_path --path_url=$path_url)
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
|
@ -181,13 +181,11 @@ chmod 755 $final_path -R
|
|||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
|
||||
ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1
|
||||
|
||||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# unprotected_uris allows SSO credentials to be passed anyway
|
||||
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
|
||||
# Create the visitors permission if needed
|
||||
if ! ynh_permission_exists --permission "visitors"; then
|
||||
ynh_permission_create --permission "visitors"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue