try to fix unskipped uris obsolete

2024-09-03 18:36:17 +02:00 · 2020-04-29 01:16:00 +02:00 · 2020-04-29 01:16:00 +02:00 · 637a7f282d
commit 637a7f282d
parent 71983a0345
4 changed files with 117 additions and 41 deletions
--- a/manifest.json
+++ b/manifest.json
@ -3,7 +3,7 @@
    "id": "garradin",
    "packaging_format": 1,
    "requirements": {
-        "yunohost": ">=3.5.0"
+        "yunohost": ">=3.7.0"
    },
    "description": {
        "en": "Software to manage association",
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -8,3 +8,38 @@
 pkg_dependencies="php7.0-sqlite3"

 # ============= FUTURE YUNOHOST HELPER =============
+
+# Check if a permission exists
+#
+# While waiting for this new helper https://github.com/YunoHost/yunohost/pull/905
+# We have to use another one because the new helper use a new YunoHost command, not available for now.
+#
+# usage: ynh_permission_has_user --permission=permission --user=user
+# | arg: -p, --permission - the permission to check
+# | arg: -u, --user - the user seek in the permission
+#
+# example: ynh_permission_has_user --permission=main --user=visitors
+#
+# Requires YunoHost version 3.7.1 or higher.
+ynh_permission_has_user() {
+    local legacy_args=pu
+    # Declare an array to define the options of this helper.
+    declare -Ar args_array=( [p]=permission= [u]=user= )
+    local permission
+    local user
+    # Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
+
+    if ! ynh_permission_exists --permission=$permission
+    then
+        return 1
+    fi
+
+    # List all permissions
+    # Filter only the required permission with a multiline sed (Here a cut from the permission to the next one), remove the url and his value
+    perm="$(yunohost user permission list --full --output-as plain | sed --quiet "/^#$app.$permission/,/^#[[:alnum:]]/p" | sed "/^##url/,+1d")"
+    # Remove all lines starting by # (got from the plain output before)
+    allowed_users="$(echo "$perm" | grep --invert-match '^#')"
+    # Grep the list of users an return the result if the user is indeed into the list
+    echo "$allowed_users" | grep --quiet --word "$user"
+}
--- a/scripts/install
+++ b/scripts/install
@ -20,11 +20,10 @@ ynh_abort_if_errors
 # Retrieve arguments
 #=================================================

-domain=$YNH_APP_ARG_DOMAIN
-path_url=$YNH_APP_ARG_PATH
-is_public=$YNH_APP_ARG_IS_PUBLIC
-
-app=$YNH_APP_INSTANCE_NAME
+#domain=$YNH_APP_ARG_DOMAIN
+#path_url=$YNH_APP_ARG_PATH
+#is_public=$YNH_APP_ARG_IS_PUBLIC
+#app=$YNH_APP_INSTANCE_NAME

 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
@ -49,7 +48,7 @@ ynh_script_progression --message="Storing installation settings..." --time --wei

 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
+#ynh_app_setting_set --app=$app --key=is_public --value=$is_public

 #=================================================
 # Install dependency to convert tracks to a readable format for the browser
@ -95,28 +94,39 @@ ynh_script_progression --message="Configuring php-fpm..." --time --weight=1
 # Create a dedicated php-fpm config
 ynh_add_fpm_config

+#=================================================
+# Files owned by user app
+#=================================================
+
+chown $app:$app $final_path -R
+chmod 755 $final_path -R
+
+# Remove the public access
+ynh_app_setting_delete --app=$app --key=skipped_uris
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
+ynh_script_progression --message="Configuring permissions..." --time --weight=1

-if [ $is_public -eq 0 ]
-then  # Remove the public access
-  ynh_app_setting_delete $app skipped_uris
-fi
+# if [ $is_public -eq 0 ]
+# then  # Remove the public access
+#   ynh_app_setting_delete $app skipped_uris
+# fi
+# # Make app public if necessary
+# if [ $is_public -eq 1 ]
+# then
+#   # unprotected_uris allows SSO credentials to be passed anyway.
+#   ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+# fi
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+    # Everyone can access the app.
+  # The "main" permission is automatically created before the install script.
+  ynh_permission_update --permission "main" --add "visitors"
 fi
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
-
-systemctl reload nginx
+# Only the users can access to the panel of the app
+# ynh_permission_update --permission="main" --add "all_users"

 #=================================================
 # MODIFY A CONFIG FILE
@ -134,11 +144,11 @@ else
 fi

 #=================================================
-# Files owned by user app
+# RELOAD NGINX
 #=================================================
+ynh_script_progression --message="Reloading nginx web server..." --time --weight=1

-chown $app:$app $final_path -R
-chmod 755 $final_path -R
+systemctl reload nginx

 #=================================================
 # END OF SCRIPT
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -18,7 +18,7 @@ app=$YNH_APP_INSTANCE_NAME

 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+#is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path) || ynh_die "This path already contains a folder"
 #=================================================
 # CHECK VERSION
@ -37,14 +37,14 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1

-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
+# # Fix is_public as a boolean value
+# if [ "$is_public" = "Yes" ]; then
+# 	ynh_app_setting_set --app=$app --key=is_public --value=1
+# 	is_public=1
+# elif [ "$is_public" = "No" ]; then
+# 	ynh_app_setting_set --app=$app --key=is_public --value=0
+# 	is_public=0
+# fi

 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
@ -52,6 +52,30 @@ if [ -z "$final_path" ]; then
  ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi

+### If nobody installed your app before 3.7,
+### then you may safely remove these lines
+
+# Cleaning legacy permissions
+is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+
+if [ -n "$is_public" ]; then
+  # Remove unprotected_uris
+  ynh_app_setting_delete --app=$app --key=unprotected_uris
+  # Remove protected_uris
+  ynh_app_setting_delete --app=$app --key=protected_uris
+
+  # Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
+  # Remove skipped_uris. If the app was public, add visitors again to the main permission
+  if ynh_permission_has_user --permission=main --user=visitors
+  then
+    ynh_app_setting_delete --app=$app --key=skipped_uris
+    ynh_permission_update --permission "main" --add "visitors"
+  else
+    ynh_app_setting_delete --app=$app --key=skipped_uris
+  fi
+  ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 #=================================================
 # Backup Data
 #=================================================
@ -92,7 +116,7 @@ ynh_abort_if_errors
 # instead of /foo ....
 # If nobody installed your app before 2.7, then you may
 # safely remove this line
-path_url=$(ynh_normalize_url_path --path_url=$path_url)
+#path_url=$(ynh_normalize_url_path --path_url=$path_url)

 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -181,14 +205,21 @@ chmod 755 $final_path -R
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1

-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
+
+
+# # Make app public if necessary
+# if [ $is_public -eq 1 ]
+# then
+# 	# unprotected_uris allows SSO credentials to be passed anyway
+# 	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+# fi
+
+# Create the admin permission if needed
+# if ! ynh_permission_exists --permission "all_users"; then
+#   ynh_permission_create --permission "all_users" --url "/admin" --allowed $admin
+# fi

 #=================================================
 # RELOAD NGINX