From 872e308bc2cf76e8a0b27dfb42ee5611127a8035 Mon Sep 17 00:00:00 2001
From: Kay0u <pierre.moltess@gmail.com>
Date: Wed, 6 Nov 2019 21:39:26 +0900
Subject: [PATCH] Use new permission system

---
 actions.json                   | 22 ----------
 config_panel.json              | 14 -------
 manifest.json                  |  2 +-
 scripts/actions/public_private | 74 ----------------------------------
 scripts/config                 |  9 -----
 scripts/install                |  3 +-
 scripts/upgrade                |  5 +--
 7 files changed, 4 insertions(+), 125 deletions(-)
 delete mode 100644 scripts/actions/public_private

diff --git a/actions.json b/actions.json
index e3b6513..e283eca 100644
--- a/actions.json
+++ b/actions.json
@@ -1,26 +1,4 @@
 [
-    {
-        "id": "public_private",
-        "name": "Move to public or private",
-        "command": "/bin/bash scripts/actions/public_private",
-        "user": "root",
-        "accepted_return_codes": [
-            0
-        ],
-        "description": {
-            "en": "Change the public access of the app."
-        },
-        "arguments": [
-            {
-                "name": "is_public",
-                "type": "boolean",
-                "ask": {
-                    "en": "Is it a public app ?"
-                },
-                "default": true
-            }
-        ]
-    },
     {
         "id": "web_account",
         "name": "External users",
diff --git a/config_panel.json b/config_panel.json
index 965a554..67fef52 100644
--- a/config_panel.json
+++ b/config_panel.json
@@ -6,20 +6,6 @@
             "name": "GitLab configuration",
             "id": "main",
             "sections": [
-                {
-                    "name": "Public access",
-                    "id": "is_public",
-                    "options": [
-                        {
-                            "name": "is_public",
-                            "ask": {
-                                "en": "Is it a public app ?"
-                            },
-                            "type": "boolean",
-                            "default": true
-                        }
-                    ]
-                },
                 {
                     "name": "Overwriting config files",
                     "id": "overwrite_files",
diff --git a/manifest.json b/manifest.json
index 26f5bab..c0fcad1 100644
--- a/manifest.json
+++ b/manifest.json
@@ -14,7 +14,7 @@
         "email": "pierre@kayou.io"
     },
     "requirements": {
-        "yunohost": ">= 3.6.0"
+        "yunohost": ">= 3.7.0"
     },
     "multi_instance": false,
     "services": [
diff --git a/scripts/actions/public_private b/scripts/actions/public_private
deleted file mode 100644
index 5aa6f5d..0000000
--- a/scripts/actions/public_private
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/bin/bash
-
-#=================================================
-# GENERIC STARTING
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
-source scripts/_common.sh
-source /usr/share/yunohost/helpers
-
-#=================================================
-# RETRIEVE ARGUMENTS
-#=================================================
-
-# Get is_public
-is_public=${YNH_ACTION_IS_PUBLIC}
-
-app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
-
-#=================================================
-# CHECK IF ARGUMENTS ARE CORRECT
-#=================================================
-
-#=================================================
-# CHECK IF AN ACTION HAS TO BE DONE
-#=================================================
-
-is_public_old=$(ynh_app_setting_get --app=$app --key=is_public)
-
-if [ $is_public -eq $is_public_old ]
-then
-	ynh_die "is_public is already set as $is_public." 0
-fi
-
-#=================================================
-# SPECIFIC ACTION
-#=================================================
-# MOVE TO PUBLIC OR PRIVATE
-#=================================================
-if [ $is_public -eq 0 ]; then
-	public_private="private"
-else
-	public_private="public"
-fi
-ynh_script_progression --message=--message="Moving the application to $public_private..." --weight=1
-
-# Make app public if necessary
-if [ $is_public -eq 0 ]; then
-	ynh_app_setting_delete $app unprotected_uris
-else
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
-ynh_script_progression --message=--message="Reconfiguring SSOwat..." --weight=1
-# Regen ssowat configuration
-yunohost app ssowatconf
-
-# Update the config of the app
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message=--message="Reloading nginx web server..." --weight=1
-
-ynh_systemd_action --action=reload --service_name=nginx
-
-#=================================================
-# END OF SCRIPT
-#=================================================
-
-ynh_script_progression --message="Execution completed" --last
\ No newline at end of file
diff --git a/scripts/config b/scripts/config
index efaa386..35a0416 100644
--- a/scripts/config
+++ b/scripts/config
@@ -25,10 +25,6 @@ app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
 # If the form has a value for a variable, take the value from the form,
 # Otherwise, keep the value from the app config.
 
-# is_public
-old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)"
-is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}"
-
 # Overwrite nginx configuration
 old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
 overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
@@ -70,8 +66,6 @@ show_config() {
 	# here you are supposed to read some config file/database/other then print the values
 	# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
 
-	ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
-
 	ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
 
 	ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
@@ -98,9 +92,6 @@ show_config() {
 #=================================================
 
 apply_config() {
-	# Change public accessibility
-	yunohost app action run $app public_private --args is_public=$is_public
-
 	# Change use_web_account
 	yunohost app action run $app web_account --args use_web_account=$use_web_account
 
diff --git a/scripts/install b/scripts/install
index bdf5ae8..4cc23d2 100644
--- a/scripts/install
+++ b/scripts/install
@@ -253,8 +253,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1
 
 # Make app public if necessary
 if [ $is_public -eq 1 ]; then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	ynh_permission_update --permission "main" --remove "all_users" --add "visitors"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 7d9df73..b02ce09 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -356,10 +356,9 @@ yunohost service add "gitlab-runsvdir" --log "/var/log/$app/gitlab-rails/applica
 # SETUP SSOWAT
 #=================================================
 
-# If app is public, add url to SSOWat conf as skipped_uris
+# Make app public if necessary
 if [ $is_public -eq 1 ]; then
-	# See install script
-	ynh_app_setting_set --app="$app" --key=unprotected_uris --value="/"
+	ynh_permission_update --permission "main" --remove "all_users" --add "visitors"
 fi
 
 #=================================================