diff --git a/manifest.json b/manifest.json index 6b77907..bd0a130 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "aeris@e.email" }, "requirements": { - "yunohost": ">= 3.5.0" + "yunohost": ">= 3.7.0" }, "multi_instance": true, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..a652bbf --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= + +# Check if a permission exists +# +# While waiting for this new helper https://github.com/YunoHost/yunohost/pull/905 +# We have to use another one because the new helper use a new YunoHost command, not available for now. +# +# usage: ynh_permission_has_user --permission=permission --user=user +# | arg: -p, --permission - the permission to check +# | arg: -u, --user - the user seek in the permission +# +# example: ynh_permission_has_user --permission=main --user=visitors +# +# Requires YunoHost version 3.7.1 or higher. +ynh_permission_has_user() { + local legacy_args=pu + # Declare an array to define the options of this helper. + declare -Ar args_array=( [p]=permission= [u]=user= ) + local permission + local user + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ! ynh_permission_exists --permission=$permission + then + return 1 + fi + + # List all permissions + # Filter only the required permission with a multiline sed (Here a cut from the permission to the next one), remove the url and his value + perm="$(yunohost user permission list --full --output-as plain | sed --quiet "/^#$app.$permission/,/^#[[:alnum:]]/p" | sed "/^##url/,+1d")" + # Remove all lines starting by # (got from the plain output before) + allowed_users="$(echo "$perm" | grep --invert-match '^#')" + # Grep the list of users an return the result if the user is indeed into the list + echo "$allowed_users" | grep --quiet --word "$user" +} diff --git a/scripts/install b/scripts/install index 4c373f2..f9c8d95 100755 --- a/scripts/install +++ b/scripts/install @@ -82,8 +82,7 @@ ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=skipped_uris --value="/" + ynh_permission_update --permission "main" --add visitors fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 08d2411..23b240d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -6,18 +6,18 @@ # IMPORT GENERIC HELPERS #================================================= +source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=2 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -29,16 +29,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # If final_path doesn't exist, create it if [ -z "$final_path" ]; then @@ -46,6 +37,23 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Migrate from legacy permission system +is_public=$(ynh_app_setting_get --app=$app --key=is_public) + +if [ -n "$is_public" ]; then + # Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7 + # Remove skipped_uris. If the app was public, add visitors again to the main permission + if ynh_permission_has_user --permission=main --user=visitors + then + ynh_app_setting_delete --app=$app --key=skipped_uris + ynh_permission_update --permission "main" --add "visitors" + else + ynh_app_setting_delete --app=$app --key=skipped_uris + fi + ynh_app_setting_delete --app=$app --key=is_public +fi + + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -98,22 +106,10 @@ ynh_add_nginx_config # Set permissions to app files chown -R root: $final_path -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=skipped_uris --value="/" -fi - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload