Add comments and bug fixing

hooks/post_app_addaccess

@@ -9,9 +9,13 @@ permission=$3
 added_groups=$4
 
 if [ "$app" == __APP__ ]; then
-    if [ "$permission" = "upload images" ]; then
-        if [ "$added_groups" = "visitors" ]; then
+    if [ "$permission" = "upload images" ]; then # The fake permission "upload images" is modifed.
+        if [ "$added_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
+
+            # We remove the regex, no more protection is needed.
             ynh_app_setting_delete --app=$app --key=protected_regex
+
+            # Sync the is_public variable according to the permission
             ynh_app_setting_set --app=$app --key=is_public --value=1
 
             yunohost app ssowatconf

hooks/post_app_removeaccess

@@ -9,12 +9,21 @@ permission=$3
 removed_groups=$4
 
 if [ "$app" == __APP__ ]; then
-    if [ "$permission" = "upload images" ]; then
-        if [ "$removed_groups" = "visitors" ]; then
+    if [ "$permission" = "upload images" ]; then # The fake permission "upload images" is modifed.
+        if [ "$removed_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
             domain=$(ynh_app_setting_get --app=$app --key=domain)
             path_url=$(ynh_app_setting_get --app=$app --key=path)
+
+            # If the app is private, viewing images stays publicly accessible.
+            if [ "$path_url" == "/" ]; then
+                # If the path is /, clear it to prevent any error with the regex.
+                path_url=""
+            fi
+            # Modify the domain to be used in a regex
             domain_regex=$(echo "$domain" | sed 's@-@.@g')
             ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+
+            # Sync the is_public variable according to the permission
             ynh_app_setting_set --app=$app --key=is_public --value=0
 
             yunohost app ssowatconf

scripts/install

@@ -201,6 +201,9 @@ ynh_script_progression --message="Configuring SSOwat..."
 
 ynh_permission_update --permission="main" --add="visitors"
 
+# This is a fake permission without any URL.
+# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
+# We can't use a real permission for now because the actual permision system doesn't support regex.
 ynh_permission_create --permission="upload images" --allowed="visitors"
 
 if [ $is_public -eq 0 ]
@@ -214,6 +217,7 @@ then
 	domain_regex=$(echo "$domain" | sed 's@-@.@g')
     ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
 
+	# If the app is not public, then the "visitors" group doesn't have this permission
 	ynh_permission_update --permission="upload images" --remove="visitors"
 fi
 

scripts/upgrade

@@ -35,8 +35,6 @@ admin_mail_html=$(ynh_app_setting_get --app=$app --key=admin_mail_html)
 antiflood=$(ynh_app_setting_get --app=$app --key=antiflood)
 delay=$(ynh_app_setting_get --app=$app --key=delay)
 
-skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
-
 #=================================================
 # CHECK VERSION
 #=================================================
@@ -57,10 +55,37 @@ elif [ "$is_public" = "No" ]; then
 	is_public=0
 fi
 
+skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
+
+# Unused with the permission system
 if [ ! -z "$skipped_uris" ]; then
 	ynh_app_setting_delete --app=$app --key=skipped_uris
 fi
 
+# Create the permission "upload images" only if it doesn't exist.
+if ! ynh_permission_exists --permission="upload images"
+then
+	# This is a fake permission without any URL.
+	# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
+	# We can't use a real permission for now because the actual permision system doesn't support regex.
+	ynh_permission_create --permission="upload images" --allowed="visitors"
+
+	if [ $is_public -eq 0 ]
+	then
+		# If the app is private, viewing images stays publicly accessible.
+		if [ "$path_url" == "/" ]; then
+			# If the path is /, clear it to prevent any error with the regex.
+			path_url=""
+		fi
+		# Modify the domain to be used in a regex
+		domain_regex=$(echo "$domain" | sed 's@-@.@g')
+		ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+
+		# If the app is not public, then the "visitors" group doesn't have this permission
+		ynh_permission_update --permission="upload images" --remove="visitors"
+	fi
+fi
+
 # if final_path isn't set, which can happens with old scripts, set final_path.
 if [ -z "$final_path" ]; then
 	final_path=/var/www/$app
@@ -266,21 +291,6 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
 ynh_use_logrotate --non-append
 chown $app -R /var/log/$app
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading permission..."
-
-if ! ynh_permission_exists --permission="upload images"
-then
-	if [ $is_public -eq 1 ] # Everyone can upload image
-	then
-		ynh_permission_create --permission="upload images" --allowed="visitors"
-	else # Only user with a yunohost account can upload an image
-		ynh_permission_create --permission="upload images" --allowed="all_users"
-	fi
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================