diff --git a/hooks/post_app_addaccess b/hooks/post_app_addaccess index a9ca384..2218b35 100644 --- a/hooks/post_app_addaccess +++ b/hooks/post_app_addaccess @@ -9,9 +9,13 @@ permission=$3 added_groups=$4 if [ "$app" == __APP__ ]; then - if [ "$permission" = "upload images" ]; then - if [ "$added_groups" = "visitors" ]; then + if [ "$permission" = "upload images" ]; then # The fake permission "upload images" is modifed. + if [ "$added_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group. + + # We remove the regex, no more protection is needed. ynh_app_setting_delete --app=$app --key=protected_regex + + # Sync the is_public variable according to the permission ynh_app_setting_set --app=$app --key=is_public --value=1 yunohost app ssowatconf diff --git a/hooks/post_app_removeaccess b/hooks/post_app_removeaccess index 8c4a928..d0ca2f7 100644 --- a/hooks/post_app_removeaccess +++ b/hooks/post_app_removeaccess @@ -9,12 +9,21 @@ permission=$3 removed_groups=$4 if [ "$app" == __APP__ ]; then - if [ "$permission" = "upload images" ]; then - if [ "$removed_groups" = "visitors" ]; then + if [ "$permission" = "upload images" ]; then # The fake permission "upload images" is modifed. + if [ "$removed_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group. domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) + + # If the app is private, viewing images stays publicly accessible. + if [ "$path_url" == "/" ]; then + # If the path is /, clear it to prevent any error with the regex. + path_url="" + fi + # Modify the domain to be used in a regex domain_regex=$(echo "$domain" | sed 's@-@.@g') ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" + + # Sync the is_public variable according to the permission ynh_app_setting_set --app=$app --key=is_public --value=0 yunohost app ssowatconf diff --git a/scripts/install b/scripts/install index 15d8a39..602a0a4 100644 --- a/scripts/install +++ b/scripts/install @@ -201,6 +201,9 @@ ynh_script_progression --message="Configuring SSOwat..." ynh_permission_update --permission="main" --add="visitors" +# This is a fake permission without any URL. +# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified. +# We can't use a real permission for now because the actual permision system doesn't support regex. ynh_permission_create --permission="upload images" --allowed="visitors" if [ $is_public -eq 0 ] @@ -214,6 +217,7 @@ then domain_regex=$(echo "$domain" | sed 's@-@.@g') ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" + # If the app is not public, then the "visitors" group doesn't have this permission ynh_permission_update --permission="upload images" --remove="visitors" fi diff --git a/scripts/upgrade b/scripts/upgrade index 33835d8..f0526a4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -35,8 +35,6 @@ admin_mail_html=$(ynh_app_setting_get --app=$app --key=admin_mail_html) antiflood=$(ynh_app_setting_get --app=$app --key=antiflood) delay=$(ynh_app_setting_get --app=$app --key=delay) -skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris) - #================================================= # CHECK VERSION #================================================= @@ -57,10 +55,37 @@ elif [ "$is_public" = "No" ]; then is_public=0 fi +skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris) + +# Unused with the permission system if [ ! -z "$skipped_uris" ]; then ynh_app_setting_delete --app=$app --key=skipped_uris fi +# Create the permission "upload images" only if it doesn't exist. +if ! ynh_permission_exists --permission="upload images" +then + # This is a fake permission without any URL. + # The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified. + # We can't use a real permission for now because the actual permision system doesn't support regex. + ynh_permission_create --permission="upload images" --allowed="visitors" + + if [ $is_public -eq 0 ] + then + # If the app is private, viewing images stays publicly accessible. + if [ "$path_url" == "/" ]; then + # If the path is /, clear it to prevent any error with the regex. + path_url="" + fi + # Modify the domain to be used in a regex + domain_regex=$(echo "$domain" | sed 's@-@.@g') + ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" + + # If the app is not public, then the "visitors" group doesn't have this permission + ynh_permission_update --permission="upload images" --remove="visitors" + fi +fi + # if final_path isn't set, which can happens with old scripts, set final_path. if [ -z "$final_path" ]; then final_path=/var/www/$app @@ -266,21 +291,6 @@ ynh_script_progression --message="Upgrading logrotate configuration..." ynh_use_logrotate --non-append chown $app -R /var/log/$app -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading permission..." - -if ! ynh_permission_exists --permission="upload images" -then - if [ $is_public -eq 1 ] # Everyone can upload image - then - ynh_permission_create --permission="upload images" --allowed="visitors" - else # Only user with a yunohost account can upload an image - ynh_permission_create --permission="upload images" --allowed="all_users" - fi -fi - #================================================= # RELOAD NGINX #=================================================