Use a new permission to allow visitors

2024-09-03 19:36:24 +02:00 · 2020-02-11 15:59:59 +07:00 · 2020-02-11 15:59:59 +07:00 · d3b4829d7c
commit d3b4829d7c
parent 512d8ef915
5 changed files with 34 additions and 14 deletions
--- a/hooks/post_app_addaccess
+++ b/hooks/post_app_addaccess
@ -9,7 +9,13 @@ permission=$3
 added_groups=$4

 if [ "$app" == __APP__ ]; then
-    if [ "$added_groups" = "visitors" ]; then
-        ynh_app_setting_delete --app=$app --key=protected_regex
+    if [ "$permission" = "upload images" ]; then
+        if [ "$added_groups" = "visitors" ]; then
+            ynh_app_setting_delete --app=$app --key=protected_regex
+
+            yunohost app ssowatconf
+        else
+            ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
+        fi
    fi
 fi
--- a/hooks/post_app_removeaccess
+++ b/hooks/post_app_removeaccess
@ -9,10 +9,16 @@ permission=$3
 removed_groups=$4

 if [ "$app" == __APP__ ]; then
-    if [ "$removed_groups" = "visitors" ]; then
-        domain=$(ynh_app_setting_get --app=$app --key=domain)
-        path_url=$(ynh_app_setting_get --app=$app --key=path)
-        domain_regex=$(echo "$domain" | sed 's@-@.@g')
-        ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+    if [ "$permission" = "upload images" ]; then
+        if [ "$removed_groups" = "visitors" ]; then
+            domain=$(ynh_app_setting_get --app=$app --key=domain)
+            path_url=$(ynh_app_setting_get --app=$app --key=path)
+            domain_regex=$(echo "$domain" | sed 's@-@.@g')
+            ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+
+            yunohost app ssowatconf
+        else
+            ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
+        fi
    fi
 fi
--- a/scripts/change_url
+++ b/scripts/change_url
@ -27,7 +27,6 @@ app=$YNH_APP_INSTANCE_NAME
 ynh_script_progression --message="Loading installation settings..." --weight=2

 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 port=$(ynh_app_setting_get --app=$app --key=port)

 #=================================================
@ -122,7 +121,7 @@ fi
 #=================================================
 ynh_script_progression --message="Reconfiguring SSOwat..."

-if [ $is_public -eq 0 ]
+if [ ! -z $(ynh_app_setting_get --app=$app --key=protected_regex) ] # Only user with a yunohost account can upload an image
 then
 	# If the app is private, viewing images stays publicly accessible.
 	if [ "$new_path" == "/" ]; then
--- a/scripts/install
+++ b/scripts/install
@ -198,11 +198,11 @@ yunohost service add $app --log $final_path/log/production.log
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."

-ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+ynh_permission_update --permission="main" --add="visitors"

-ynh_permission_url --permission="main"
+ynh_permission_create --permission="upload images" --allowed="visitors"

-if [ $fis_public -eq 0 ]
+if [ $is_public -eq 0 ]
 then
 	# If the app is private, viewing images stays publicly accessible.
 	if [ "$path_url" == "/" ]; then
@ -212,6 +212,8 @@ then
 	# Modify the domain to be used in a regex
 	domain_regex=$(echo "$domain" | sed 's@-@.@g')
    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+
+	ynh_permission_update --permission="upload images" --remove="visitors"
 fi

 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -49,7 +49,6 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=2

 if [ ! -z "$skipped_uris" ]; then
 	ynh_app_setting_delete --app=$app --key=skipped_uris
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
 fi

 # if final_path isn't set, which can happens with old scripts, set final_path.
@ -262,7 +261,15 @@ chown $app -R /var/log/$app
 #=================================================
 ynh_script_progression --message="Upgrading permission..."

-ynh_permission_url --permission="main"
+if ! ynh_permission_exists --permission="upload images"
+then
+	if [ -z $(ynh_app_setting_get --app=$app --key=protected_regex) ] # Everyone can upload image
+	then
+		ynh_permission_create --permission="upload images" --allowed="visitors"
+	else # Only user with a yunohost account can upload an image
+		ynh_permission_create --permission="upload images" --allowed="all_users"
+	fi
+fi

 #=================================================
 # RELOAD NGINX