diff --git a/actions.toml b/actions.toml index fdbb619..9b10324 100644 --- a/actions.toml +++ b/actions.toml @@ -21,15 +21,3 @@ name = "Reset the config file and restore a default one." command = "/bin/bash scripts/actions/reset_default_config \"lutim.conf\"" accepted_return_codes = [0] description = "Reset the config file lutim.conf." - -[public_private] -name = "Move to public or private" -command = "/bin/bash scripts/actions/public_private" -accepted_return_codes = [0] -description = "Change the public access of the app." - - [public_private.arguments] - [public_private.arguments.is_public] - type = "boolean" - ask = "Is it a public app ?" - default = true diff --git a/config_panel.toml b/config_panel.toml index 34b1565..2dc90df 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -24,14 +24,6 @@ name = "Lutim configuration" default = "Year" help = "Users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds." - [main.is_public] - name = "Public access" - - [main.is_public.is_public] - ask = "Is it a public website?" - type = "boolean" - default = true - [main.overwrite_files] name = "Overwriting config files" diff --git a/hooks/post_app_addaccess b/hooks/post_app_addaccess new file mode 100644 index 0000000..2218b35 --- /dev/null +++ b/hooks/post_app_addaccess @@ -0,0 +1,26 @@ +#!/bin/bash + +# Source app helpers +source /usr/share/yunohost/helpers + +app=$1 +added_users=$2 +permission=$3 +added_groups=$4 + +if [ "$app" == __APP__ ]; then + if [ "$permission" = "upload images" ]; then # The fake permission "upload images" is modifed. + if [ "$added_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group. + + # We remove the regex, no more protection is needed. + ynh_app_setting_delete --app=$app --key=protected_regex + + # Sync the is_public variable according to the permission + ynh_app_setting_set --app=$app --key=is_public --value=1 + + yunohost app ssowatconf + else + ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group." + fi + fi +fi \ No newline at end of file diff --git a/hooks/post_app_removeaccess b/hooks/post_app_removeaccess new file mode 100644 index 0000000..d0ca2f7 --- /dev/null +++ b/hooks/post_app_removeaccess @@ -0,0 +1,34 @@ +#!/bin/bash + +# Source app helpers +source /usr/share/yunohost/helpers + +app=$1 +removed_users=$2 +permission=$3 +removed_groups=$4 + +if [ "$app" == __APP__ ]; then + if [ "$permission" = "upload images" ]; then # The fake permission "upload images" is modifed. + if [ "$removed_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group. + domain=$(ynh_app_setting_get --app=$app --key=domain) + path_url=$(ynh_app_setting_get --app=$app --key=path) + + # If the app is private, viewing images stays publicly accessible. + if [ "$path_url" == "/" ]; then + # If the path is /, clear it to prevent any error with the regex. + path_url="" + fi + # Modify the domain to be used in a regex + domain_regex=$(echo "$domain" | sed 's@-@.@g') + ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" + + # Sync the is_public variable according to the permission + ynh_app_setting_set --app=$app --key=is_public --value=0 + + yunohost app ssowatconf + else + ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group." + fi + fi +fi \ No newline at end of file diff --git a/manifest.json b/manifest.json index 9d761d2..9cf852d 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "maniackc_dev@crudelis.fr" }, "requirements": { - "yunohost": ">= 3.5" + "yunohost": ">= 3.7" }, "multi_instance": false, "services": [ diff --git a/scripts/actions/public_private b/scripts/actions/public_private deleted file mode 100755 index 1d166c3..0000000 --- a/scripts/actions/public_private +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source scripts/_common.sh -source /usr/share/yunohost/helpers - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -# Get is_public -is_public=${YNH_ACTION_IS_PUBLIC} - -app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) - -#================================================= -# CHECK IF ARGUMENTS ARE CORRECT -#================================================= - -#================================================= -# CHECK IF AN ACTION HAS TO BE DONE -#================================================= - -is_public_old=$(ynh_app_setting_get --app=$app --key=is_public) - -if [ $is_public -eq $is_public_old ] -then - ynh_die --message="is_public is already set as $is_public." --ret_code=0 -fi - -#================================================= -# SPECIFIC ACTION -#================================================= -# MOVE TO PUBLIC OR PRIVATE -#================================================= - -if [ $is_public -eq 0 ]; then - public_private="private" -else - public_private="public" -fi -ynh_script_progression --message="Moving the application to $public_private..." --weight=3 - -if [ $is_public -eq 0 ] -then - # If the app is private, viewing images stays publicly accessible. - if [ "$path_url" == "/" ]; then - # If the path is /, clear it to prevent any error with the regex. - path_url="" - fi - # Modify the domain to be used in a regex - domain_regex=$(echo "$domain" | sed 's@-@.@g') - ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" -else - ynh_app_setting_delete --app=$app --key=protected_regex -fi - -ynh_script_progression --message="Upgrading SSOwat configuration..." -# Regen ssowat configuration -yunohost app ssowatconf - -# Update the config of the app -ynh_app_setting_set --app=$app --key=is_public --value=$is_public - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading nginx web server..." - -ynh_systemd_action --service_name=nginx --action=reload - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Execution completed" --last diff --git a/scripts/change_url b/scripts/change_url index 701a082..9fdfded 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -122,7 +122,7 @@ fi #================================================= ynh_script_progression --message="Reconfiguring SSOwat..." -if [ $is_public -eq 0 ] +if [ $is_public -eq 0 ] # Only user with a yunohost account can upload an image then # If the app is private, viewing images stays publicly accessible. if [ "$new_path" == "/" ]; then diff --git a/scripts/config b/scripts/config index 20f6c6b..eef76b6 100644 --- a/scripts/config +++ b/scripts/config @@ -61,10 +61,6 @@ else fi delay="${YNH_CONFIG_MAIN_CONFIGURATION_DELAY:-$old_delay}" -# is_public -old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)" -is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}" - # Overwrite settings.json file old_overwrite_settings="$(ynh_app_setting_get --app=$app --key=overwrite_settings)" overwrite_settings="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_SETTINGS:-$old_overwrite_settings}" @@ -93,8 +89,6 @@ show_config() { ynh_return "YNH_CONFIG_MAIN_CONFIGURATION_ANTIFLOOD=$antiflood" ynh_return "YNH_CONFIG_MAIN_CONFIGURATION_DELAY=$delay" - ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public" - ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_SETTINGS=$overwrite_settings" ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx" ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_SYSTEMD=$overwrite_systemd" @@ -154,14 +148,6 @@ apply_config() { ynh_systemd_action --action=restart --line_match="Manager.*started" --log_path="/var/log/$app/production.log" --timeout="120" fi - # Change public accessibility - if [ "$is_public" = "1" ] - then - yunohost app action run $app public_private --args is_public=1 - else - yunohost app action run $app public_private --args is_public=0 - fi - # Set overwrite_settings ynh_app_setting_set --app=$app --key=overwrite_settings --value="$overwrite_settings" # Set overwrite_nginx diff --git a/scripts/install b/scripts/install index 67f3925..602a0a4 100644 --- a/scripts/install +++ b/scripts/install @@ -121,6 +121,13 @@ ynh_replace_string --match_string="__WORKERS__" --replace_string="$(( $(nproc) * # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/lutim.conf" +#================================================= +# SETUP HOOKS FILE +#================================================= + +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess" + #================================================= # SETUP SYSTEMD #================================================= @@ -192,7 +199,13 @@ yunohost service add $app --log $final_path/log/production.log #================================================= ynh_script_progression --message="Configuring SSOwat..." -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +ynh_permission_update --permission="main" --add="visitors" + +# This is a fake permission without any URL. +# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified. +# We can't use a real permission for now because the actual permision system doesn't support regex. +ynh_permission_create --permission="upload images" --allowed="visitors" + if [ $is_public -eq 0 ] then # If the app is private, viewing images stays publicly accessible. @@ -203,6 +216,9 @@ then # Modify the domain to be used in a regex domain_regex=$(echo "$domain" | sed 's@-@.@g') ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" + + # If the app is not public, then the "visitors" group doesn't have this permission + ynh_permission_update --permission="upload images" --remove="visitors" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 54cee0e..425d68e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -55,6 +55,37 @@ elif [ "$is_public" = "No" ]; then is_public=0 fi +skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris) + +# Unused with the permission system +if [ ! -z "$skipped_uris" ]; then + ynh_app_setting_delete --app=$app --key=skipped_uris +fi + +# Create the permission "upload images" only if it doesn't exist. +if ! ynh_permission_exists --permission="upload images" +then + # This is a fake permission without any URL. + # The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified. + # We can't use a real permission for now because the actual permision system doesn't support regex. + ynh_permission_create --permission="upload images" --allowed="visitors" + + if [ $is_public -eq 0 ] + then + # If the app is private, viewing images stays publicly accessible. + if [ "$path_url" == "/" ]; then + # If the path is /, clear it to prevent any error with the regex. + path_url="" + fi + # Modify the domain to be used in a regex + domain_regex=$(echo "$domain" | sed 's@-@.@g') + ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" + + # If the app is not public, then the "visitors" group doesn't have this permission + ynh_permission_update --permission="upload images" --remove="visitors" + fi +fi + # if final_path isn't set, which can happens with old scripts, set final_path. if [ -z "$final_path" ]; then final_path=/var/www/$app @@ -210,6 +241,13 @@ then fi fi +#================================================= +# SETUP HOOKS FILE +#================================================= + +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess" + #================================================= # SETUP SYSTEMD #================================================= @@ -257,20 +295,6 @@ ynh_script_progression --message="Upgrading logrotate configuration..." ynh_use_logrotate --non-append chown $app -R /var/log/$app -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -if [ $is_public -eq 0 ] -then - # If the app is private, viewing images stays publicly accessible. - # Modify the domain to be used in a regex - domain_regex=$(echo "$domain" | sed 's@-@.@g') - ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$" -fi - #================================================= # RELOAD NGINX #=================================================