From e215d9c5c9889d8c69a056c67ad8997a5dd69646 Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Tue, 30 Jul 2024 16:52:31 +0200
Subject: [PATCH 01/13] find files before chown them

---
 scripts/install |  7 ++++---
 scripts/restore |  4 ++--
 scripts/upgrade | 10 ++++++----
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/scripts/install b/scripts/install
index 88c1c0d..0e30319 100755
--- a/scripts/install
+++ b/scripts/install
@@ -64,7 +64,8 @@ exec_occ() {
 }
 
 # Set write access for the following commands
-chown -R $app: "$install_dir" "$data_dir"
+find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
 
 # Define password in an intermediate var
 # The fact that it's called _password allows it to be
@@ -234,8 +235,8 @@ ynh_multimedia_addaccess $app
 #=================================================
 
 # Fix app ownerships & permissions
-chown -R $app:www-data "$install_dir"
-chown -R $app: "$data_dir"
+find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/restore b/scripts/restore
index 1b0f63c..da7848e 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -79,8 +79,8 @@ ynh_restore_file --origin_path="$data_dir" --not_mandatory
 #=================================================
 
 # Fix app ownerships & permissions
-chown -R $app:www-data "$install_dir"
-chown -R $app: "$data_dir"
+find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/upgrade b/scripts/upgrade
index e36d62e..5d70446 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -138,7 +138,8 @@ then
     ynh_script_progression --message="Upgrading $app..." --weight=3
 
     # Set write access for the following commands
-    chown -R $app: "$install_dir" "$data_dir"
+    find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+    find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
 
     # Print the current version number of Nextcloud
     exec_occ -V
@@ -207,7 +208,8 @@ then
         mv "$tmpdir" "$install_dir"
 
         # Set write access for the following commands
-        chown -R $app: "$install_dir" "$data_dir"
+        find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+        find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
 
         # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
         exec_occ maintenance:mode --off
@@ -324,8 +326,8 @@ fi
 ynh_script_progression --message="Reapplying file permissions..." --weight=2
 
 # Fix app ownerships & permissions
-chown -R $app:www-data "$install_dir"
-chown -R $app: "$data_dir"
+find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640

From 5dc5e8ba10f5eab37f8ae085ae4a56f3b9a44d2d Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Tue, 30 Jul 2024 18:30:19 +0200
Subject: [PATCH 02/13] chown the root folder too

---
 scripts/install | 4 ++++
 scripts/restore | 2 ++
 scripts/upgrade | 6 ++++++
 3 files changed, 12 insertions(+)

diff --git a/scripts/install b/scripts/install
index 0e30319..9b705b5 100755
--- a/scripts/install
+++ b/scripts/install
@@ -65,7 +65,9 @@ exec_occ() {
 
 # Set write access for the following commands
 find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+chown $app:www-data "$install_dir"
 find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
+chown $app: "$data_dir"
 
 # Define password in an intermediate var
 # The fact that it's called _password allows it to be
@@ -236,7 +238,9 @@ ynh_multimedia_addaccess $app
 
 # Fix app ownerships & permissions
 find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+chown $app:www-data "$install_dir"
 find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
+chown $app: "$data_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/restore b/scripts/restore
index da7848e..5ef4f91 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -80,7 +80,9 @@ ynh_restore_file --origin_path="$data_dir" --not_mandatory
 
 # Fix app ownerships & permissions
 find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+chown $app:www-data "$install_dir"
 find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
+chown $app: "$data_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/upgrade b/scripts/upgrade
index 5d70446..76d424b 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -139,7 +139,9 @@ then
 
     # Set write access for the following commands
     find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+    chown $app:www-data "$install_dir"
     find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
+    chown $app: "$data_dir"
 
     # Print the current version number of Nextcloud
     exec_occ -V
@@ -209,7 +211,9 @@ then
 
         # Set write access for the following commands
         find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+        chown $app:www-data "$install_dir"
         find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
+        chown $app: "$data_dir"
 
         # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
         exec_occ maintenance:mode --off
@@ -327,7 +331,9 @@ ynh_script_progression --message="Reapplying file permissions..." --weight=2
 
 # Fix app ownerships & permissions
 find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
+chown $app:www-data "$install_dir"
 find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
+chown $app: "$data_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640

From 8d682cbdbcbd1579a9c901f71429dd7354449ae8 Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Wed, 31 Jul 2024 11:56:49 +0200
Subject: [PATCH 03/13] fix find condition

---
 scripts/install | 12 ++++--------
 scripts/restore |  6 ++----
 scripts/upgrade | 18 ++++++------------
 3 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/scripts/install b/scripts/install
index 9b705b5..d8ef9c0 100755
--- a/scripts/install
+++ b/scripts/install
@@ -64,10 +64,8 @@ exec_occ() {
 }
 
 # Set write access for the following commands
-find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
-chown $app:www-data "$install_dir"
-find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
-chown $app: "$data_dir"
+find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
 
 # Define password in an intermediate var
 # The fact that it's called _password allows it to be
@@ -237,10 +235,8 @@ ynh_multimedia_addaccess $app
 #=================================================
 
 # Fix app ownerships & permissions
-find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
-chown $app:www-data "$install_dir"
-find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
-chown $app: "$data_dir"
+find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/restore b/scripts/restore
index 5ef4f91..6ef7833 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -79,10 +79,8 @@ ynh_restore_file --origin_path="$data_dir" --not_mandatory
 #=================================================
 
 # Fix app ownerships & permissions
-find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
-chown $app:www-data "$install_dir"
-find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
-chown $app: "$data_dir"
+find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/upgrade b/scripts/upgrade
index 76d424b..48a8889 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -138,10 +138,8 @@ then
     ynh_script_progression --message="Upgrading $app..." --weight=3
 
     # Set write access for the following commands
-    find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
-    chown $app:www-data "$install_dir"
-    find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
-    chown $app: "$data_dir"
+    find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
+    find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
 
     # Print the current version number of Nextcloud
     exec_occ -V
@@ -210,10 +208,8 @@ then
         mv "$tmpdir" "$install_dir"
 
         # Set write access for the following commands
-        find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
-        chown $app:www-data "$install_dir"
-        find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
-        chown $app: "$data_dir"
+        find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
+        find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
 
         # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
         exec_occ maintenance:mode --off
@@ -330,10 +326,8 @@ fi
 ynh_script_progression --message="Reapplying file permissions..." --weight=2
 
 # Fix app ownerships & permissions
-find "$install_dir" -not \( -user $app -or -group www-data \) -exec chown $app:www-data {} \+
-chown $app:www-data "$install_dir"
-find "$data_dir" -not \( -user $app -or -group $app \) -exec chown $app: {} \+
-chown $app: "$data_dir"
+find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
+find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640

From 706d5071c6f4e04af2050546b563400a4e2649f4 Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Wed, 31 Jul 2024 14:59:55 +0200
Subject: [PATCH 04/13] find ... chmod is not faster, at least avoid to chown
 -R the data_dir in the upgrade script

---
 scripts/install | 8 ++++----
 scripts/restore | 4 ++--
 scripts/upgrade | 9 +++------
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/scripts/install b/scripts/install
index d8ef9c0..2f7b40a 100755
--- a/scripts/install
+++ b/scripts/install
@@ -64,8 +64,8 @@ exec_occ() {
 }
 
 # Set write access for the following commands
-find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
-find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
+chown -R $app:www-data "$install_dir"
+chown -R $app: "$data_dir"
 
 # Define password in an intermediate var
 # The fact that it's called _password allows it to be
@@ -235,8 +235,8 @@ ynh_multimedia_addaccess $app
 #=================================================
 
 # Fix app ownerships & permissions
-find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
-find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
+chown -R $app:www-data "$install_dir"
+chown -R $app: "$data_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/restore b/scripts/restore
index 6ef7833..1b0f63c 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -79,8 +79,8 @@ ynh_restore_file --origin_path="$data_dir" --not_mandatory
 #=================================================
 
 # Fix app ownerships & permissions
-find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
-find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
+chown -R $app:www-data "$install_dir"
+chown -R $app: "$data_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
diff --git a/scripts/upgrade b/scripts/upgrade
index 48a8889..9fb3157 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -138,8 +138,7 @@ then
     ynh_script_progression --message="Upgrading $app..." --weight=3
 
     # Set write access for the following commands
-    find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
-    find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
+    chown -R $app:www-data "$install_dir"
 
     # Print the current version number of Nextcloud
     exec_occ -V
@@ -208,8 +207,7 @@ then
         mv "$tmpdir" "$install_dir"
 
         # Set write access for the following commands
-        find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
-        find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
+        chown -R $app:www-data "$install_dir"
 
         # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
         exec_occ maintenance:mode --off
@@ -326,8 +324,7 @@ fi
 ynh_script_progression --message="Reapplying file permissions..." --weight=2
 
 # Fix app ownerships & permissions
-find "$install_dir" -not \( -user $app -and -group www-data \) -exec chown $app:www-data {} \+
-find "$data_dir" -not \( -user $app -and -group $app \) -exec chown $app: {} \+
+chown -R $app:www-data "$install_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640

From d240d552b47d717fd23154e5cd1eb236b5c29126 Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Wed, 31 Jul 2024 15:11:08 +0200
Subject: [PATCH 05/13] add a button in the config panel to run chown/chmod on
 data_dir

---
 config_panel.toml | 11 ++++++++---
 scripts/config    | 18 ++++++++++++++++++
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index 4e458b6..e5e88ae 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -3,14 +3,19 @@ version = "1.0"
 [main]
 name = "Nextcloud configuration"
 
-    [main.maintenance_mode]
-    name = "Maintenance mode"
+    [main.maintenance]
+    name = "Maintenance"
 
-        [main.maintenance_mode.maintenance_mode]
+        [main.maintenance.maintenance_mode]
         ask = "Enable maintenance mode"
         type = "boolean"
         default = "0"
 
+        [main.maintenance.set_permissions_button]
+        ask.en = "Set permissions for all data (Can take up to several hours if users have a lot of data)"
+        type = "button"
+        style = "success"
+
     [main.addressbook]
     name = "Address book configuration"
 
diff --git a/scripts/config b/scripts/config
index 93ced20..e231009 100644
--- a/scripts/config
+++ b/scripts/config
@@ -105,6 +105,24 @@ set__fpm_free_footprint() {
     fi
 }
 
+#=================================================
+# SPECIFIC RUNNERS FOR TOML SHORT KEYS
+#=================================================
+
+function run__set_permissions_button() {
+    local data_dir=$(ynh_app_setting_get --app=$app --key=data_dir)
+    ynh_print_info "Set permissions, it may take some time..."
+    chown -R $app:www-data "$install_dir"
+    chown -R $app: "$data_dir"
+    find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
+    find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
+    find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
+    find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
+    chmod 640 "$install_dir/config/config.php"
+    chmod 755 /home/yunohost.app
+    chmod 750 $install_dir
+}
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

From 30b2d8123a13d315c803486d9abee3607cc2162f Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Wed, 31 Jul 2024 15:13:04 +0200
Subject: [PATCH 06/13] we can avoid this chmod too i guess?

---
 scripts/upgrade | 2 --
 1 file changed, 2 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 9fb3157..2a02150 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -327,8 +327,6 @@ ynh_script_progression --message="Reapplying file permissions..." --weight=2
 chown -R $app:www-data "$install_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
-find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
-find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
 chmod 640 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir

From 55b5c7900fc0330c0a75252f464c1eade24f7ef2 Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Thu, 1 Aug 2024 00:16:45 +0200
Subject: [PATCH 07/13] only nextcloud is allowed to read the config file

---
 scripts/install | 3 ++-
 scripts/restore | 2 +-
 scripts/upgrade | 4 +++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/install b/scripts/install
index 2f7b40a..f2635e7 100755
--- a/scripts/install
+++ b/scripts/install
@@ -65,6 +65,7 @@ exec_occ() {
 
 # Set write access for the following commands
 chown -R $app:www-data "$install_dir"
+chmod 600 "$install_dir/config/config.php"
 chown -R $app: "$data_dir"
 
 # Define password in an intermediate var
@@ -241,7 +242,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir
 
diff --git a/scripts/restore b/scripts/restore
index 1b0f63c..9ae3611 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -85,7 +85,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 2a02150..846c1d9 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -139,6 +139,7 @@ then
 
     # Set write access for the following commands
     chown -R $app:www-data "$install_dir"
+    chmod 600 "$install_dir/config/config.php"
 
     # Print the current version number of Nextcloud
     exec_occ -V
@@ -208,6 +209,7 @@ then
 
         # Set write access for the following commands
         chown -R $app:www-data "$install_dir"
+        chmod 600 "$install_dir/config/config.php"
 
         # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
         exec_occ maintenance:mode --off
@@ -327,7 +329,7 @@ ynh_script_progression --message="Reapplying file permissions..." --weight=2
 chown -R $app:www-data "$install_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir
 

From 07f90a85f6e24d66dc4b863011b71484ab11ce2f Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Thu, 1 Aug 2024 09:30:49 +0200
Subject: [PATCH 08/13] zblerg, the config file doesn't exist before install

---
 scripts/install | 1 -
 scripts/upgrade | 2 --
 2 files changed, 3 deletions(-)

diff --git a/scripts/install b/scripts/install
index f2635e7..0987b84 100755
--- a/scripts/install
+++ b/scripts/install
@@ -65,7 +65,6 @@ exec_occ() {
 
 # Set write access for the following commands
 chown -R $app:www-data "$install_dir"
-chmod 600 "$install_dir/config/config.php"
 chown -R $app: "$data_dir"
 
 # Define password in an intermediate var
diff --git a/scripts/upgrade b/scripts/upgrade
index 846c1d9..074385b 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -139,7 +139,6 @@ then
 
     # Set write access for the following commands
     chown -R $app:www-data "$install_dir"
-    chmod 600 "$install_dir/config/config.php"
 
     # Print the current version number of Nextcloud
     exec_occ -V
@@ -209,7 +208,6 @@ then
 
         # Set write access for the following commands
         chown -R $app:www-data "$install_dir"
-        chmod 600 "$install_dir/config/config.php"
 
         # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
         exec_occ maintenance:mode --off

From 5556fb6549d8602ba0ccd8455f2c081065f6692d Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Thu, 1 Aug 2024 11:44:40 +0200
Subject: [PATCH 09/13] wait until nginx has actually remove the nextcloud conf
 during upgrade before checking the url_handled

---
 scripts/upgrade | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/upgrade b/scripts/upgrade
index e36d62e..aa391c0 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -357,6 +357,15 @@ ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$a
 # Wait untils NGINX has fully reloaded
 ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"
 
+# Nginx may take some time to support the new configuration, wait for the nextcloud configuration file to disappear from nginx before checking the CalDAV/CardDAV URL.
+timeout=30
+for i in $(seq 1 $timeout); do
+    if ! ynh_exec_warn_less nginx -T | grep --quiet "# configuration file /etc/nginx/conf.d/$domain.d/$app.conf:"; then
+        break
+    fi
+    sleep 1
+done
+
 # Check if .well-known is available for this domain
 if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
 then

From d7f9b2c9fd77fac51d1d7dad0f6d0ff6572d2e71 Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Thu, 1 Aug 2024 11:53:16 +0200
Subject: [PATCH 10/13] create a function for that

---
 scripts/_common.sh | 13 +++++++++++++
 scripts/upgrade    |  9 +--------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 65cce78..f060a27 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -8,6 +8,19 @@
 # EXPERIMENTAL HELPERS
 #=================================================
 
+wait_nginx_reload() {
+    # Nginx may take some time to support the new configuration,
+    # wait for the nextcloud configuration file to disappear from nginx before checking the CalDAV/CardDAV URL.
+    timeout=30
+    for i in $(seq 1 $timeout); do
+        if ! ynh_exec_warn_less nginx -T | grep --quiet "# configuration file /etc/nginx/conf.d/$domain.d/$app.conf:"; then
+            break
+        fi
+        sleep 1
+done
+}
+
+
 # Check if an URL is already handled
 # usage: is_url_handled --domain=DOMAIN --path=PATH_URI
 is_url_handled() {
diff --git a/scripts/upgrade b/scripts/upgrade
index aa391c0..ad0e4c6 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -357,14 +357,7 @@ ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$a
 # Wait untils NGINX has fully reloaded
 ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"
 
-# Nginx may take some time to support the new configuration, wait for the nextcloud configuration file to disappear from nginx before checking the CalDAV/CardDAV URL.
-timeout=30
-for i in $(seq 1 $timeout); do
-    if ! ynh_exec_warn_less nginx -T | grep --quiet "# configuration file /etc/nginx/conf.d/$domain.d/$app.conf:"; then
-        break
-    fi
-    sleep 1
-done
+wait_nginx_reload
 
 # Check if .well-known is available for this domain
 if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"

From 49ec72b6ef87e7a803ecf21793b275249ccd77e5 Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Thu, 1 Aug 2024 11:53:29 +0200
Subject: [PATCH 11/13] fix change-url dav detection

---
 scripts/change_url | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/scripts/change_url b/scripts/change_url
index aac12f0..f43ed11 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -14,6 +14,16 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
 
+# Check if .well-known is available for this domain
+if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
+then
+    ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
+
+    # Remove lines about .well-known/carddav and caldav with sed.
+    sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf"
+    ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
+fi
+
 ynh_change_url_nginx_config
 
 #=================================================
@@ -37,16 +47,6 @@ then
 
     # Reload php fpm, necessary for force nextcloud to re-read config.php, cf opcache.revalidate_freq
     ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload
-
-    # Check if .well-known is available for this domain
-    if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
-    then
-        ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
-
-        # Remove lines about .well-known/carddav and caldav with sed.
-        sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf"
-        ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
-    fi
 fi
 
 #=================================================

From 73a3498b93011ea6dd897fa409944740a8f466fa Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Thu, 1 Aug 2024 11:54:17 +0200
Subject: [PATCH 12/13] only if domain has changed...

---
 scripts/change_url | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/scripts/change_url b/scripts/change_url
index f43ed11..8cadcea 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -14,14 +14,17 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
 
-# Check if .well-known is available for this domain
-if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
+if [ $change_domain -eq 1 ]
 then
-    ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
+    # Check if .well-known is available for this domain
+    if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
+    then
+        ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
 
-    # Remove lines about .well-known/carddav and caldav with sed.
-    sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf"
-    ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
+        # Remove lines about .well-known/carddav and caldav with sed.
+        sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf"
+        ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
+    fi
 fi
 
 ynh_change_url_nginx_config

From fa5da4fe666feee04e0988590e98a2944dc0188d Mon Sep 17 00:00:00 2001
From: Kayou <pierre@kayou.io>
Date: Thu, 1 Aug 2024 14:07:39 +0200
Subject: [PATCH 13/13] Update scripts/_common.sh

---
 scripts/_common.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index f060a27..653a0b0 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -17,7 +17,7 @@ wait_nginx_reload() {
             break
         fi
         sleep 1
-done
+    done
 }