Merge pull request #241 from YunoHost-Apps/new-permissions-system

New permissions system

conf/config.json

@@ -30,7 +30,7 @@
       "ldap_groupfilter_objectclass": "posixGroup",
       "ldap_group_member_assoc_attribute": "memberUid",
       "ldap_host": "localhost",
-      "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))",
+      "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))",
       "ldap_login_filter_mode": "0",
       "ldap_port": "389",
       "ldap_quota_attr": "userquota",

scripts/install

@@ -184,6 +184,7 @@ ynh_secure_remove --file="$nc_conf"
 nc_conf="$final_path/config.json"
 cp ../conf/config.json "$nc_conf"
 
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$nc_conf"
 exec_occ config:import "$nc_conf"
 
 # Then remove the config file
@@ -341,9 +342,7 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" -
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."
 
-ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-ynh_app_setting_set --app=$app --key=skipped_regex \
-    --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*"
+ynh_permission_create --permission="api" --label="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true"
 
 #=================================================
 # RELOAD NGINX

scripts/upgrade

@@ -102,6 +102,12 @@ fi
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
+if ynh_legacy_permissions_exists; then
+    ynh_legacy_permissions_delete_all
+
+    ynh_permission_create --permission="api" --label="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true"
+fi
+
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
@@ -328,8 +334,7 @@ then
     nc_conf="${final_path}/config.json"
     cp ../conf/config.json "$nc_conf"
 
-    ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$nc_conf"
-    ynh_replace_string --match_string="__DATADIR__" --replace_string="$datadir" --target_file="$nc_conf"
+    ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$nc_conf"
 
     # Reneable the mail app
     if [ $mail_app_must_be_reactived -eq 1 ]; then
@@ -458,15 +463,6 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" -
 
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2
-
-ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-ynh_app_setting_set --app=$app --key=skipped_regex \
-    --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*"
-
 #=================================================
 # RELOAD NGINX
 #=================================================