From 9d28b75fb96220e41e377986529b5992e5ec53f7 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 7 Nov 2019 22:10:31 +0900 Subject: [PATCH 1/6] New permissions system --- conf/config.json | 2 +- manifest.json | 2 +- scripts/install | 1 - scripts/upgrade | 1 - 4 files changed, 2 insertions(+), 4 deletions(-) diff --git a/conf/config.json b/conf/config.json index 2e7aca8..5554238 100644 --- a/conf/config.json +++ b/conf/config.json @@ -27,7 +27,7 @@ "ldap_group_filter_mode": "0", "ldap_groupfilter_objectclass": "posixGroup", "ldap_host": "localhost", - "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))", + "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=nextcloud.main,ou=permission,dc=yunohost,dc=org))", "ldap_login_filter_mode": "0", "ldap_port": "389", "ldap_quota_attr": "userquota", diff --git a/manifest.json b/manifest.json index fc300a4..563693c 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "apps@yunohost.org" }, "requirements": { - "yunohost": ">= 3.5.0" + "yunohost": ">= 3.7.0" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index a9152cd..7758382 100755 --- a/scripts/install +++ b/scripts/install @@ -331,7 +331,6 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= ynh_script_progression --message="Configuring SSOwat..." -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" ynh_app_setting_set --app=$app --key=skipped_regex \ --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" diff --git a/scripts/upgrade b/scripts/upgrade index 2e3f7ec..54f4258 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -438,7 +438,6 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2 -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" ynh_app_setting_set --app=$app --key=skipped_regex \ --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" From fc110058a97ba1bc189ece96bc0242db4b397d36 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 20 Nov 2019 13:30:15 +0900 Subject: [PATCH 2/6] fix multi_instance --- conf/config.json | 2 +- scripts/install | 1 + scripts/upgrade | 3 +-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/config.json b/conf/config.json index 5554238..2d4daca 100644 --- a/conf/config.json +++ b/conf/config.json @@ -27,7 +27,7 @@ "ldap_group_filter_mode": "0", "ldap_groupfilter_objectclass": "posixGroup", "ldap_host": "localhost", - "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=nextcloud.main,ou=permission,dc=yunohost,dc=org))", + "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))", "ldap_login_filter_mode": "0", "ldap_port": "389", "ldap_quota_attr": "userquota", diff --git a/scripts/install b/scripts/install index 7758382..47fe8e7 100755 --- a/scripts/install +++ b/scripts/install @@ -177,6 +177,7 @@ ynh_secure_remove --file="$nc_conf" nc_conf="$final_path/config.json" cp ../conf/config.json "$nc_conf" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$nc_conf" exec_occ config:import "$nc_conf" # Then remove the config file diff --git a/scripts/upgrade b/scripts/upgrade index 54f4258..8a63ab3 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -295,8 +295,7 @@ then nc_conf="${final_path}/config.json" cp ../conf/config.json "$nc_conf" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$nc_conf" - ynh_replace_string --match_string="__DATADIR__" --replace_string="$datadir" --target_file="$nc_conf" + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$nc_conf" # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification From 7badbb544a5083b6ca652d146ec6b94e73dd6e30 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 27 Mar 2020 15:36:03 +0100 Subject: [PATCH 3/6] Clean legacy permission --- scripts/upgrade | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index c7de781..33321de 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,6 +27,8 @@ user_home=$(ynh_app_setting_get --app=$app --key=user_home) fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) +unprotected_uris=$(ynh_app_setting_get $app unprotected_uris) + #================================================= # CHECK VERSION #================================================= @@ -65,6 +67,13 @@ if [ -z "$fpm_usage" ]; then ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi +# Delete unprotected_uris if it exists +if [ ! -z $unprotected_uris ]; then + ynh_app_setting_delete $app unprotected_uris + # Delete unprotected_uris implicitly remove visitors, add it again. + ynh_permission_update --permission "main" --add "visitors" +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= From 63b0a9541917ede6c8a32487abb81237055a1d6d Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 31 Dec 2020 17:59:51 +0100 Subject: [PATCH 4/6] Migrate legacy permissions --- manifest.json | 2 +- scripts/_common.sh | 19 +++++++++++++++++++ scripts/install | 3 +-- scripts/upgrade | 14 ++++++-------- 4 files changed, 27 insertions(+), 11 deletions(-) diff --git a/manifest.json b/manifest.json index 5e3ec17..113cc2e 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "apps@yunohost.org" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.1.0" }, "multi_instance": true, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index ebffb0e..915612d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -386,3 +386,22 @@ ynh_multimedia_addaccess () { groupadd -f multimedia usermod -a -G multimedia $user_name } + +ynh_legacy_permissions_exists () { + for permission in "skipped" "unprotected" "protected" + do + if ynh_permission_exists --permission="legacy_${permission}_uris"; then + return 0 + fi + done + return 1 +} + +ynh_legacy_permissions_delete_all () { + for permission in "skipped" "unprotected" "protected" + do + if ynh_permission_exists --permission="legacy_${permission}_uris"; then + ynh_permission_delete --permission="legacy_${permission}_uris" + fi + done +} diff --git a/scripts/install b/scripts/install index cd9e1c7..f031147 100755 --- a/scripts/install +++ b/scripts/install @@ -340,8 +340,7 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= ynh_script_progression --message="Configuring SSOwat..." -ynh_app_setting_set --app=$app --key=skipped_regex \ - --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" +ynh_permission_create --permission="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" #================================================= # RELOAD NGINX diff --git a/scripts/upgrade b/scripts/upgrade index 0c17cd3..f35d8c7 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -134,6 +134,12 @@ then ynh_replace_string "\('datadirectory' =>.*\)$old_app" "\1$app" "$final_path/config/config.php" fi +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_permission_create --permission="api" --label="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" +fi + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -476,14 +482,6 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= # GENERIC FINALIZATION -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2 - -ynh_app_setting_set --app=$app --key=skipped_regex \ - --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" - #================================================= # RELOAD NGINX #================================================= From 712b84067bf590b775054f28238a65aaef9ccb77 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 31 Dec 2020 18:02:40 +0100 Subject: [PATCH 5/6] create the api permission in install script --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index f031147..0eba7ce 100755 --- a/scripts/install +++ b/scripts/install @@ -340,7 +340,7 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= ynh_script_progression --message="Configuring SSOwat..." -ynh_permission_create --permission="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" +ynh_permission_create --permission="api" --label="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX From 71c9cbf6072da2e0c8a8e75fab08afe0fa054fdb Mon Sep 17 00:00:00 2001 From: Kay0u Date: Mon, 1 Mar 2021 13:09:38 +0100 Subject: [PATCH 6/6] unprotected_uris is deleted by the core --- scripts/upgrade | 9 --------- 1 file changed, 9 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 109c7e9..6ba6a84 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,8 +27,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) -unprotected_uris=$(ynh_app_setting_get $app unprotected_uris) - #================================================= # CHECK VERSION #================================================= @@ -67,13 +65,6 @@ if [ -z "$fpm_usage" ]; then ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi -# Delete unprotected_uris if it exists -if [ -n "$unprotected_uris" ]; then - ynh_app_setting_delete $app unprotected_uris - # Delete unprotected_uris implicitly remove visitors, add it again. - ynh_permission_update --permission "main" --add "visitors" -fi - # If phpversion doesn't exist, create it if [ -z "$phpversion" ]; then phpversion="$YNH_PHP_VERSION"