diff --git a/manifest.json b/manifest.json index f0e4581..7654f56 100644 --- a/manifest.json +++ b/manifest.json @@ -15,51 +15,35 @@ "url": "https://github.com/Yunohost-Apps/OpenNote_ynh" }, "requirements": { - "yunohost": ">> 3.8.1" + "yunohost": ">> 4.2.4" }, "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql" ], "arguments": { "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain name for OpenNote", - "fr": "Choisissez un nom de domaine pour OpenNote" - }, + "type": "domain", "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for OpenNote", - "fr": "Choisissez un chemin pour OpenNote" - }, "example": "/opennote", "default": "/opennote" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose an admin user", - "fr": "Choisissez l’administrateur" - }, "example": "johndoe" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": true } ] diff --git a/scripts/install b/scripts/install index 5fc21ca..2585782 100644 --- a/scripts/install +++ b/scripts/install @@ -52,50 +52,51 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --time --weight=1 +ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." --time --weight=1 - -### `ynh_add_nginx_config` will use the file conf/nginx.conf +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $src_path - #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --weight=1 +ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission="main" --add="visitors" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/restore b/scripts/restore index 4731e85..4d54792 100644 --- a/scripts/restore +++ b/scripts/restore @@ -53,19 +53,16 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R root: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index ceca251..12c8451 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,9 +19,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -language=$(ynh_app_setting_get --app=$app --key=language) db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= @@ -35,21 +33,19 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=2 -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -65,30 +61,33 @@ ynh_clean_setup () { ynh_abort_if_errors #================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES +# CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 -# Set permissions on app files -chown -R root: $final_path +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= -# SETUP SSOWAT +# DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2 -# Make app public if necessary -if [ $is_public -eq 1 ] +if [ "$upgrade_type" == "UPGRADE_APP" ] then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_script_progression --message="Upgrading source files..." --weight=1 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload