YunoHost-Apps/opensondage_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/opensondage_ynh.git synced 2024-09-03 19:46:28 +02:00
Code Issues Activity Actions

New Permission System

Browse source
This commit is contained in:
Kay0u 2020-02-22 13:53:34 +01:00
parent bc738b27e4
commit 6c43591079
No known key found for this signature in database
GPG key ID: 7FF262C033518333
7 changed files with 129 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
hooks/post_app_addaccess Normal file
View file

@ -0,0 +1,33 @@
#!/bin/bash
# Source app helpers
source /usr/share/yunohost/helpers
app=$1
added_users=$2
permission=$3
added_groups=$4
if [ "$app" == __APP__ ]; then
if [ "$permission" = "create poll" ]; then # The fake permission "create poll" is modifed.
if [ "$added_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
# Sync the is_public variable according to the permission
ynh_app_setting_set --app=$app --key=is_public --value=1
yunohost app ssowatconf
else
ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
fi
fi
fi

26
hooks/post_app_removeaccess Normal file
View file

@ -0,0 +1,26 @@
#!/bin/bash
# Source app helpers
source /usr/share/yunohost/helpers
app=$1
removed_users=$2
permission=$3
removed_groups=$4
if [ "$app" == __APP__ ]; then
if [ "$permission" = "create poll" ]; then # The fake permission "create poll" is modifed.
if [ "$removed_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
# We remove the regex, no more protection is needed.
ynh_app_setting_delete --app=$app --key=unprotected_regex
# Sync the is_public variable according to the permission
ynh_app_setting_set --app=$app --key=is_public --value=0
yunohost app ssowatconf
else
ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
fi
fi
fi

2
manifest.json
View file

@ -19,7 +19,7 @@
"email": "ljf+opensondage_ynh@grimaud.me" "email": "ljf+opensondage_ynh@grimaud.me"
}], }],
"requirements": { "requirements": {
"yunohost": ">= 3.5.0" "yunohost": ">= 3.7.0"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [

5
scripts/change_url
View file

@ -97,16 +97,13 @@ ynh_script_progression --message="Upgrading SSOwat configuration..."
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
ynh_app_setting_delete --app=$app --key=protected_regex
# Keep /admin private
if [ "$path_url" == "/" ]; then if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex. # If the path is /, clear it to prevent any error with the regex.
path_url="" path_url=""
fi fi
# Modify the domain to be used in a regex # Modify the domain to be used in a regex
domain_regex=$(echo "$new_domain" | sed 's@-@.@g') domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/" ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
fi fi
#================================================= #=================================================

30
scripts/install
View file

@ -54,7 +54,7 @@ ynh_app_setting_set --app=$app --key=is_public --value=$is_public
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..."3 ynh_script_progression --message="Installing dependencies..." --weight=3
ynh_install_app_dependencies php-fpdf php-cli php-xml ynh_install_app_dependencies php-fpdf php-cli php-xml
@ -125,6 +125,14 @@ ynh_replace_string --match_string="__PATH__" --replace_string=$path_url -
# Calculate and store the config file checksum into the app settings # Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$config" ynh_store_file_checksum --file="$config"
#=================================================
# SETUP HOOKS FILE
#=================================================
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
#================================================= #=================================================
# REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE) # REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE)
#================================================= #=================================================
@ -140,7 +148,7 @@ touch "$final_path/admin/stdout.log"
#================================================= #=================================================
# RUN DATABASE INITILIZATION # RUN DATABASE INITILIZATION
#================================================= #=================================================
ynh_script_progression --message="Initializing database..."2 ynh_script_progression --message="Initializing database..." --weight=2
# Install composer # Install composer
ynh_install_composer ynh_install_composer
@ -159,21 +167,29 @@ chown -R $app: "$final_path/"{tpl_c,admin/stdout.log}
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring SSOwat..." ynh_script_progression --message="Configuring Permissions..."
ynh_permission_update --permission="main" --add="visitors"
ynh_permission_create --permission="admin" --allowed="$admin" --url="/admin"
# This is a fake permission without any URL.
# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
# We can't use a real permission for now because the actual permision system doesn't support regex.
ynh_permission_create --permission="create poll" --allowed="visitors"
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
# Keep /admin private
if [ "$path_url" == "/" ]; then if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex. # If the path is /, clear it to prevent any error with the regex.
path_url="" path_url=""
fi fi
# Modify the domain to be used in a regex # Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g') domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/" ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
else
ynh_permission_update --permission="create poll" --remove="visitors"
fi fi
#================================================= #=================================================

2
scripts/remove
View file

@ -25,7 +25,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
# REMOVE DEPENDENCIES # REMOVE DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Removing dependencies..."3 ynh_script_progression --message="Removing dependencies..." --weight=3
# Remove metapackage and its dependencies # Remove metapackage and its dependencies
ynh_remove_app_dependencies ynh_remove_app_dependencies

64
scripts/upgrade
View file

@ -51,6 +51,43 @@ elif [ "$is_public" = "No" ]; then
is_public=0 is_public=0
fi fi
skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
# Unused with the permission system
if [ ! -z "$skipped_uris" ]; then
ynh_app_setting_delete --app=$app --key=skipped_uris
fi
protected_regex=$(ynh_app_setting_get --app=$app --key=protected_regex)
# Unused with the permission system
if [ ! -z "$protected_regex" ]; then
ynh_app_setting_delete --app=$app --key=protected_regex
fi
# Create the permission "upload images" only if it doesn't exist.
if ! ynh_permission_exists --permission="create poll"
then
# This is a fake permission without any URL.
# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
# We can't use a real permission for now because the actual permision system doesn't support regex.
ynh_permission_create --permission="create poll" --allowed="visitors"
# Make app public if necessary
if [ $is_public -eq 1 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
else
ynh_permission_update --permission="create poll" --remove="visitors"
fi
fi
# If db_name doesn't exist, create it # If db_name doesn't exist, create it
if [ -z "$db_name" ]; then if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app) db_name=$(ynh_sanitize_dbid --db_name=$app)
@ -176,6 +213,13 @@ then
ynh_store_file_checksum --file="$config" ynh_store_file_checksum --file="$config"
fi fi
#=================================================
# SETUP HOOKS FILE
#=================================================
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
#================================================= #=================================================
# REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE) # REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE)
#================================================= #=================================================
@ -211,26 +255,6 @@ fi
chown -R root: "$final_path" chown -R root: "$final_path"
chown -R $app: "$final_path/"{tpl_c,admin/stdout.log} chown -R $app: "$final_path/"{tpl_c,admin/stdout.log}
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
# Keep /admin private
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/"
fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================