New Permission System

hooks/post_app_addaccess

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Source app helpers
+source /usr/share/yunohost/helpers
+
+app=$1
+added_users=$2
+permission=$3
+added_groups=$4
+
+if [ "$app" == __APP__ ]; then
+    if [ "$permission" = "create poll" ]; then # The fake permission "create poll" is modifed.
+        if [ "$added_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
+            domain=$(ynh_app_setting_get --app=$app --key=domain)
+            path_url=$(ynh_app_setting_get --app=$app --key=path)
+
+            if [ "$path_url" == "/" ]; then
+                # If the path is /, clear it to prevent any error with the regex.
+                path_url=""
+            fi
+            # Modify the domain to be used in a regex
+            domain_regex=$(echo "$domain" | sed 's@-@.@g')
+            ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
+
+            # Sync the is_public variable according to the permission
+            ynh_app_setting_set --app=$app --key=is_public --value=1
+
+            yunohost app ssowatconf
+        else
+            ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
+        fi
+    fi
+fi

hooks/post_app_removeaccess

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Source app helpers
+source /usr/share/yunohost/helpers
+
+app=$1
+removed_users=$2
+permission=$3
+removed_groups=$4
+
+if [ "$app" == __APP__ ]; then
+    if [ "$permission" = "create poll" ]; then # The fake permission "create poll" is modifed.
+        if [ "$removed_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
+            
+            # We remove the regex, no more protection is needed.
+            ynh_app_setting_delete --app=$app --key=unprotected_regex
+
+            # Sync the is_public variable according to the permission
+            ynh_app_setting_set --app=$app --key=is_public --value=0
+
+            yunohost app ssowatconf
+        else
+            ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
+        fi
+    fi
+fi

manifest.json

@@ -19,7 +19,7 @@
         "email": "ljf+opensondage_ynh@grimaud.me"
     }],
     "requirements": {
-        "yunohost": ">= 3.5.0"
+        "yunohost": ">= 3.7.0"
     },
     "multi_instance": true,
     "services": [

scripts/change_url

@@ -97,16 +97,13 @@ ynh_script_progression --message="Upgrading SSOwat configuration..."
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	ynh_app_setting_delete --app=$app --key=protected_regex
-
-	# Keep /admin private
 	if [ "$path_url" == "/" ]; then
 	    # If the path is /, clear it to prevent any error with the regex.
 	    path_url=""
 	fi
 	# Modify the domain to be used in a regex
 	domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
-	ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/"
+	ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
 fi
 
 #=================================================

scripts/install

@@ -54,7 +54,7 @@ ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Installing dependencies..."3
+ynh_script_progression --message="Installing dependencies..." --weight=3
 
 ynh_install_app_dependencies php-fpdf php-cli php-xml
 
@@ -125,6 +125,14 @@ ynh_replace_string --match_string="__PATH__"      --replace_string=$path_url   -
 # Calculate and store the config file checksum into the app settings
 ynh_store_file_checksum --file="$config"
 
+#=================================================
+# SETUP HOOKS FILE
+#=================================================
+
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
+
+
 #=================================================
 # REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE)
 #=================================================
@@ -140,7 +148,7 @@ touch "$final_path/admin/stdout.log"
 #=================================================
 # RUN DATABASE INITILIZATION
 #=================================================
-ynh_script_progression --message="Initializing database..."2
+ynh_script_progression --message="Initializing database..." --weight=2
 
 # Install composer
 ynh_install_composer
@@ -159,21 +167,29 @@ chown -R $app: "$final_path/"{tpl_c,admin/stdout.log}
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..."
+ynh_script_progression --message="Configuring Permissions..."
+
+ynh_permission_update --permission="main" --add="visitors"
+
+ynh_permission_create --permission="admin" --allowed="$admin" --url="/admin"
+
+# This is a fake permission without any URL.
+# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
+# We can't use a real permission for now because the actual permision system doesn't support regex.
+ynh_permission_create --permission="create poll" --allowed="visitors"
 
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
-
-	# Keep /admin private
 	if [ "$path_url" == "/" ]; then
 	    # If the path is /, clear it to prevent any error with the regex.
 	    path_url=""
 	fi
 	# Modify the domain to be used in a regex
 	domain_regex=$(echo "$domain" | sed 's@-@.@g')
-	ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/"
+	ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
+else
+	ynh_permission_update --permission="create poll" --remove="visitors"
 fi
 
 #=================================================

scripts/remove

@@ -25,7 +25,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================
 # REMOVE DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Removing dependencies..."3
+ynh_script_progression --message="Removing dependencies..." --weight=3
 
 # Remove metapackage and its dependencies
 ynh_remove_app_dependencies

scripts/upgrade

@@ -51,6 +51,43 @@ elif [ "$is_public" = "No" ]; then
 	is_public=0
 fi
 
+skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
+
+# Unused with the permission system
+if [ ! -z "$skipped_uris" ]; then
+	ynh_app_setting_delete --app=$app --key=skipped_uris
+fi
+
+protected_regex=$(ynh_app_setting_get --app=$app --key=protected_regex)
+
+# Unused with the permission system
+if [ ! -z "$protected_regex" ]; then
+	ynh_app_setting_delete --app=$app --key=protected_regex
+fi
+
+# Create the permission "upload images" only if it doesn't exist.
+if ! ynh_permission_exists --permission="create poll"
+then
+	# This is a fake permission without any URL.
+	# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
+	# We can't use a real permission for now because the actual permision system doesn't support regex.
+	ynh_permission_create --permission="create poll" --allowed="visitors"
+
+	# Make app public if necessary
+	if [ $is_public -eq 1 ]
+	then
+		if [ "$path_url" == "/" ]; then
+			# If the path is /, clear it to prevent any error with the regex.
+			path_url=""
+		fi
+		# Modify the domain to be used in a regex
+		domain_regex=$(echo "$domain" | sed 's@-@.@g')
+		ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
+	else
+		ynh_permission_update --permission="create poll" --remove="visitors"
+	fi
+fi
+
 # If db_name doesn't exist, create it
 if [ -z "$db_name" ]; then
 	db_name=$(ynh_sanitize_dbid --db_name=$app)
@@ -176,6 +213,13 @@ then
     ynh_store_file_checksum --file="$config"
 fi
 
+#=================================================
+# SETUP HOOKS FILE
+#=================================================
+
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
+
 #=================================================
 # REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE)
 #=================================================
@@ -211,26 +255,6 @@ fi
 chown -R root: "$final_path"
 chown -R $app: "$final_path/"{tpl_c,admin/stdout.log}
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
-
-	# Keep /admin private
-	if [ "$path_url" == "/" ]; then
-	    # If the path is /, clear it to prevent any error with the regex.
-	    path_url=""
-	fi
-	# Modify the domain to be used in a regex
-	domain_regex=$(echo "$domain" | sed 's@-@.@g')
-	ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================