YunoHost-Apps/opensondage_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/opensondage_ynh.git synced 2024-09-03 19:46:28 +02:00
Code Issues Activity Actions

Merge pull request #59 from YunoHost-Apps/new-permissions-system

Browse source 
New Permission System
This commit is contained in:
Alexandre Aubin 2021-11-12 01:17:54 +01:00 committed by GitHub
commit 74aba3d013
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 135 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
check_process
View file

@ -10,7 +10,7 @@
setup_sub_dir=1 setup_sub_dir=1
setup_root=1 setup_root=1
setup_nourl=0 setup_nourl=0
setup_private=1 setup_private=0
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=02f2cd7e656ebae74643e969746b23d8912c7798 upgrade=1 from_commit=02f2cd7e656ebae74643e969746b23d8912c7798

33
hooks/post_app_addaccess Normal file
View file

@ -0,0 +1,33 @@
#!/bin/bash
# Source app helpers
source /usr/share/yunohost/helpers
app=$1
added_users=$2
permission=$3
added_groups=$4
if [ "$app" == __APP__ ]; then
if [ "$permission" = "create poll" ]; then # The fake permission "create poll" is modifed.
if [ "$added_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
# Sync the is_public variable according to the permission
ynh_app_setting_set --app=$app --key=is_public --value=1
yunohost app ssowatconf
else
ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
fi
fi
fi

26
hooks/post_app_removeaccess Normal file
View file

@ -0,0 +1,26 @@
#!/bin/bash
# Source app helpers
source /usr/share/yunohost/helpers
app=$1
removed_users=$2
permission=$3
removed_groups=$4
if [ "$app" == __APP__ ]; then
if [ "$permission" = "create poll" ]; then # The fake permission "create poll" is modifed.
if [ "$removed_groups" = "visitors" ]; then # As is it a fake permission we can only grant/remove the "visitors" group.
# We remove the regex, no more protection is needed.
ynh_app_setting_delete --app=$app --key=unprotected_regex
# Sync the is_public variable according to the permission
ynh_app_setting_set --app=$app --key=is_public --value=0
yunohost app ssowatconf
else
ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
fi
fi
fi

5
scripts/change_url
View file

@ -98,16 +98,13 @@ ynh_script_progression --message="Upgrading SSOwat configuration..."
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
ynh_app_setting_delete --app=$app --key=protected_regex
# Keep /admin private
if [ "$path_url" == "/" ]; then if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex. # If the path is /, clear it to prevent any error with the regex.
path_url="" path_url=""
fi fi
# Modify the domain to be used in a regex # Modify the domain to be used in a regex
domain_regex=$(echo "$new_domain" | sed 's@-@.@g') domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/" ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
fi fi
#================================================= #=================================================

26
scripts/install
View file

@ -108,6 +108,14 @@ ynh_script_progression --message="Configuring $app..." --weight=2
ynh_add_config --template="../conf/config.php" --destination="$final_path/app/inc/config.php" ynh_add_config --template="../conf/config.php" --destination="$final_path/app/inc/config.php"
#=================================================
# SETUP HOOKS FILE
#=================================================
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
#================================================= #=================================================
# REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE) # REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE)
#================================================= #=================================================
@ -141,21 +149,29 @@ chown -R $app: "$final_path/"{tpl_c,admin/stdout.log}
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_script_progression --message="Configuring Permissions..."
ynh_permission_update --permission="main" --add="visitors"
ynh_permission_create --permission="admin" --allowed="$admin" --url="/admin"
# This is a fake permission without any URL.
# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
# We can't use a real permission for now because the actual permision system doesn't support regex.
ynh_permission_create --permission="create poll" --allowed="visitors"
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
ynh_permission_update --permission="main" --add="visitors"
# Keep /admin private
if [ "$path_url" == "/" ]; then if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex. # If the path is /, clear it to prevent any error with the regex.
path_url="" path_url=""
fi fi
# Modify the domain to be used in a regex # Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g') domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/" ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
else
ynh_permission_update --permission="create poll" --remove="visitors"
fi fi
#================================================= #=================================================

73
scripts/upgrade
View file

@ -46,6 +46,52 @@ if [ -z "$is_public" ]; then
ynh_app_setting_delete --app=$app --key=public_site ynh_app_setting_delete --app=$app --key=public_site
fi fi
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=0
is_public=0
fi
skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
# Unused with the permission system
if [ ! -z "$skipped_uris" ]; then
ynh_app_setting_delete --app=$app --key=skipped_uris
fi
protected_regex=$(ynh_app_setting_get --app=$app --key=protected_regex)
# Unused with the permission system
if [ ! -z "$protected_regex" ]; then
ynh_app_setting_delete --app=$app --key=protected_regex
fi
# Create the permission "upload images" only if it doesn't exist.
if ! ynh_permission_exists --permission="create poll"
then
# This is a fake permission without any URL.
# The purpose of this permission is only to trigger hooks post_app_add/removeaccess when it's modified.
# We can't use a real permission for now because the actual permision system doesn't support regex.
ynh_permission_create --permission="create poll" --allowed="visitors"
# Make app public if necessary
if [ $is_public -eq 1 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/create_poll.php?.*$","$domain_regex$path_url/adminstuds.php?.*"
else
ynh_permission_update --permission="create poll" --remove="visitors"
fi
fi
# If db_name doesn't exist, create it # If db_name doesn't exist, create it
if [ -z "$db_name" ]; then if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app) db_name=$(ynh_sanitize_dbid --db_name=$app)
@ -146,6 +192,13 @@ then
chown $app:$app "$final_path/app/inc/config.php" chown $app:$app "$final_path/app/inc/config.php"
fi fi
#=================================================
# SETUP HOOKS FILE
#=================================================
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
#================================================= #=================================================
# REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE) # REPLACE LOGO IMAGE (DEFAULT IS FRAMADATE)
#================================================= #=================================================
@ -180,26 +233,6 @@ fi
chown -R $app: "$final_path/"{tpl_c,admin/stdout.log} chown -R $app: "$final_path/"{tpl_c,admin/stdout.log}
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
# Keep /admin private
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/admin/"
fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================