diff --git a/manifest.json b/manifest.json
index a8f55db..fcb7880 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Open source photo gallery for the web",
         "fr": "Galerie de photos open source pour le web"
     },
-    "version": "2.10.2~ynh2",
+    "version": "2.10.2~ynh3",
     "url": "http://piwigo.org",
     "license": "GPL-2.0",
     "maintainer": {
diff --git a/pull_request_template.md b/pull_request_template.md
index da04d51..f501dd4 100644
--- a/pull_request_template.md
+++ b/pull_request_template.md
@@ -18,7 +18,7 @@
 - [ ] **Code review** : 
 - [ ] **Approval (LGTM)** : 
 - [ ] **Approval (LGTM)** : 
-- **CI succeeded** : 
-[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/piwigo_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/piwigo_ynh%20PR-NUM-/)  
-*Please replace '-NUM-' in this link by the PR number.*  
-When the PR is marked as ready to merge, you have to wait for 3 days before really merging it.
+
+## Package_check results
+---
+* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"*
diff --git a/scripts/install b/scripts/install
index c191ca6..e0ef92b 100644
--- a/scripts/install
+++ b/scripts/install
@@ -235,13 +235,14 @@ ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex=
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..."
+ynh_script_progression --message="Configuring permissions..."
 
-# Protect URIs if private
-if [ $is_public -eq 0 ]
+# Make app public if necessary
+if [ $is_public -eq 1 ]
 then
-  ynh_app_setting_delete --app=$app --key=unprotected_uris
-  ynh_app_setting_set --app=$app --key=protected_uris --value="/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 53280f5..4539840 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -74,6 +74,13 @@ then
 	ynh_app_setting_delete --app=$app --key=path_url
 fi
 
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+  ynh_legacy_permissions_delete_all
+
+  ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -274,18 +281,6 @@ ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex=
 
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Protect URIs if private
-if [ $is_public -eq 0 ]
-then
-  ynh_app_setting_delete --app=$app --key=unprotected_uris
-  ynh_app_setting_set --app=$app --key=protected_uris --value="/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================