From d797887ba659b1993ba1595e9265f2ba9f657ed6 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 29 Jul 2022 00:49:56 +0200 Subject: [PATCH] Apply example_ynh --- scripts/install | 28 ++++++++-------------------- scripts/upgrade | 23 +++++------------------ 2 files changed, 13 insertions(+), 38 deletions(-) diff --git a/scripts/install b/scripts/install index bb9b127..b59ec42 100644 --- a/scripts/install +++ b/scripts/install @@ -44,7 +44,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # STANDARD MODIFICATIONS @@ -64,6 +63,11 @@ ynh_script_progression --message="Setting up source files..." --weight=3 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +mkdir -p $final_path/{data,tmp} + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # PHP-FPM CONFIGURATION @@ -81,23 +85,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SPECIFIC SETUP -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -# Files owned by user specific can just read -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# Except for data and tmp subdir, where the user must have write permissions -mkdir -p $final_path/{data,tmp} -chown -R $app:root $final_path/{data,tmp} -chmod 700 $final_path/{data,tmp} - #================================================= # GENERIC FINALIZATION #================================================= @@ -105,10 +92,11 @@ chmod 700 $final_path/{data,tmp} #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -# If app is public, add url to SSOWat conf as skipped_uris +# Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. + # Everyone can access the app. + # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" else # If the app is private, viewing paste stays publicly accessible. diff --git a/scripts/upgrade b/scripts/upgrade index 824af72..6689f6b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,7 +18,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) @@ -50,23 +49,11 @@ ynh_abort_if_errors #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=3 -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -elif [ -z "$is_public" ] -then - if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml" - then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 - else - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 - fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public fi # If final_path doesn't exist, create it