Apply example_ynh

scripts/install

@@ -44,7 +44,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
 
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 
 #=================================================
 # STANDARD MODIFICATIONS
@@ -64,6 +63,11 @@ ynh_script_progression --message="Setting up source files..." --weight=3
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
+mkdir -p $final_path/{data,tmp}
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # PHP-FPM CONFIGURATION
@@ -81,23 +85,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
-#=================================================
-# SPECIFIC SETUP
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions to app files
-chown -R root: $final_path
-# Files owned by user specific can just read
-find $final_path -type f | xargs chmod 644
-find $final_path -type d | xargs chmod 755
-
-# Except for data and tmp subdir, where the user must have write permissions
-mkdir -p $final_path/{data,tmp}
-chown -R $app:root $final_path/{data,tmp}
-chmod 700 $final_path/{data,tmp}
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -105,10 +92,11 @@ chmod 700 $final_path/{data,tmp}
 #=================================================
 ynh_script_progression --message="Configuring permissions..." --weight=1
 
-# If app is public, add url to SSOWat conf as skipped_uris
+# Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
 	ynh_permission_update --permission="main" --add="visitors"
 else
 	# If the app is private, viewing paste stays publicly accessible.

scripts/upgrade

@@ -18,7 +18,6 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
@@ -50,23 +49,11 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=3
 
-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-elif [ -z "$is_public" ]
-then
-	if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml"
-	then
-		ynh_app_setting_set --app=$app --key=is_public --value=1
-		is_public=1
-	else
-		ynh_app_setting_set --app=$app --key=is_public --value=0
-		is_public=0
-	fi
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
 # If final_path doesn't exist, create it