1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/question2answer_ynh.git synced 2024-09-03 20:16:07 +02:00

Merge pull request #111 from YunoHost/permissions

Using new permissions system
This commit is contained in:
Kayou 2021-01-11 00:38:10 +01:00 committed by GitHub
commit e2aee51865
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 23 deletions

View file

@ -15,7 +15,7 @@
"url": "http://example.com" "url": "http://example.com"
}, },
"requirements": { "requirements": {
"yunohost": ">= 3.5" "yunohost": ">= 4.1.3"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [

View file

@ -72,7 +72,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=language --value=$language
#================================================= #=================================================
@ -222,7 +221,8 @@ chown -R $app: $final_path
# Set the app as temporarily public for curl call # Set the app as temporarily public for curl call
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
ynh_app_setting_set --app=$app --key=skipped_uris --value="/" # Making the app public for curl
ynh_permission_update --permission="main" --add="visitors"
# Reload SSOwat config # Reload SSOwat config
yunohost app ssowatconf yunohost app ssowatconf
@ -234,10 +234,7 @@ ynh_script_progression --message="Finalizing installation..." --time --weight=1
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
# Remove the public access # Remove the public access
if [ $is_public -eq 0 ] ynh_permission_update --permission="main" --remove="visitors"
then
ynh_app_setting_delete --app=$app --key=skipped_uris
fi
#================================================= #=================================================
# MODIFY A CONFIG FILE # MODIFY A CONFIG FILE
@ -347,15 +344,24 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 ynh_script_progression --message="Configuring permissions..." --time --weight=1
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
# unprotected_uris allows SSO credentials to be passed anyway. # Everyone can access the app.
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" # The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi fi
# Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Everyone can access to the api part
# We don't want to display the tile in the sso so we put --show_tile="false"
# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================

View file

@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin) admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language) language=$(ynh_app_setting_get --app=$app --key=language)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@ -59,6 +58,26 @@ ynh_script_progression --message="Ensuring downward compatibility..." --time --w
# ynh_app_setting_set --app=$app --key=final_path --value=$final_path # ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#fi #fi
### If nobody installed your app before 4.1,
### then you may safely remove these lines
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
fi
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
@ -191,18 +210,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================