Implement new permission system

conf/add_sso_conf.py

@@ -1,12 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

conf/add_sso_conf_webdav.py

@@ -1,8 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

conf/update_sso_conf.py

@@ -1,14 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["unprotected_urls"].remove("/seafhttp")
-    data["unprotected_urls"].remove("/seafdav")
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

scripts/install

@@ -200,10 +200,12 @@ ynh_debug_exec ls /opt/yunohost/seafile/ccnet
 ynh_script_progression --message="Protecting directory..."
 set_permission
 
-ynh_script_progression --message="Configuring permissions..."
-
 # Add sso config to unprotect domain.tld/seafhttp + domain.tld/seafdav do in /etc/ssowat/conf.json.persistent
-python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
+ynh_script_progression --message="Configuring permissions..."
+ynh_permission_create --permission=file_server --url=/seafhttp --auth_header=false \
+                      --label="File server" --protected=true --allowed=visitors
+ynh_permission_create --permission=webdav --url=/seafdav --auth_header=true \
+                      --label="Webdav" --protected=true --allowed=visitors
 
 # unprotect media
 ynh_app_setting_set --app $app --key unprotected_uris --value "/media"

scripts/remove

@@ -35,10 +35,6 @@ pkill -f seaf-server || true
 pkill -f ccnet-server || true
 pkill -f seahub || true
 
-# remove sso config to unprotect domain.tld/seafhttp in /etc/ssowat/conf.json.persistent
-ynh_script_progression --message="Cleaning SSO configuration..."
-python3 ../conf/remove_sso_conf.py
-
 ynh_script_progression --message="Removing logs..."
 ynh_secure_remove --file=/var/log/seafile
 ynh_script_progression --message="Removing code..."

scripts/restore

@@ -57,10 +57,6 @@ su -c "mysql -u ${app} -p$db_pwd seahubdb < ${YNH_CWD}/seahubdb.dmp"
 # GENERIC FINALIZATION
 #=================================================
 
-# Restore sso persistent config
-ynh_script_progression --message="Configuring permissions..."
-python3 ../settings/conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
-
 # Add logrotate
 ynh_script_progression --message="Configuring log rotation..."
 ynh_use_logrotate --logfile $final_path/logs

scripts/upgrade

@@ -150,7 +150,6 @@ case $installed_version in
 ;&
 "6.0."* )
     install_source_7_0
-	python3 ../conf/update_sso_conf.py || true
 
 	# Update seafile by script
 	expect_scripts/upgrade_6.1.exp $final_path/seafile-server-$seafile_version
@@ -232,9 +231,6 @@ then
 	cp ../conf/seafdav.conf $final_path/conf/seafdav.conf
 	ynh_replace_string --match_string __WEBDAV_PORT__ --replace_string $webdav_port --target_file $final_path/conf/seafdav.conf
 	
-	# Add sso config to unprotect domain.tld/seafdav in /etc/ssowat/conf.json.persistent
-	python3 ../conf/add_sso_conf_webdav.py
-	
 	# Update seafile config
 	echo 'COMPRESS_URL = MEDIA_URL' | tee -a $final_path/conf/seahub_settings.py
 	echo "STATIC_URL = MEDIA_URL + 'assets/'" | tee -a $final_path/conf/seahub_settings.py
@@ -296,6 +292,22 @@ ynh_use_logrotate --logfile $final_path/logs --nonappend
 ynh_script_progression --message="Configuring fail2ban..." --weight=10
 ynh_add_fail2ban_config --use_template --others_var 'final_path'
 
+ynh_script_progression --message="Configuring permissions..." --weight=1
+if !ynh_permission_exists --permission=server_api; then
+    ynh_permission_create --permission=file_server --url=/seafhttp --auth_header=false \
+                          --label="File server" --protected=true --allowed=visitors
+    ynh_permission_create --permission=webdav --url=/seafdav --auth_header=true \
+                          --label="Webdav" --protected=true --allowed=visitors
+    python3 remove_sso_conf_persistent.py $domain $server_name \
+        || ynh_print_warn --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
+else
+    ynh_permission_url --permission=file_server --url=/seafhttp --auth_header=false
+    ynh_permission_update --permission=file_server --label="File server" --show_tile=false --protected=true
+    ynh_permission_url --permission=webdav --url=/seafhttp --auth_header=false
+    ynh_permission_update --permission=webdav --label="Webdav" --show_tile=false --protected=true
+fi
+
+
 # register yunohost service
 ynh_script_progression --message="Register seafile service..."
 yunohost service add seafile