From f892fb10dc6851d540509deba5391f378e89d835 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Tue, 26 Jan 2021 22:54:26 +0100
Subject: [PATCH] Implement new permission system

---
 conf/add_sso_conf.py                          | 12 -----------
 conf/add_sso_conf_webdav.py                   |  8 --------
 conf/update_sso_conf.py                       | 14 -------------
 scripts/install                               |  8 +++++---
 scripts/remove                                |  4 ----
 .../remove_sso_conf_persistent.py             |  0
 scripts/restore                               |  4 ----
 scripts/upgrade                               | 20 +++++++++++++++----
 8 files changed, 21 insertions(+), 49 deletions(-)
 delete mode 100644 conf/add_sso_conf.py
 delete mode 100644 conf/add_sso_conf_webdav.py
 delete mode 100644 conf/update_sso_conf.py
 rename conf/remove_sso_conf.py => scripts/remove_sso_conf_persistent.py (100%)

diff --git a/conf/add_sso_conf.py b/conf/add_sso_conf.py
deleted file mode 100644
index 80c5503..0000000
--- a/conf/add_sso_conf.py
+++ /dev/null
@@ -1,12 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
diff --git a/conf/add_sso_conf_webdav.py b/conf/add_sso_conf_webdav.py
deleted file mode 100644
index 52cb4f8..0000000
--- a/conf/add_sso_conf_webdav.py
+++ /dev/null
@@ -1,8 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
\ No newline at end of file
diff --git a/conf/update_sso_conf.py b/conf/update_sso_conf.py
deleted file mode 100644
index 5264b50..0000000
--- a/conf/update_sso_conf.py
+++ /dev/null
@@ -1,14 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["unprotected_urls"].remove("/seafhttp")
-    data["unprotected_urls"].remove("/seafdav")
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
\ No newline at end of file
diff --git a/scripts/install b/scripts/install
index 190e8e8..cda7baa 100644
--- a/scripts/install
+++ b/scripts/install
@@ -200,10 +200,12 @@ ynh_debug_exec ls /opt/yunohost/seafile/ccnet
 ynh_script_progression --message="Protecting directory..."
 set_permission
 
-ynh_script_progression --message="Configuring permissions..."
-
 # Add sso config to unprotect domain.tld/seafhttp + domain.tld/seafdav do in /etc/ssowat/conf.json.persistent
-python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
+ynh_script_progression --message="Configuring permissions..."
+ynh_permission_create --permission=file_server --url=/seafhttp --auth_header=false \
+                      --label="File server" --protected=true --allowed=visitors
+ynh_permission_create --permission=webdav --url=/seafdav --auth_header=true \
+                      --label="Webdav" --protected=true --allowed=visitors
 
 # unprotect media
 ynh_app_setting_set --app $app --key unprotected_uris --value "/media"
diff --git a/scripts/remove b/scripts/remove
index d826915..8ecd275 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -35,10 +35,6 @@ pkill -f seaf-server || true
 pkill -f ccnet-server || true
 pkill -f seahub || true
 
-# remove sso config to unprotect domain.tld/seafhttp in /etc/ssowat/conf.json.persistent
-ynh_script_progression --message="Cleaning SSO configuration..."
-python3 ../conf/remove_sso_conf.py
-
 ynh_script_progression --message="Removing logs..."
 ynh_secure_remove --file=/var/log/seafile
 ynh_script_progression --message="Removing code..."
diff --git a/conf/remove_sso_conf.py b/scripts/remove_sso_conf_persistent.py
similarity index 100%
rename from conf/remove_sso_conf.py
rename to scripts/remove_sso_conf_persistent.py
diff --git a/scripts/restore b/scripts/restore
index b585e4f..89ee42b 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -57,10 +57,6 @@ su -c "mysql -u ${app} -p$db_pwd seahubdb < ${YNH_CWD}/seahubdb.dmp"
 # GENERIC FINALIZATION
 #=================================================
 
-# Restore sso persistent config
-ynh_script_progression --message="Configuring permissions..."
-python3 ../settings/conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
-
 # Add logrotate
 ynh_script_progression --message="Configuring log rotation..."
 ynh_use_logrotate --logfile $final_path/logs
diff --git a/scripts/upgrade b/scripts/upgrade
index 5e2b765..69206ce 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -150,7 +150,6 @@ case $installed_version in
 ;&
 "6.0."* )
     install_source_7_0
-	python3 ../conf/update_sso_conf.py || true
 
 	# Update seafile by script
 	expect_scripts/upgrade_6.1.exp $final_path/seafile-server-$seafile_version
@@ -232,9 +231,6 @@ then
 	cp ../conf/seafdav.conf $final_path/conf/seafdav.conf
 	ynh_replace_string --match_string __WEBDAV_PORT__ --replace_string $webdav_port --target_file $final_path/conf/seafdav.conf
 	
-	# Add sso config to unprotect domain.tld/seafdav in /etc/ssowat/conf.json.persistent
-	python3 ../conf/add_sso_conf_webdav.py
-	
 	# Update seafile config
 	echo 'COMPRESS_URL = MEDIA_URL' | tee -a $final_path/conf/seahub_settings.py
 	echo "STATIC_URL = MEDIA_URL + 'assets/'" | tee -a $final_path/conf/seahub_settings.py
@@ -296,6 +292,22 @@ ynh_use_logrotate --logfile $final_path/logs --nonappend
 ynh_script_progression --message="Configuring fail2ban..." --weight=10
 ynh_add_fail2ban_config --use_template --others_var 'final_path'
 
+ynh_script_progression --message="Configuring permissions..." --weight=1
+if !ynh_permission_exists --permission=server_api; then
+    ynh_permission_create --permission=file_server --url=/seafhttp --auth_header=false \
+                          --label="File server" --protected=true --allowed=visitors
+    ynh_permission_create --permission=webdav --url=/seafdav --auth_header=true \
+                          --label="Webdav" --protected=true --allowed=visitors
+    python3 remove_sso_conf_persistent.py $domain $server_name \
+        || ynh_print_warn --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
+else
+    ynh_permission_url --permission=file_server --url=/seafhttp --auth_header=false
+    ynh_permission_update --permission=file_server --label="File server" --show_tile=false --protected=true
+    ynh_permission_url --permission=webdav --url=/seafhttp --auth_header=false
+    ynh_permission_update --permission=webdav --label="Webdav" --show_tile=false --protected=true
+fi
+
+
 # register yunohost service
 ynh_script_progression --message="Register seafile service..."
 yunohost service add seafile