From 9a949c120968813055bc8b22e000d5abc7a6acda Mon Sep 17 00:00:00 2001
From: tituspijean <tituspijean@outlook.com>
Date: Wed, 25 Nov 2020 11:39:30 +0100
Subject: [PATCH] Use permissions system

---
 scripts/install |  5 +++--
 scripts/upgrade | 32 ++++++++++++--------------------
 2 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/scripts/install b/scripts/install
index ab62f28..8a15e79 100644
--- a/scripts/install
+++ b/scripts/install
@@ -166,8 +166,9 @@ ynh_script_progression --message="Configuring SSOwat..."
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission "main" --add "visitors"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 49652a9..e1e0e94 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -32,21 +32,24 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..."
 
-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
-
 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
 	final_path=/var/www/$app
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
+# Cleaning legacy permissions
+is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+
+if [ -n "$is_public" ]; then
+	# Delete is_public key. It is now handled by the permissions system
+	ynh_app_setting_delete --app=$app --key=is_public
+	# Delete legacy permission settings
+	ynh_app_setting_delete --app=$app --key=unprotected_uris
+	ynh_app_setting_delete --app=$app --key=protected_uris
+	ynh_app_setting_delete --app=$app --key=skipped_uris
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -170,17 +173,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..."
 # Create a dedicated fail2ban config
 ynh_add_fail2ban_config --logpath="$final_path/data/log.txt" --failregex="\s-\s<HOST>\s-\sLogin failed for user.*$"
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
 #=================================================
 # RELOAD NGINX
 #=================================================