YunoHost-Apps/sogo_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/sogo_ynh.git synced 2024-09-03 20:26:07 +02:00
Code Issues Activity Actions

Add group-permission support and use config helper

Browse source
This commit is contained in:
Josué Tille 2020-03-25 23:00:34 +01:00
parent 3656dab7e9
commit b94521751a
No known key found for this signature in database
GPG key ID: 716A6C99B04194EF
10 changed files with 68 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
conf/sogo.conf
View file

@ -3,9 +3,9 @@
WOLogFile = /var/log/__APP__/sogo.log;
/* Fix Yunohost Tile */
WODontZipResponse = YES;
SOGoProfileURL = "mysql://__DBUSER__:__DBPASS__@localhost:3306/__APP__/sogo_user_profile";
OCSFolderInfoURL = "mysql://__DBUSER__:__DBPASS__@localhost:3306/__APP__/sogo_folder_info";
OCSSessionsFolderURL = "mysql://__DBUSER__:__DBPASS__@localhost:3306/__APP__/sogo_sessions_folder";
SOGoProfileURL = "mysql://__DB_USER__:__DB_PWD__@localhost:3306/__APP__/sogo_user_profile";
OCSFolderInfoURL = "mysql://__DB_USER__:__DB_PWD__@localhost:3306/__APP__/sogo_folder_info";
OCSSessionsFolderURL = "mysql://__DB_USER__:__DB_PWD__@localhost:3306/__APP__/sogo_sessions_folder";
NGImap4ConnectionStringSeparator = ".";
SOGoAppointmentSendEMailNotifications = YES;
SOGoEnablePublicAccess = YES;
@ -26,7 +26,7 @@
SOGoMailMessageCheck = every_10_minutes;
SOGoMailAuxiliaryUserAccountsEnabled = YES;
SOGoTrustProxyAuthentication = YES;
SOGoSuperUsernames = (__ADMINUSER__);
SOGoSuperUsernames = (__ADMIN__);
/* Default Calendar and Contacts Permissions */
SOGoCalendarDefaultRoles = ("PublicViewer", "ConfidentialDAndTViewer");
SOGoContactsDefaultRoles = ("ObjectViewer");
@ -39,6 +39,7 @@
IDFieldName = uid; // first field of the DN for direct binds
bindFields = (uid, mail); // array of fields to use for indirect binds
baseDN = "ou=users,dc=yunohost,dc=org";
filter = "objectClass='posixAccount' AND permission='cn=__APP__.main,ou=permission,dc=yunohost,dc=org'";
canAuthenticate = YES;
displayName = "Yunohost Users";
hostname = ldap://localhost:389;

4
manifest.json
View file

@ -4,7 +4,7 @@
"packaging_format": 1,
"license": "LGPL-2.1,GPL-2.0",
"url": "https://sogo.nu/",
"version": "4.0.7-1~ynh1",
"version": "4.0.7-1~ynh2",
"description": {
"en": "An opensource groupware for E-Mail, Contacts and Calender.",
"fr": "Un groupware opensource pour les e-mail, contacts et calendrier"
@ -24,7 +24,7 @@
"mysql"
],
"requirements": {
"yunohost": ">= 4.0"
"yunohost": ">= 4.1"
},
"arguments": {
"install" : [

30
scripts/_common.sh
View file

@ -14,41 +14,15 @@ install_dependance() {
ynh_install_app_dependencies sogo stunnel4 memcached
}
config_sogo() {
# Avoid if the directory don't exist
mkdir -p /etc/$app
ynh_backup_if_checksum_is_different --file /etc/$app/sogo.conf
cp ../conf/sogo.conf /etc/$app/sogo.conf
ynh_replace_string --match_string __APP__ --replace_string $app --target_file /etc/$app/sogo.conf
ynh_replace_string --match_string __ADMINUSER__ --replace_string $admin --target_file /etc/$app/sogo.conf
ynh_replace_string --match_string __DBUSER__ --replace_string $db_user --target_file /etc/$app/sogo.conf
ynh_replace_string --match_string __DBPASS__ --replace_string $db_pwd --target_file /etc/$app/sogo.conf
ynh_replace_string --match_string __PORT__ --replace_string $port --target_file /etc/$app/sogo.conf
ynh_replace_string --match_string __SMTP_PORT__ --replace_string $smtp_port --target_file /etc/$app/sogo.conf
ynh_store_file_checksum --file /etc/$app/sogo.conf
}
config_stunnel() {
ynh_backup_if_checksum_is_different --file /etc/stunnel/$app.conf
cp ../conf/stunnel.conf /etc/stunnel/$app.conf
ynh_replace_string --match_string __SMTP_PORT__ --replace_string $smtp_port --target_file /etc/stunnel/$app.conf
ynh_store_file_checksum --file /etc/stunnel/$app.conf
ynh_add_config --template="stunnel.conf" --destination="/etc/stunnel/$app.conf"
# Enable stunnel at startup
ynh_replace_string --match_string "ENABLED=0" --replace_string "ENABLED=1" --target_file /etc/default/stunnel4
}
config_cron() {
ynh_backup_if_checksum_is_different --file /etc/cron.d/$app
cp ../conf/cron /etc/cron.d/$app
ynh_replace_string --match_string __APP__ --replace_string $app --target_file /etc/cron.d/$app
ynh_store_file_checksum --file /etc/cron.d/$app
ynh_add_config --template="cron" --destination="/etc/cron.d/$app"
systemctl restart cron
}

16
scripts/add_sso_conf.py
View file

@ -1,16 +0,0 @@
#!/usr/bin/python3
import json
with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
try:
data = json.load(jsonFile)
except:
print("File /etc/ssowat/conf.json.persistent corrupt, make a new file")
data = {}
if not "skipped_urls" in data:
data["skipped_urls"] = []
data["skipped_urls"] = list(set(data["skipped_urls"]) | set(["/Microsoft-Server-ActiveSync", "/principals"]))
with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

16
scripts/install
View file

@ -59,7 +59,8 @@ ynh_mysql_setup_db --db_name $db_name --db_user $db_user
ynh_script_progression --message="Configuring application..." --weight=3
# Configure SOGO
config_sogo
mkdir -p /etc/$app
ynh_add_config --template="sogo.conf" --destination="/etc/$app/sogo.conf"
# Configure stunnel
# To fix the issue https://sogo.nu/bugs/view.php?id=31 we need stunnel to be able to connect correctly to the smtp server
@ -82,13 +83,14 @@ set_permission
# configure the sso
ynh_script_progression --message="Configuring permissions..."
if [ "$is_public" = "0" ];
then # Retire l'accès public
ynh_app_setting_delete --app $app --key skipped_uris
else
ynh_app_setting_set --app $app --key unprotected_uris --value "/"
ynh_permission_create --permission="sync_client" --allowed='visitors' --auth_header=false\
--label="Sync client" --protected=true --show_tile=false\
--additional_urls="/Microsoft-Server-ActiveSync" "/principals" "/.well-known/caldav" "/.well-known/carddav"
if [ "$is_public" == '1' ];
then
ynh_permission_update --permission "main" --add "visitors"
fi
python3 add_sso_conf.py
# SETUP LOGROTATE
ynh_script_progression --message="Configuring log rotation..."

3
scripts/remove
View file

@ -48,9 +48,6 @@ ynh_secure_remove --file="/etc/$app"
# Remove stunnel config
ynh_secure_remove --file="/etc/stunnel/$app.conf"
# Remove custom SSO config
python3 remove_sso_conf.py
# Remove service
yunohost service remove $app

11
scripts/remove_sso_conf.py
View file

@ -1,11 +0,0 @@
#!/usr/bin/python3
import json
with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
data = json.load(jsonFile)
data["skipped_urls"].remove("/Microsoft-Server-ActiveSync")
data["skipped_urls"].remove("/principals")
with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

39
scripts/remove_sso_conf_persistent.py Normal file
View file

@ -0,0 +1,39 @@
import json
import sys
with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
data = json.load(jsonFile)
for domain in ("", sys.argv[1]):
for path in ("/principals", "/Microsoft-Server-ActiveSync", "/.well-known/caldav", "/.well-known/carddav"):
url = domain + path
try:
uri_list = data["skipped_urls"]
while url in uri_list:
uri_list.remove(url)
except:
pass
try:
uri_list = data["protected_urls"]
while url in uri_list:
uri_list.remove(url)
except:
pass
try:
uri_list = data["permissions"]["custom_protected"]["uris"]
while url in uri_list:
uri_list.remove(url)
except:
pass
try:
uri_list = data["permissions"]["custom_skipped"]["uris"]
while url in uri_list:
uri_list.remove(url)
except:
pass
with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

2
scripts/restore
View file

@ -55,8 +55,6 @@ ynh_replace_string --match_string "ENABLED=0" --replace_string "ENABLED=1" --tar
ynh_script_progression --message="Protecting directory..."
set_permission
python3 ../settings/scripts/add_sso_conf.py
# SETUP LOGROTATE
ynh_use_logrotate --logfile /var/log/$app/sogo.log --nonappend

17
scripts/upgrade
View file

@ -97,7 +97,7 @@ install_dependance
ynh_script_progression --message="Configuring application..."
# Configure SOGO
config_sogo
ynh_add_config --template="sogo.conf" --destination="/etc/$app/sogo.conf"
# Configure stunnel
config_stunnel
@ -118,13 +118,18 @@ set_permission
# configure the sso
ynh_script_progression --message="Configuring permissions..."
if [ "$is_public" = "0" ];
then # Retire l'accès public
ynh_app_setting_delete --app $app --key skipped_uris
if ! ynh_permission_exists --permission sync_client; then
ynh_permission_create --permission="sync_client" --allowed 'visitors' --auth_header=false\
--label="Sync client" --protected=true --show_tile=false\
--additional_urls="/Microsoft-Server-ActiveSync" "/principals" "/.well-known/caldav" "/.well-known/carddav"
python3 remove_sso_conf_persistent.py $domain \
|| ynh_print_warn --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
else
ynh_app_setting_set --app $app --key unprotected_uris --value "/"
ynh_permission_update --permission="sync_client" --add='visitors' --label="Sync client" --protected=true --show_tile=false
ynh_permission_url --permission "sync_client" --auth_header=false\
--add_url="/Microsoft-Server-ActiveSync" "/principals" "/.well-known/caldav" "/.well-known/carddav"
fi
python3 add_sso_conf.py
# SETUP LOGROTATE
ynh_script_progression --message="Configuring log rotation..."