From 6db9afe60cf515634667b45da087dfac918d7cd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 26 Jan 2021 22:21:02 +0100 Subject: [PATCH] Improve permissions --- scripts/change_url | 9 ++------- scripts/install | 6 +++--- scripts/upgrade | 11 ++++++----- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index 8fddd7d..73f3c50 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -118,13 +118,8 @@ ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 - -ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true -ynh_permission_update --permission=main --label="Synapse server SSO authentication" --show_tile=false --protected=true - -ynh_permission_update --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ - --label="Server access for client apps." --show_tile=false \ - --auth_header=false --protected=true +ynh_permission_url --permission=server_api --clear_urls +ynh_permission_url --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \ #================================================= # RELOAD SERVICES diff --git a/scripts/install b/scripts/install index d625497..54528ab 100644 --- a/scripts/install +++ b/scripts/install @@ -342,11 +342,11 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true +ynh_permission_url --permission=main --url=/_matrix/cas_server.php/login --auth_header=true ynh_permission_update --permission=main --label="Synapse server SSO authentication" --show_tile=false --protected=true -ynh_permission_create --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ - --label="Server access for client apps." --show_tile=false \ +ynh_permission_create --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \ + --label="Server access for client apps." --show_tile=false --allowed=visitors \ --auth_header=false --protected=true #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index eb74264..69c02d8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -403,15 +403,16 @@ ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login ynh_permission_update --permission=main --label="Synapse server SSO authentication" --show_tile=false --protected=true if !ynh_permission_exists --permission=server_api; then - ynh_permission_create --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ - --label="Server access for client apps." --show_tile=false \ + ynh_permission_create --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \ + --label="Server access for client apps." --show_tile=false --allowed=visitors \ --auth_header=false --protected=true python3 remove_sso_conf_persistent.py $domain $server_name \ || ynh_print_warn --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually." else - ynh_permission_update --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ - --label="Server access for client apps." --show_tile=false \ - --auth_header=false --protected=true + ynh_permission_url --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \ + --auth_header=false + ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ + --protected=true fi #=================================================