diff --git a/scripts/install b/scripts/install index b0d5145..bc1d78d 100644 --- a/scripts/install +++ b/scripts/install @@ -170,6 +170,11 @@ then ynh_permission_update --permission="main" --add="visitors" fi +# Everyone can access the API part +# We don't want to display the tile in the SSO so we put --show_tile="false" +# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" +ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 18d8108..c93cb9b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -77,6 +77,11 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +fi + # Do not remove the file before the backup, to not fail the backup. # Remove old cron job ynh_secure_remove --file="/etc/cron.d/$app"