From 4d56e8bf53003bb52b88c392e1a9a3e8affe1a60 Mon Sep 17 00:00:00 2001
From: Kay0u <pierre@kayou.io>
Date: Tue, 12 Jan 2021 12:31:23 +0100
Subject: [PATCH 1/4] use new permission system

---
 manifest.json   |  2 +-
 scripts/install |  7 ++++---
 scripts/upgrade | 34 +++++++++++++++++++++-------------
 3 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/manifest.json b/manifest.json
index ec7163d..225c9c4 100644
--- a/manifest.json
+++ b/manifest.json
@@ -13,7 +13,7 @@
         "name": "yalh76"
     },
     "requirements": {
-        "yunohost": ">= 3.8.4.8"
+        "yunohost": ">= 4.1.3"
     },
     "multi_instance": true,
     "services": [
diff --git a/scripts/install b/scripts/install
index 60a3bde..5dfa2ee 100644
--- a/scripts/install
+++ b/scripts/install
@@ -53,7 +53,6 @@ ynh_script_progression --message="Storing installation settings..."
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token
 
 #=================================================
@@ -221,10 +220,12 @@ ynh_script_progression --message="Configuring SSOwat..."
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
+	ynh_permission_update --permission="main" --add="visitors"
 fi
 
+ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
+ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
+
 #=================================================
 # RELOAD NGINX
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 9aa61c1..48cfb5a 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 
 admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
@@ -33,6 +32,27 @@ ynh_script_progression --message="Checking version..."
 
 upgrade_type=$(ynh_check_app_version_changed)
 
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
+
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+# Create a permission if needed
+if ! ynh_permission_exists --permission="api"; then
+	ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
+fi
+
+if ! ynh_permission_exists --permission="admin"; then
+	ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -209,18 +229,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..."
 # Create a dedicated Fail2Ban config
 ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================

From d157b636f2f3d69ba9362fca54edda873a5e6b4a Mon Sep 17 00:00:00 2001
From: yalh76 <yalh@yahoo.com>
Date: Wed, 17 Feb 2021 09:38:29 +0100
Subject: [PATCH 2/4] Using ynh_script_progression --time should only be for
 calibrating the weight

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 48cfb5a..9882c9a 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -35,7 +35,7 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
-ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
+ynh_script_progression --message="Ensuring downward compatibility..."
 
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then

From 68d4c490e500cc4abca176f82ad6d2e7db555989 Mon Sep 17 00:00:00 2001
From: yalh76 <yalh@yahoo.com>
Date: Sun, 21 Feb 2021 06:38:40 +0100
Subject: [PATCH 3/4] remove not needed files

---
 scripts/install | 4 +++-
 scripts/upgrade | 8 ++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/scripts/install b/scripts/install
index 5dfa2ee..7d043c8 100644
--- a/scripts/install
+++ b/scripts/install
@@ -128,8 +128,10 @@ pushd "$final_path"/build
 	sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release
 popd
 
+read -p "key"
+
 # Install bitwarden_rs
-cp -a "$final_path"/build/target/release/. "$final_path"/live/.
+cp -a "$final_path"/build/target/release/bitwarden_rs "$final_path"/live/bitwarden_rs
 
 # Remove build files and rustup
 ynh_secure_remove --file="$final_path/build"
diff --git a/scripts/upgrade b/scripts/upgrade
index 9882c9a..d52d04d 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -140,12 +140,16 @@ then
 	popd
 
 	# Remove old generated files before copying the new ones
+	ynh_secure_remove --file="$final_path/live/.fingerprint"
 	ynh_secure_remove --file="$final_path/live/build"
 	ynh_secure_remove --file="$final_path/live/deps"
-	ynh_secure_remove --file="$final_path/live/.fingerprint"
+	ynh_secure_remove --file="$final_path/live/examples"
+	ynh_secure_remove --file="$final_path/live/incremental"
+	ynh_secure_remove --file="$final_path/live/.cargo-lock"
+	ynh_secure_remove --file="$final_path/live/bitwarden_rs.d"
 
 	# Install bitwarden_rs
-	cp -af "$final_path"/build/target/release/. "$final_path"/live/.
+	cp -af "$final_path"/build/target/release/bitwarden_rs "$final_path"/live/bitwarden_rs
 
 	# Remove build files and rustup
 	ynh_secure_remove --file="$final_path/build"

From 66e96c5f6c6f7a6f9716de50f83c22ab2a8bb710 Mon Sep 17 00:00:00 2001
From: yalh76 <yalh@yahoo.com>
Date: Sun, 21 Feb 2021 06:39:12 +0100
Subject: [PATCH 4/4] cleanup

---
 scripts/install | 2 --
 1 file changed, 2 deletions(-)

diff --git a/scripts/install b/scripts/install
index 7d043c8..0a257f3 100644
--- a/scripts/install
+++ b/scripts/install
@@ -128,8 +128,6 @@ pushd "$final_path"/build
 	sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release
 popd
 
-read -p "key"
-
 # Install bitwarden_rs
 cp -a "$final_path"/build/target/release/bitwarden_rs "$final_path"/live/bitwarden_rs