diff --git a/manifest.json b/manifest.json index fbf89e7..46ebbb9 100644 --- a/manifest.json +++ b/manifest.json @@ -13,7 +13,7 @@ "name": "yalh76" }, "requirements": { - "yunohost": ">= 3.8.4.8" + "yunohost": ">= 4.1.3" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index 60a3bde..5dfa2ee 100644 --- a/scripts/install +++ b/scripts/install @@ -53,7 +53,6 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token #================================================= @@ -221,10 +220,12 @@ ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=skipped_uris --value="/" + ynh_permission_update --permission="main" --add="visitors" fi +ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false" + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 9aa61c1..48cfb5a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) admin_token=$(ynh_app_setting_get --app=$app --key=admin_token) @@ -33,6 +32,27 @@ ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +fi + +if ! ynh_permission_exists --permission="admin"; then + ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false" +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -209,18 +229,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=skipped_uris --value="/" -fi - #================================================= # RELOAD NGINX #=================================================