diff --git a/scripts/_common.sh b/scripts/_common.sh index bb292b5..f58d4bf 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,23 @@ #================================================= # dependencies used by the app -pkg_dependencies="php-cli php-mysql php-json php-gd php-tidy php-curl php-gettext php-redis php-imagick" +pkg_dependencies="php$YNH_DEFAULT_PHP_VERSION-cli php$YNH_DEFAULT_PHP_VERSION-mysql php$YNH_DEFAULT_PHP_VERSION-json php$YNH_DEFAULT_PHP_VERSION-gd php$YNH_DEFAULT_PHP_VERSION-tidy php$YNH_DEFAULT_PHP_VERSION-curl php$YNH_DEFAULT_PHP_VERSION-gettext php$YNH_DEFAULT_PHP_VERSION-redis" + +#================================================= +# PERSONAL HELPERS +#================================================= + +function set_permissions { + # Set permissions to app files + chown -R $app:www-data $final_path + chmod -R g=u,g-w,o-rwx $final_path + + # Restrict rights to Wallabag user only + chmod 600 $wb_conf + if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then + chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php + fi +} #================================================= # EXPERIMENTAL HELPERS diff --git a/scripts/change_url b/scripts/change_url index 58ea780..b49b957 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -8,6 +8,7 @@ source _common.sh source /usr/share/yunohost/helpers +ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS diff --git a/scripts/install b/scripts/install index 3393eb0..ab4ea3c 100644 --- a/scripts/install +++ b/scripts/install @@ -157,12 +157,7 @@ ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex= # SECURE FILES AND DIRECTORIES #================================================= -# Restrict rights to Wallabag user only -chmod 600 $wb_conf - -# Set permissions to app files -chown -R $app: $final_path -chmod 755 $final_path +set_permissions #================================================= # SETUP HOOKS @@ -175,9 +170,7 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." - -# Set SSOwat rules -ynh_app_setting_set $app unprotected_uris "/" +ynh_permission_update --permission="main" --add="visitors" #================================================= # RELOAD NGINX diff --git a/scripts/restore b/scripts/restore index ec62624..1654db7 100644 --- a/scripts/restore +++ b/scripts/restore @@ -66,8 +66,9 @@ ynh_system_user_create --username=$app # RESTORE USER RIGHTS #================================================= -# Restore permissions on app files -chown -R $app: $final_path +wb_conf=$final_path/app/config/parameters.yml + +set_permissions #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index b8f4eb1..779a2dc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -68,6 +68,16 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# Migrate legacy permissions to new system +#================================================= +if ynh_legacy_permissions_exists +then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # CHECK THE PATH #================================================= @@ -187,12 +197,7 @@ fi # SECURE FILES AND DIRECTORIES #================================================= -# Restrict rights to Wallabag user only -chmod 600 $wb_conf - -# Set permissions to app files -chown -R $app: $final_path -chmod 755 $final_path +set_permissions #================================================= # SETUP HOOKS