From e7abd276e3e6e87178a127f75fd6ade21e0f44c1 Mon Sep 17 00:00:00 2001
From: Yunohost-Bot <>
Date: Mon, 15 Mar 2021 00:23:05 +0100
Subject: [PATCH 1/5] [autopatch] Missing ynh_abort_if_errors in change_url
 scripts

---
 scripts/change_url | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/change_url b/scripts/change_url
index d26bf9f..7db3313 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -8,6 +8,7 @@
 
 source _common.sh
 source /usr/share/yunohost/helpers
+ynh_abort_if_errors
 
 #=================================================
 # RETRIEVE ARGUMENTS

From b21f9406f671cf5c7cbe52a05cf52e8146376f92 Mon Sep 17 00:00:00 2001
From: Yunohost-Bot <>
Date: Mon, 15 Mar 2021 00:27:47 +0100
Subject: [PATCH 2/5] [autopatch] Autopatch to migrate to new permission system

---
 scripts/install |  3 ++-
 scripts/upgrade | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/scripts/install b/scripts/install
index 1005880..692bddf 100644
--- a/scripts/install
+++ b/scripts/install
@@ -178,9 +178,10 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."
+ynh_permission_update --permission="main" --add="visitors"
 
 # Set SSOwat rules
-ynh_app_setting_set $app unprotected_uris "/"
+
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/upgrade b/scripts/upgrade
index baa15cf..1170198 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -68,6 +68,16 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
+#=================================================
+# Migrate legacy permissions to new system
+#=================================================
+if ynh_legacy_permissions_exists
+then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 #=================================================
 # CHECK THE PATH
 #=================================================

From e563ac322646d327b651e038705c18b8250bcf0d Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 6 Apr 2021 14:44:43 +0200
Subject: [PATCH 3/5] Remove stale comment

---
 scripts/install | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/scripts/install b/scripts/install
index 692bddf..375add7 100644
--- a/scripts/install
+++ b/scripts/install
@@ -180,9 +180,6 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
 ynh_script_progression --message="Configuring SSOwat..."
 ynh_permission_update --permission="main" --add="visitors"
 
-# Set SSOwat rules
-
-
 #=================================================
 # RELOAD NGINX
 #=================================================

From 0be55edf0db3c46b2bd7519939c6125ec7358a3c Mon Sep 17 00:00:00 2001
From: Jules-Bertholet <jules.bertholet@gmail.com>
Date: Thu, 8 Apr 2021 16:59:54 -0400
Subject: [PATCH 4/5] Tighten permissions (#99)

* Tighten permissions

* Check for existence of cache file before chmoding it
---
 scripts/_common.sh | 16 ++++++++++++++++
 scripts/install    |  7 +------
 scripts/restore    |  5 +++--
 scripts/upgrade    |  7 +------
 4 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index ab8759c..bf96bab 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -7,6 +7,22 @@
 # dependencies used by the app
 pkg_dependencies="php-cli php-mysql php-json php-gd php-tidy php-curl php-gettext php-redis"
 
+#=================================================
+# PERSONAL HELPERS
+#=================================================
+
+function set_permissions {
+  # Set permissions to app files
+  chown -R $app:www-data $final_path
+  chmod -R g=u,g-w,o-rwx $final_path
+
+  # Restrict rights to Wallabag user only
+  chmod 600 $wb_conf
+  if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
+    chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
+  fi
+}
+
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
diff --git a/scripts/install b/scripts/install
index 375add7..8867d0f 100644
--- a/scripts/install
+++ b/scripts/install
@@ -160,12 +160,7 @@ ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex=
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Restrict rights to Wallabag user only
-chmod 600 $wb_conf
-
-# Set permissions to app files
-chown -R $app: $final_path
-chmod 755 $final_path
+set_permissions
 
 #=================================================
 # SETUP HOOKS
diff --git a/scripts/restore b/scripts/restore
index ec62624..1654db7 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -66,8 +66,9 @@ ynh_system_user_create --username=$app
 # RESTORE USER RIGHTS
 #=================================================
 
-# Restore permissions on app files
-chown -R $app: $final_path
+wb_conf=$final_path/app/config/parameters.yml
+
+set_permissions
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 1170198..94bc0d9 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -191,12 +191,7 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Restrict rights to Wallabag user only
-chmod 600 $wb_conf
-
-# Set permissions to app files
-chown -R $app: $final_path
-chmod 755 $final_path
+set_permissions
 
 #=================================================
 # SETUP HOOKS

From d87c241cfa5637e30e2427a2ec3a157c18d121c8 Mon Sep 17 00:00:00 2001
From: Jules-Bertholet <jules.bertholet@gmail.com>
Date: Thu, 8 Apr 2021 17:01:03 -0400
Subject: [PATCH 5/5] Install PHP packages of YNH_PHP_VERSION (#100)

Quash the last package_check warning
---
 scripts/_common.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index bf96bab..f58d4bf 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -5,7 +5,7 @@
 #=================================================
 
 # dependencies used by the app
-pkg_dependencies="php-cli php-mysql php-json php-gd php-tidy php-curl php-gettext php-redis"
+pkg_dependencies="php$YNH_DEFAULT_PHP_VERSION-cli php$YNH_DEFAULT_PHP_VERSION-mysql php$YNH_DEFAULT_PHP_VERSION-json php$YNH_DEFAULT_PHP_VERSION-gd php$YNH_DEFAULT_PHP_VERSION-tidy php$YNH_DEFAULT_PHP_VERSION-curl php$YNH_DEFAULT_PHP_VERSION-gettext php$YNH_DEFAULT_PHP_VERSION-redis"
 
 #=================================================
 # PERSONAL HELPERS