From 8ae43e91e7e634b3a8e8f59d8256a4e2fd5aac00 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Tue, 10 Nov 2020 09:11:27 +0100
Subject: [PATCH] Set new permissions

---
 scripts/install | 31 +++++++++++++------------------
 scripts/remove  |  2 +-
 scripts/restore |  8 ++++----
 scripts/upgrade | 15 +--------------
 4 files changed, 19 insertions(+), 37 deletions(-)

diff --git a/scripts/install b/scripts/install
index 1af7330..f2b4583 100755
--- a/scripts/install
+++ b/scripts/install
@@ -37,8 +37,6 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 ynh_script_progression --message="Validating installation parameters..."
 
-### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
-### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
 final_path=/var/www/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
 
@@ -84,7 +82,7 @@ ynh_setup_source --dest_dir="$final_path"
 #=================================================
 ynh_script_progression --message="Configuring NGINX web server..."
 
-# Create a dedicated nginx config
+# Create a dedicated NGINX config
 ynh_add_nginx_config
 
 #=================================================
@@ -100,7 +98,7 @@ ynh_system_user_create --username=$app
 #=================================================
 ynh_script_progression --message="Configuring PHP-FPM..." 
 
-# Create a dedicated php-fpm config
+# Create a dedicated PHP-FPM config
 ynh_add_fpm_config
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
@@ -109,9 +107,9 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 #=================================================
 
 # Adding the details of the database to the config file
-ynh_replace_string "__dbuser__" "$db_name"  "../conf/config.ini.php"
-ynh_replace_string "__dbpass__" "$db_pwd"   "../conf/config.ini.php"
-ynh_replace_string "__dbname__" "$db_name"  "../conf/config.ini.php"
+ynh_replace_string --match_string="__dbuser__" --replace_string="$db_name" --target_file="../conf/config.ini.php"
+ynh_replace_string --match_string="__dbpass__" --replace_string="$db_pwd"  --target_file="../conf/config.ini.php"
+ynh_replace_string --match_string="__dbname__" --replace_string="$db_name" --target_file="../conf/config.ini.php"
 
 # Copy the config file to the final path
 cp ../conf/config.ini.php $final_path/data/.
@@ -120,10 +118,10 @@ cp ../conf/config.ini.php $final_path/data/.
 ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "../conf/sql/webtrees.sql"
 
 # Replace variables in sql scripts
-ynh_replace_string "__USER_NAME__"  "$admin_username" "../conf/sql/admin.sql"
-ynh_replace_string "__NAME__"       "$admin_name"     "../conf/sql/admin.sql"
-ynh_replace_string "__USER_EMAIL__" "$admin_email"    "../conf/sql/admin.sql"
-ynh_replace_string "__PASSWORD__"   "$admin_password" "../conf/sql/admin.sql"
+ynh_replace_string --match_string="__USER_NAME__"  --replace_string="$admin_username" --target_file="../conf/sql/admin.sql"
+ynh_replace_string --match_string="__NAME__"       --replace_string="$admin_name"     --target_file="../conf/sql/admin.sql"
+ynh_replace_string --match_string="__USER_EMAIL__" --replace_string="$admin_email"    --target_file="../conf/sql/admin.sql"
+ynh_replace_string --match_string="__PASSWORD__"   --replace_string="$admin_password" --target_file="../conf/sql/admin.sql"
 
 ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "../conf/sql/admin.sql"
 
@@ -140,10 +138,6 @@ ynh_store_file_checksum --file="$final_path/data/config.ini.php"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-### For security reason, any app should set the permissions to root: before anything else.
-### Then, if write authorization is needed, any access should be given only to directories
-### that really need such authorization.
-
 # Set permissions to app files
 chown -R $app: $final_path
 chmod -R 700 $final_path/data
@@ -153,11 +147,12 @@ chmod -R 700 $final_path/data
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."
 
-# Make app public if necessary
+# Make app public if necessary or protect it
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission "main" --add "visitors"
 fi
 
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index 30d3685..1384dc6 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -76,4 +76,4 @@ ynh_system_user_delete --username=$app
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Removal of $app completed"
+ynh_script_progression --message="Removal of Webtrees completed"
diff --git a/scripts/restore b/scripts/restore
index 50542e6..2d85b23 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -23,10 +23,10 @@ ynh_script_progression --message="Loading settings..."
 app=$YNH_APP_INSTANCE_NAME
 
 # Retrieve old app settings
-domain=$(ynh_app_setting_get "$app" domain)
-path_url=$(ynh_app_setting_get "$app" path)
-final_path=$(ynh_app_setting_get $app final_path)
-db_name=$(ynh_app_setting_get $app db_name)
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+path_url=$(ynh_app_setting_get --app=$app --key=path)
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index c611935..996197f 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -132,18 +132,6 @@ ynh_store_file_checksum "$final_path/data/config.ini.php"
 chown -R $app: $final_path
 chmod -R 700 $final_path/data
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set $app unprotected_uris "/"
-fi
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -157,5 +145,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Upgrade of $app completed" --last
-
+ynh_script_progression --message="Upgrade of Webtrees completed" --last