From 7f343146864da3658634745c3518546d6c1c1489 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 1 Apr 2020 16:01:52 +0200 Subject: [PATCH 1/9] fix ldap --- README.md | 7 +++++-- conf/.env | 4 ++-- manifest.json | 2 +- scripts/install | 4 ++-- scripts/upgrade | 32 +++++++++++++++++++------------- 5 files changed, 29 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 56da4f4..e09439f 100644 --- a/README.md +++ b/README.md @@ -28,8 +28,11 @@ Wekan is an open-source kanban board (task manager and organizer) ## Configuration -As LDAP authentification is enable by default, wekan admins are the members of the YunoHost LDAP admin group. -To add an account in the YunoHost, you must first install [phpLDAPadmin](https://github.com/YunoHost-Apps/phpldapadmin_ynh) , connect to the interface and in the left panel go on `dc=yunohost,dc=org`, `ou=groups`, `cn=admins`. In the right panel, in the memberUid category, click on modify group members, add the account in the group, save changes and update object +As LDAP authentification is enable by default, wekan admins are the members of the group `Wekan Admin`. +To add an admin account, you must: + +- go to the webadmin and add the specific user to the permission `Wekan Admin` +- use the command: `yunohost user permission update wekan.admin -a the_user_to_add` If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel. diff --git a/conf/.env b/conf/.env index 93772ad..957f134 100644 --- a/conf/.env +++ b/conf/.env @@ -322,7 +322,7 @@ LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid # LDAP_GROUP_FILTER_GROUP_NAME : # example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user #LDAP_GROUP_FILTER_GROUP_NAME= -LDAP_GROUP_FILTER_GROUP_NAME=sftpusers +LDAP_GROUP_FILTER_GROUP_NAME=permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid #LDAP_UNIQUE_IDENTIFIER_FIELD= @@ -370,7 +370,7 @@ LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"} # LDAP_SYNC_GROUP_ROLES : # example : #LDAP_SYNC_GROUP_ROLES= -LDAP_SYNC_GROUP_ROLES=admins +LDAP_SYNC_GROUP_ROLES=permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #LDAP_DEFAULT_DOMAIN= diff --git a/manifest.json b/manifest.json index 531800e..328a406 100644 --- a/manifest.json +++ b/manifest.json @@ -19,7 +19,7 @@ "name": "ljf" }], "requirements": { - "yunohost": ">= 3.5" + "yunohost": ">= 3.7" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index 347ac42..c5d25a9 100755 --- a/scripts/install +++ b/scripts/install @@ -150,6 +150,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file" ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file" #================================================= # STORE THE CONFIG FILE CHECKSUM @@ -199,8 +200,7 @@ ynh_print_info --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission "main" --add "visitors" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 1119fca..5853ab2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,7 +21,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) port=$(ynh_app_setting_get --app=$app --key=port) @@ -119,6 +118,24 @@ if ynh_version_gt "2.56~ynh1" "${previous_version}" ; then touch $config_file fi +# Create the permission "admin" only if it doesn't exist. +if ! ynh_permission_exists --permission="admin" +then + ynh_print_info --message="Upgrading Permission configuration..." + + ynh_app_setting_delete --app=$app --key=unprotected_uris + + is_public=$(ynh_app_setting_get --app=$app --key=is_public) + + if [ $is_public -eq 1 ]; then + ynh_permission_update --permission "main" --add "visitors" + fi + + ynh_app_setting_delete --app=$app --key=is_public + + ynh_permission_create --permission="admin" +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -194,6 +211,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file" ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file" ynh_store_file_checksum "$config_file" #================================================= @@ -218,18 +236,6 @@ chown -R $app: "$final_path" chmod -R 640 "$final_path" find "$final_path" -type d -print0 | xargs -0 chmod 750 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_print_info --message="Upgrading SSOwat configuration..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # START SYSTEMD SERVICE #================================================= From 1a1d1887e05becc1af02e0c63ba694cd30bc7cae Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 1 Apr 2020 16:08:57 +0200 Subject: [PATCH 2/9] Remove warning on remove wekan --- scripts/remove | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/remove b/scripts/remove index f29331b..005222b 100755 --- a/scripts/remove +++ b/scripts/remove @@ -61,6 +61,11 @@ ynh_print_info --message="Removing dependencies..." ynh_remove_app_dependencies ynh_remove_nodejs +# Only remove the mongodb service if it is not installed. +if ! ynh_package_is_installed --package="mongodb" + yunohost service remove mongodb +fi + #================================================= # REMOVE APP MAIN DIR #================================================= From 8b71728e9ac70e3479a8d46f55085be2bcb62b37 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 1 Apr 2020 16:13:32 +0200 Subject: [PATCH 3/9] create the admin permission --- scripts/install | 2 ++ scripts/remove | 1 + 2 files changed, 3 insertions(+) diff --git a/scripts/install b/scripts/install index c5d25a9..f7dafd1 100755 --- a/scripts/install +++ b/scripts/install @@ -197,6 +197,8 @@ fi #================================================= ynh_print_info --message="Configuring SSOwat..." +ynh_permission_create --permission="admin" + # Make app public if necessary if [ $is_public -eq 1 ] then diff --git a/scripts/remove b/scripts/remove index 005222b..5211c21 100755 --- a/scripts/remove +++ b/scripts/remove @@ -63,6 +63,7 @@ ynh_remove_nodejs # Only remove the mongodb service if it is not installed. if ! ynh_package_is_installed --package="mongodb" +then yunohost service remove mongodb fi From e4395e2dedbc92e4f0d246dbbeecbf5f73243acd Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 1 Apr 2020 16:30:41 +0200 Subject: [PATCH 4/9] fix groups --- conf/.env | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/.env b/conf/.env index 957f134..1f8a66a 100644 --- a/conf/.env +++ b/conf/.env @@ -322,7 +322,7 @@ LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid # LDAP_GROUP_FILTER_GROUP_NAME : # example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user #LDAP_GROUP_FILTER_GROUP_NAME= -LDAP_GROUP_FILTER_GROUP_NAME=permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org +LDAP_GROUP_FILTER_GROUP_NAME=__APP__.main # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid #LDAP_UNIQUE_IDENTIFIER_FIELD= @@ -370,7 +370,7 @@ LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"} # LDAP_SYNC_GROUP_ROLES : # example : #LDAP_SYNC_GROUP_ROLES= -LDAP_SYNC_GROUP_ROLES=permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org +LDAP_SYNC_GROUP_ROLES=__APP__.admin # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #LDAP_DEFAULT_DOMAIN= @@ -379,7 +379,7 @@ LDAP_SYNC_GROUP_ROLES=permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=o LDAP_SYNC_ADMIN_STATUS=true # Comma separated list of admin group names to sync. #LDAP_SYNC_ADMIN_GROUPS=group1,group2 -LDAP_SYNC_ADMIN_GROUPS=admins +LDAP_SYNC_ADMIN_GROUPS=__APP__.admin #--------------------------------------------------------------------- # Login to LDAP automatically with HTTP header. # In below example for siteminder, at right side of = is header name. From d66c94e0284a6e29c39536f5b5004120b11bf972 Mon Sep 17 00:00:00 2001 From: Kayou Date: Wed, 1 Apr 2020 16:57:38 +0200 Subject: [PATCH 5/9] Update README.md Co-Authored-By: Alexandre Aubin --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e09439f..f8fcdd8 100644 --- a/README.md +++ b/README.md @@ -28,11 +28,10 @@ Wekan is an open-source kanban board (task manager and organizer) ## Configuration -As LDAP authentification is enable by default, wekan admins are the members of the group `Wekan Admin`. -To add an admin account, you must: +As LDAP authentification is enabled by default, wekan admins correspond to the permission `Wekan Admin`. To add an admin account, you can: -- go to the webadmin and add the specific user to the permission `Wekan Admin` -- use the command: `yunohost user permission update wekan.admin -a the_user_to_add` +- [with the webadmin] go to Users > Groups and permissions > Add the user to the permission `Wekan Admin` +- [or with the command line] `yunohost user permission update wekan.admin -a the_user_to_add` If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel. From d70965a5e81d73813d1a761f5e3e0a00f11ef772 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 1 Apr 2020 17:49:20 +0200 Subject: [PATCH 6/9] Add admin creation during install --- README.md | 3 ++- check_process | 1 + manifest.json | 9 +++++++++ scripts/install | 3 +++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f8fcdd8..6c4d888 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,8 @@ Wekan is an open-source kanban board (task manager and organizer) ## Configuration -As LDAP authentification is enabled by default, wekan admins correspond to the permission `Wekan Admin`. To add an admin account, you can: +As LDAP authentification is enabled by default, wekan admins correspond to the permission `Wekan Admin`. The user you choose during installation is member of this group. +To add an admin account, you can: - [with the webadmin] go to Users > Groups and permissions > Add the user to the permission `Wekan Admin` - [or with the command line] `yunohost user permission update wekan.admin -a the_user_to_add` diff --git a/check_process b/check_process index 8a7cdfd..1919bb5 100644 --- a/check_process +++ b/check_process @@ -2,6 +2,7 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) + admin="john" (USER) is_public=1 (PUBLIC|public=1|private=0) ; Checks pkg_linter=1 diff --git a/manifest.json b/manifest.json index 328a406..602a836 100644 --- a/manifest.json +++ b/manifest.json @@ -46,6 +46,15 @@ "example": "/wekan", "default": "/wekan" }, + { + "name": "admin", + "type": "user", + "ask": { + "en": "Choose an admin user", + "fr": "Choisissez l’administrateur" + }, + "example": "johndoe" + }, { "name": "is_public", "type": "boolean", diff --git a/scripts/install b/scripts/install index f7dafd1..68792c0 100755 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,7 @@ ynh_print_info --message="Retrieving arguments from the manifest..." domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME @@ -199,6 +200,8 @@ ynh_print_info --message="Configuring SSOwat..." ynh_permission_create --permission="admin" +yunohost user permission update $app.admin --add $admin + # Make app public if necessary if [ $is_public -eq 1 ] then From 9dc0525a37ecda513565b7616a44d6a25fbb1630 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 1 Apr 2020 18:13:46 +0200 Subject: [PATCH 7/9] Update scripts/install Co-Authored-By: Alexandre Aubin --- scripts/install | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 68792c0..a02a7dd 100755 --- a/scripts/install +++ b/scripts/install @@ -198,9 +198,7 @@ fi #================================================= ynh_print_info --message="Configuring SSOwat..." -ynh_permission_create --permission="admin" - -yunohost user permission update $app.admin --add $admin +ynh_permission_create --permission="admin" --allowed "$admin" # Make app public if necessary if [ $is_public -eq 1 ] From 09f5587cf6d3d1c1da80bda52a8a0ed2f275cabc Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 1 Apr 2020 19:46:42 +0200 Subject: [PATCH 8/9] increase version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 602a836..d139062 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Trello-like kanban", "fr": "Un kanban similaire à Trello" }, - "version": "3.79~ynh1", + "version": "3.79~ynh2", "url": "https://wekan.io", "license": "MIT", "maintainer": [ From 9cfbac116f4b12ffd9b7b5e719e1fbfa8f24b47a Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 5 Apr 2020 01:52:08 +0200 Subject: [PATCH 9/9] Adding informations --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 6c4d888..5bf1c8b 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,8 @@ To add an admin account, you can: - [with the webadmin] go to Users > Groups and permissions > Add the user to the permission `Wekan Admin` - [or with the command line] `yunohost user permission update wekan.admin -a the_user_to_add` +All others YunhoHost user can access with LDAP authentication. + If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel. **Private/Public mode:** In private mode, only authorized YunoHost members can access to the wekan.