fix ldap

README.md

@@ -28,8 +28,11 @@ Wekan is an open-source kanban board (task manager and organizer)
 
 ## Configuration
 
-As LDAP authentification is enable by default, wekan admins are the members of the YunoHost LDAP admin group.
-To add an account in the YunoHost, you must first install [phpLDAPadmin](https://github.com/YunoHost-Apps/phpldapadmin_ynh) , connect to the interface and in the left panel go on `dc=yunohost,dc=org`, `ou=groups`, `cn=admins`. In the right panel, in the memberUid category, click on modify group members, add the account in the group, save changes and update object
+As LDAP authentification is enable by default, wekan admins are the members of the group `Wekan Admin`.
+To add an admin account, you must:
+
+- go to the webadmin and add the specific user to the permission `Wekan Admin`
+- use the command: `yunohost user permission update wekan.admin -a the_user_to_add`
 
 If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel.
 

conf/.env

@@ -322,7 +322,7 @@ LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid
 # LDAP_GROUP_FILTER_GROUP_NAME :
 # example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user
 #LDAP_GROUP_FILTER_GROUP_NAME=
-LDAP_GROUP_FILTER_GROUP_NAME=sftpusers
+LDAP_GROUP_FILTER_GROUP_NAME=permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org
 # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
 # example :  LDAP_UNIQUE_IDENTIFIER_FIELD=guid
 #LDAP_UNIQUE_IDENTIFIER_FIELD=
@@ -370,7 +370,7 @@ LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"}
 # LDAP_SYNC_GROUP_ROLES :
 # example :
 #LDAP_SYNC_GROUP_ROLES=
-LDAP_SYNC_GROUP_ROLES=admins
+LDAP_SYNC_GROUP_ROLES=permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org
 # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
 # example :
 #LDAP_DEFAULT_DOMAIN=

manifest.json

@@ -19,7 +19,7 @@
             "name": "ljf"
     }],
     "requirements": {
-        "yunohost": ">= 3.5"
+        "yunohost": ">= 3.7"
     },
     "multi_instance": true,
     "services": [

scripts/install

@@ -150,6 +150,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file"
 ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file"
 ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file"
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file"
 
 #=================================================
 # STORE THE CONFIG FILE CHECKSUM
@@ -199,8 +200,7 @@ ynh_print_info --message="Configuring SSOwat..."
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	ynh_permission_update --permission "main" --add "visitors"
 fi
 
 #=================================================

scripts/upgrade

@@ -21,7 +21,6 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 port=$(ynh_app_setting_get --app=$app --key=port)
@@ -119,6 +118,24 @@ if ynh_version_gt "2.56~ynh1" "${previous_version}" ; then
     touch $config_file
 fi
 
+# Create the permission "admin" only if it doesn't exist.
+if ! ynh_permission_exists --permission="admin"
+then
+  ynh_print_info --message="Upgrading Permission configuration..."
+
+	ynh_app_setting_delete --app=$app --key=unprotected_uris
+
+  is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+
+  if [ $is_public -eq 1 ]; then
+    ynh_permission_update --permission "main" --add "visitors"
+  fi
+
+	ynh_app_setting_delete --app=$app --key=is_public
+
+  ynh_permission_create --permission="admin"
+fi
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -194,6 +211,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file"
 ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file"
 ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file"
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file"
 ynh_store_file_checksum "$config_file"
 
 #=================================================
@@ -218,18 +236,6 @@ chown -R $app: "$final_path"
 chmod -R 640 "$final_path"
 find "$final_path" -type d -print0 | xargs -0 chmod 750
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_print_info --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================