diff --git a/README.md b/README.md index 56da4f4..6c4d888 100644 --- a/README.md +++ b/README.md @@ -28,8 +28,11 @@ Wekan is an open-source kanban board (task manager and organizer) ## Configuration -As LDAP authentification is enable by default, wekan admins are the members of the YunoHost LDAP admin group. -To add an account in the YunoHost, you must first install [phpLDAPadmin](https://github.com/YunoHost-Apps/phpldapadmin_ynh) , connect to the interface and in the left panel go on `dc=yunohost,dc=org`, `ou=groups`, `cn=admins`. In the right panel, in the memberUid category, click on modify group members, add the account in the group, save changes and update object +As LDAP authentification is enabled by default, wekan admins correspond to the permission `Wekan Admin`. The user you choose during installation is member of this group. +To add an admin account, you can: + +- [with the webadmin] go to Users > Groups and permissions > Add the user to the permission `Wekan Admin` +- [or with the command line] `yunohost user permission update wekan.admin -a the_user_to_add` If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel. diff --git a/check_process b/check_process index 8a7cdfd..1919bb5 100644 --- a/check_process +++ b/check_process @@ -2,6 +2,7 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) + admin="john" (USER) is_public=1 (PUBLIC|public=1|private=0) ; Checks pkg_linter=1 diff --git a/conf/.env b/conf/.env index 93772ad..1f8a66a 100644 --- a/conf/.env +++ b/conf/.env @@ -322,7 +322,7 @@ LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid # LDAP_GROUP_FILTER_GROUP_NAME : # example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user #LDAP_GROUP_FILTER_GROUP_NAME= -LDAP_GROUP_FILTER_GROUP_NAME=sftpusers +LDAP_GROUP_FILTER_GROUP_NAME=__APP__.main # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid #LDAP_UNIQUE_IDENTIFIER_FIELD= @@ -370,7 +370,7 @@ LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"} # LDAP_SYNC_GROUP_ROLES : # example : #LDAP_SYNC_GROUP_ROLES= -LDAP_SYNC_GROUP_ROLES=admins +LDAP_SYNC_GROUP_ROLES=__APP__.admin # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #LDAP_DEFAULT_DOMAIN= @@ -379,7 +379,7 @@ LDAP_SYNC_GROUP_ROLES=admins LDAP_SYNC_ADMIN_STATUS=true # Comma separated list of admin group names to sync. #LDAP_SYNC_ADMIN_GROUPS=group1,group2 -LDAP_SYNC_ADMIN_GROUPS=admins +LDAP_SYNC_ADMIN_GROUPS=__APP__.admin #--------------------------------------------------------------------- # Login to LDAP automatically with HTTP header. # In below example for siteminder, at right side of = is header name. diff --git a/manifest.json b/manifest.json index 531800e..d139062 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Trello-like kanban", "fr": "Un kanban similaire à Trello" }, - "version": "3.79~ynh1", + "version": "3.79~ynh2", "url": "https://wekan.io", "license": "MIT", "maintainer": [ @@ -19,7 +19,7 @@ "name": "ljf" }], "requirements": { - "yunohost": ">= 3.5" + "yunohost": ">= 3.7" }, "multi_instance": true, "services": [ @@ -46,6 +46,15 @@ "example": "/wekan", "default": "/wekan" }, + { + "name": "admin", + "type": "user", + "ask": { + "en": "Choose an admin user", + "fr": "Choisissez l’administrateur" + }, + "example": "johndoe" + }, { "name": "is_public", "type": "boolean", diff --git a/scripts/install b/scripts/install index 347ac42..a02a7dd 100755 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,7 @@ ynh_print_info --message="Retrieving arguments from the manifest..." domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME @@ -150,6 +151,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file" ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file" #================================================= # STORE THE CONFIG FILE CHECKSUM @@ -196,11 +198,12 @@ fi #================================================= ynh_print_info --message="Configuring SSOwat..." +ynh_permission_create --permission="admin" --allowed "$admin" + # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission "main" --add "visitors" fi #================================================= diff --git a/scripts/remove b/scripts/remove index f29331b..5211c21 100755 --- a/scripts/remove +++ b/scripts/remove @@ -61,6 +61,12 @@ ynh_print_info --message="Removing dependencies..." ynh_remove_app_dependencies ynh_remove_nodejs +# Only remove the mongodb service if it is not installed. +if ! ynh_package_is_installed --package="mongodb" +then + yunohost service remove mongodb +fi + #================================================= # REMOVE APP MAIN DIR #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 1119fca..5853ab2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,7 +21,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) port=$(ynh_app_setting_get --app=$app --key=port) @@ -119,6 +118,24 @@ if ynh_version_gt "2.56~ynh1" "${previous_version}" ; then touch $config_file fi +# Create the permission "admin" only if it doesn't exist. +if ! ynh_permission_exists --permission="admin" +then + ynh_print_info --message="Upgrading Permission configuration..." + + ynh_app_setting_delete --app=$app --key=unprotected_uris + + is_public=$(ynh_app_setting_get --app=$app --key=is_public) + + if [ $is_public -eq 1 ]; then + ynh_permission_update --permission "main" --add "visitors" + fi + + ynh_app_setting_delete --app=$app --key=is_public + + ynh_permission_create --permission="admin" +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -194,6 +211,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file" ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file" ynh_store_file_checksum "$config_file" #================================================= @@ -218,18 +236,6 @@ chown -R $app: "$final_path" chmod -R 640 "$final_path" find "$final_path" -type d -print0 | xargs -0 chmod 750 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_print_info --message="Upgrading SSOwat configuration..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # START SYSTEMD SERVICE #=================================================