Merge pull request #82 from YunoHost-Apps/fix-ldap

Fix ldap

README.md

@@ -28,8 +28,11 @@ Wekan is an open-source kanban board (task manager and organizer)
 
 ## Configuration
 
-As LDAP authentification is enable by default, wekan admins are the members of the YunoHost LDAP admin group.
-To add an account in the YunoHost, you must first install [phpLDAPadmin](https://github.com/YunoHost-Apps/phpldapadmin_ynh) , connect to the interface and in the left panel go on `dc=yunohost,dc=org`, `ou=groups`, `cn=admins`. In the right panel, in the memberUid category, click on modify group members, add the account in the group, save changes and update object
+As LDAP authentification is enabled by default, wekan admins correspond to the permission `Wekan Admin`. The user you choose during installation is member of this group.
+To add an admin account, you can:
+
+- [with the webadmin] go to Users > Groups and permissions > Add the user to the permission `Wekan Admin`
+- [or with the command line] `yunohost user permission update wekan.admin -a the_user_to_add`
 
 If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel.
 

check_process

@@ -2,6 +2,7 @@
 	; Manifest
 		domain="domain.tld"	(DOMAIN)
 		path="/path"	(PATH)
+		admin="john"	(USER)
 		is_public=1	(PUBLIC|public=1|private=0)
 	; Checks
 		pkg_linter=1

conf/.env

@@ -322,7 +322,7 @@ LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid
 # LDAP_GROUP_FILTER_GROUP_NAME :
 # example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user
 #LDAP_GROUP_FILTER_GROUP_NAME=
-LDAP_GROUP_FILTER_GROUP_NAME=sftpusers
+LDAP_GROUP_FILTER_GROUP_NAME=__APP__.main
 # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
 # example :  LDAP_UNIQUE_IDENTIFIER_FIELD=guid
 #LDAP_UNIQUE_IDENTIFIER_FIELD=
@@ -370,7 +370,7 @@ LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"}
 # LDAP_SYNC_GROUP_ROLES :
 # example :
 #LDAP_SYNC_GROUP_ROLES=
-LDAP_SYNC_GROUP_ROLES=admins
+LDAP_SYNC_GROUP_ROLES=__APP__.admin
 # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
 # example :
 #LDAP_DEFAULT_DOMAIN=
@@ -379,7 +379,7 @@ LDAP_SYNC_GROUP_ROLES=admins
 LDAP_SYNC_ADMIN_STATUS=true
 # Comma separated list of admin group names to sync.
 #LDAP_SYNC_ADMIN_GROUPS=group1,group2
-LDAP_SYNC_ADMIN_GROUPS=admins
+LDAP_SYNC_ADMIN_GROUPS=__APP__.admin
 #---------------------------------------------------------------------
 # Login to LDAP automatically with HTTP header.
 # In below example for siteminder, at right side of = is header name.

manifest.json

@@ -6,7 +6,7 @@
         "en": "Trello-like kanban",
         "fr": "Un kanban similaire à Trello"
     },
-    "version": "3.79~ynh1",
+    "version": "3.79~ynh2",
     "url": "https://wekan.io",
     "license": "MIT",    
     "maintainer": [
@@ -19,7 +19,7 @@
             "name": "ljf"
     }],
     "requirements": {
-        "yunohost": ">= 3.5"
+        "yunohost": ">= 3.7"
     },
     "multi_instance": true,
     "services": [
@@ -46,6 +46,15 @@
                 "example": "/wekan",
                 "default": "/wekan"
             },
+            {
+                "name": "admin",
+                "type": "user",
+                "ask": {
+                    "en": "Choose an admin user",
+                    "fr": "Choisissez l’administrateur"
+                },
+                "example": "johndoe"
+            },
             {
                 "name": "is_public",
                 "type": "boolean",

scripts/install

@@ -29,6 +29,7 @@ ynh_print_info --message="Retrieving arguments from the manifest..."
 
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
+admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
 
 app=$YNH_APP_INSTANCE_NAME
@@ -150,6 +151,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file"
 ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file"
 ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file"
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file"
 
 #=================================================
 # STORE THE CONFIG FILE CHECKSUM
@@ -196,11 +198,12 @@ fi
 #=================================================
 ynh_print_info --message="Configuring SSOwat..."
 
+ynh_permission_create --permission="admin" --allowed "$admin"
+
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	ynh_permission_update --permission "main" --add "visitors"
 fi
 
 #=================================================

scripts/remove

@@ -61,6 +61,12 @@ ynh_print_info --message="Removing dependencies..."
 ynh_remove_app_dependencies
 ynh_remove_nodejs
 
+# Only remove the mongodb service if it is not installed.
+if ! ynh_package_is_installed --package="mongodb"
+then
+	yunohost service remove mongodb
+fi
+
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================

scripts/upgrade

@@ -21,7 +21,6 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 port=$(ynh_app_setting_get --app=$app --key=port)
@@ -119,6 +118,24 @@ if ynh_version_gt "2.56~ynh1" "${previous_version}" ; then
     touch $config_file
 fi
 
+# Create the permission "admin" only if it doesn't exist.
+if ! ynh_permission_exists --permission="admin"
+then
+  ynh_print_info --message="Upgrading Permission configuration..."
+
+	ynh_app_setting_delete --app=$app --key=unprotected_uris
+
+  is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+
+  if [ $is_public -eq 1 ]; then
+    ynh_permission_update --permission "main" --add "visitors"
+  fi
+
+	ynh_app_setting_delete --app=$app --key=is_public
+
+  ynh_permission_create --permission="admin"
+fi
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -194,6 +211,7 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config_file"
 ynh_replace_string --match_string="__DOMAIN_URI__" --replace_string="$domain$path_url" --target_file="$config_file"
 ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config_file"
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config_file"
 ynh_store_file_checksum "$config_file"
 
 #=================================================
@@ -218,18 +236,6 @@ chown -R $app: "$final_path"
 chmod -R 640 "$final_path"
 find "$final_path" -type d -print0 | xargs -0 chmod 750
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_print_info --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================