From 5a27b787b2ad225bf562c61fde7819f9ffc0361e Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Thu, 2 Mar 2023 00:27:47 +0100 Subject: [PATCH] enh use ldap permission from yunohost instead of wordpress --- conf/plugin_authldap_single.json | 18 +++++++++++++++--- scripts/install | 27 ++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/conf/plugin_authldap_single.json b/conf/plugin_authldap_single.json index 58da926..f92d6da 100644 --- a/conf/plugin_authldap_single.json +++ b/conf/plugin_authldap_single.json @@ -1,10 +1,22 @@ { "Enabled": "1", "URI": "ldap://localhost/ou=users,dc=yunohost,dc=org", - "Filter": "(&(objectclass=posixAccount)(|(uid=%1$s)(mail=%1$s))(permission=cn=wordpress.admin,ou=permission,dc=yunohost,dc=org))", + "Filter": "(&(objectclass=posixAccount)(|(uid=%1$s)(mail=%1$s)))", "NameAttr": "givenName", "SecName": "sn", "UidAttr": "uid", "MailAttr": "mail", - "DefaultRole": "subscriber" -} \ No newline at end of file + "Groups": { + "administrator": "__APP__.admin", + "editor": "", + "author": "", + "contributor": "", + "subscriber": "__APP__.main" + }, + "GroupAttr": "cn", + "GroupFilter": "(&(objectClass=posixGroup)(memberUid=%s))", + "GroupEnable": "1", + "GroupOverUser": "1", + "Version": 1, + "GroupBase": "ou=permission,dc=yunohost,dc=org" +} diff --git a/scripts/install b/scripts/install index a480b2b..9e43560 100644 --- a/scripts/install +++ b/scripts/install @@ -240,9 +240,30 @@ fi ynh_script_progression --message="Activating plugins..." --weight=4 $wpcli_alias plugin activate authldap $plugin_network +# configure the plugin from a json config file +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/plugin_authldap_single.json $wpcli_alias option update authLDAPOptions --format=json < ../conf/plugin_authldap_single.json -# to display the list of all the possibles options, from your server: + +# Set "default user role" as 'subscriber' if no LDAP group found. (Same settings as previous "permission managment" system) +# Setting not included in the "upgrade script" if the setting has been manually changed by an admin in the app. So it is not overwritten by a package upgrade +# TODO: could be asked while installing the package the default setting +$wpcli_alias option patch insert authLDAPOptions DefaultRole "subscriber" +# To display the list of all the possibles options for this plugin, from your server, enter: # $ php8.0 ./wp-cli.phar --path=/var/www/wordpress --allow-root option get authLDAPOptions --json | jq +# ^ you might need to download it from the projet + + +#$wpcli_alias option pluck authLDAPOptions DefaultRole --format=json | jq --raw-output +#is_empty=$($wpcli_alias option pluck authLDAPOptions DefaultRole --format=json | jq --raw-output) +#if [[ -z "$is_empty" ]]; then +# # $var is empty, do what you want +# $wpcli_alias option patch insert authLDAPOptions DefaultRole "subscriber" +#else +# $wpcli_alias option patch update authLDAPOptions DefaultRole "subscriber" +#fi + + + # Do not activate http-authentication, this plugin is sometimes unstable @@ -301,7 +322,11 @@ then fi # Only the admin can access the admin panel of the app +# - "admin" has full rights in the app +# - "main" can login and do almost nothing +# See https://wordpress.org/documentation/article/roles-and-capabilities/ ynh_permission_create --permission="admin" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=$admin_wordpress +ynh_permission_update --permission="main" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=all_users #================================================= # RELOAD NGINX