diff --git a/actions.toml b/actions.toml index d5f7cd1..6a36fd7 100644 --- a/actions.toml +++ b/actions.toml @@ -1,15 +1,3 @@ -[public_private] -name = "Move to public or private" -command = "/bin/bash scripts/actions/public_private" -accepted_return_codes = [0] -description = "Change the public access of the app." - - [public_private.arguments] - [public_private.arguments.is_public] - type = "boolean" - ask = "Is it a public app?" - default = true - [reset_default_nginx] name = "Reset the NGINX config for this app." command = "/bin/bash scripts/actions/reset_default_system nginx" diff --git a/config_panel.toml b/config_panel.toml index 10e11b1..07f014d 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -5,15 +5,6 @@ name = "Wordpress configuration panel" name = "Wordpress configuration" - [main.is_public] - name = "Public access" - - [main.is_public.is_public] - ask = "Is it a public WordPress site?" - type = "boolean" - default = true - - [main.overwrite_files] name = "Overwriting config files" diff --git a/scripts/actions/public_private b/scripts/actions/public_private deleted file mode 100755 index d514a76..0000000 --- a/scripts/actions/public_private +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source /usr/share/yunohost/helpers - -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -# Get is_public -is_public=${YNH_ACTION_IS_PUBLIC} - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF ARGUMENTS ARE CORRECT -#================================================= - -#================================================= -# CHECK IF AN ACTION HAS TO BE DONE -#================================================= - -is_public_old=$(ynh_app_setting_get --app=$app --key=is_public) - -if [ $is_public -eq $is_public_old ] -then - ynh_die --message="is_public is already set as $is_public." --ret_code=0 -fi - -#================================================= -# SPECIFIC ACTION -#================================================= -# MOVE TO PUBLIC OR PRIVATE -#================================================= - -if [ $is_public -eq 0 ]; then - public_private="private" -else - public_private="public" -fi -ynh_script_progression --message="Moving the application to $public_private..." --weight=3 - -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete --app=$app --key=unprotected_uris -else - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - -ynh_script_progression --message="Upgrading SSOwat configuration..." -# Regen ssowat configuration -yunohost app ssowatconf - -# Update the config of the app -ynh_app_setting_set --app=$app --key=is_public --value=$is_public - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Execution completed" --last diff --git a/scripts/actions/reset_default_app b/scripts/actions/reset_default_app index a787de8..b7e8f70 100755 --- a/scripts/actions/reset_default_app +++ b/scripts/actions/reset_default_app @@ -24,7 +24,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) @@ -95,21 +94,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=5 # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: " --max_retry=5 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# Remove skipped_uris if it's still present -ynh_app_setting_delete --app=$app --key=skipped_uris -if [ $is_public -eq 0 ]; then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris -else - # Or replace skipped_uris by unprotected_uris - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/actions/reset_default_system b/scripts/actions/reset_default_system index 0c41e0a..9122755 100755 --- a/scripts/actions/reset_default_system +++ b/scripts/actions/reset_default_system @@ -29,7 +29,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) multisite=$(ynh_app_setting_get --app=$app --key=multisite) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) #================================================= # SPECIFIC ACTION @@ -63,7 +62,7 @@ then elif [ $type == phpfpm ] then # If the app is private, set the usage to low, otherwise to high. - if [ $is_public -eq 0 ] + if [ $(ynh_app_setting_get --app=$app --key=is_public) -eq 0 ] then usage=low else diff --git a/scripts/config b/scripts/config index 36c49ae..318b28c 100644 --- a/scripts/config +++ b/scripts/config @@ -26,10 +26,6 @@ fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir) # If the form has a value for a variable, take the value from the form, # Otherwise, keep the value from the app config. -# is_public -old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)" -is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}" - # Overwrite nginx configuration old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)" overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}" @@ -78,8 +74,6 @@ show_config() { # here you are supposed to read some config file/database/other then print the values # ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" - ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public" - ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx" ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_PHPFPM=$overwrite_phpfpm" @@ -97,17 +91,6 @@ show_config() { apply_config() { - # Change public accessibility - if [ "$is_public" != "$old_is_public" ] - then - if [ "$is_public" = "1" ] - then - yunohost app action run $app public_private --args is_public=1 - else - yunohost app action run $app public_private --args is_public=0 - fi - fi - #================================================= # MODIFY OVERWRITTING SETTINGS #================================================= diff --git a/scripts/install b/scripts/install index 22569b0..66b465f 100644 --- a/scripts/install +++ b/scripts/install @@ -52,7 +52,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=multisite --value=$multisite @@ -140,7 +139,7 @@ ynh_script_progression --message="Installing wordpress with cURL..." --weight=10 chown -R $app: $final_path # Set the app as temporarily public for cURL call -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +ynh_permission_update --permission="main" --add="visitors" # Regen SSOwat configuration yunohost app ssowatconf @@ -150,6 +149,9 @@ ynh_systemd_action --service_name=nginx --action=reload # Wordpress installation ynh_local_curl "/wp-admin/install.php?step=2" "&weblog_title=YunoBlog" "user_name=$admin_wordpress" "admin_password=$db_pwd" "admin_password2=$db_pwd" "admin_email=$admin_wordpress@$domain" "Submit=Install+WordPress" +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + ynh_print_info --message="Please wait during Wordpress installation..." for i in `seq 1 300` do @@ -257,14 +259,19 @@ ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authenticatio #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." --time --weight=1 -if [ $is_public -eq 0 ] +# Make app public if necessary +if [ $is_public -eq 1 ] then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi +# Only the admin can access the admin panel of the app +ynh_permission_create --permission="admin" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=$admin_wordpress + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/restore b/scripts/restore index ecf9787..7672833 100644 --- a/scripts/restore +++ b/scripts/restore @@ -25,7 +25,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) diff --git a/scripts/upgrade b/scripts/upgrade index 004059f..d07ba35 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,7 +20,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) language=$(ynh_app_setting_get --app=$app --key=language) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) multisite=$(ynh_app_setting_get --app=$app --key=multisite) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) @@ -63,15 +62,6 @@ if [ -z "$language" ]; then ynh_app_setting_set --app=$app --key=language --value=$language fi -# Fix is_public as a boolean -if [ "${is_public,,}" = "yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "${is_public,,}" = "no" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # Fix multisite as a boolean if [ "${multisite,,}" = "yes" ]; then ynh_app_setting_set --app=$app --key=multisite --value=1 @@ -110,14 +100,6 @@ if [ -z "$overwrite_phpfpm" ]; then ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm fi -# If the app is private, set the usage to low, otherwise to high. -if [ $is_public -eq 0 ] -then - usage=low -else - usage=high -fi - # If fpm_footprint doesn't exist, create it if [ -z "$fpm_footprint" ]; then fpm_footprint=medium @@ -126,6 +108,13 @@ fi # If fpm_usage doesn't exist, create it if [ -z "$fpm_usage" ]; then + # If the app is private, set the usage to low, otherwise to high. + if [ $(ynh_app_setting_get --app=$app --key=is_public) -eq 0 ] + then + usage=low + else + usage=high + fi fpm_usage=$usage ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi @@ -145,6 +134,18 @@ fi $wpcli_alias plugin is-installed wp-fail2ban && $wpcli_alias plugin deactivate $plugin_network wp-fail2ban && $wpcli_alias plugin uninstall wp-fail2ban $wpcli_alias plugin is-installed wp-fail2ban-redux || $wpcli_alias plugin install wp-fail2ban-redux +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=$admin_wordpress +fi + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -225,7 +226,7 @@ then else multisite=0 plugin_network="" - if [ $is_public -eq 1 ] + if ynh_permission_has_user --permission="main" --user="visitor" then ynh_replace_string --match_string="//--PUBLIC--define" --replace_string="define" --target_file=$final_path/wp-config.php fi @@ -297,21 +298,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=9 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authentication (attempt for unknown user|failure for) .* from " --max_retry=5 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Remove skipped_uris if it's still present -ynh_app_setting_delete --app=$app --key=skipped_uris -if [ $is_public -eq 0 ]; then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris -else - # Or replace skipped_uris by unprotected_uris - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # RELOAD NGINX #=================================================