From 171f37a589cd2b5ca5874a9f89b4fb220ed251e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Mon, 23 Dec 2019 16:13:48 +0100
Subject: [PATCH] Implement migration

---
 .../0015_add_permission_protection.py         | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 src/yunohost/data_migrations/0015_add_permission_protection.py

diff --git a/src/yunohost/data_migrations/0015_add_permission_protection.py b/src/yunohost/data_migrations/0015_add_permission_protection.py
new file mode 100644
index 000000000..1b2965fb0
--- /dev/null
+++ b/src/yunohost/data_migrations/0015_add_permission_protection.py
@@ -0,0 +1,37 @@
+import time
+import os
+
+from moulinette import m18n
+from yunohost.utils.error import YunohostError
+from moulinette.utils.log import getActionLogger
+
+from yunohost.tools import Migration
+from yunohost.permission import user_permission_list, SYSTEM_PERMS
+
+logger = getActionLogger('yunohost.migration')
+
+###################################################
+# Tools used also for restoration
+###################################################
+
+class MyMigration(Migration):
+    """
+        Add protected attribute in LDAP permission
+    """
+
+    required = True
+
+    def run(self):
+
+        from yunohost.utils.ldap import _get_ldap_interface
+        ldap = _get_ldap_interface()
+
+        permission_list = user_permission_list(short=True)
+        
+        for permission in permission_list:
+            if permission in SYSTEM_PERMS:
+                ldap.update('cn=%s,ou=permission' % permission, 'isProtected': "TRUE"})
+            elif permission.end_with(".main"):
+                ldap.update('cn=%s,ou=permission' % permission, 'isProtected': "FALSE"})
+            else:
+                ldap.update('cn=%s,ou=permission' % permission, 'isProtected': "TRUE"})